Hi Folks,
Has anyone did this before? We have a need to enforce the windows laptop of user to bitlocker recovery screen.
We have tried few scripts however when the machine has customised laptop hostname or netbios name it keeps failing.
Can someone help
Hi Arunchandar,
Is grabbing the device name necessary? Since the Worklet is executing locally on the endpoint and the Activity Log contains the name of the endpoint I would just recommended skipping that part if it appears to cause an issue.
We did something similar using the following code. We cleared cached credentials and forced bitlocker recovery…
Evaluation Code
<#
.SYNOPSIS
Clear cached credentials, force bitlocker recovery and reboot computer
OS Support: Windows
Supported Powershell Versions: 2.0+
Required modules: NONE
.DESCRIPTION
Clear cached credentials, force bitlocker recovery and reboot computer
.NOTES
Author: Your Name
Date: Your Date
#>
exit 1
Remediation Code
# Delete all values in the CACHE registry key
reg delete "HKEY_LOCAL_MACHINE\SECURITY\CACHE" /va /f
# Force BitLocker recovery on drive C:
$scriptBlock = {
$hostname = hostname
manage-bde -forcerecovery C: -computername $hostname
}
& "$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptBlock
echo " "
echo "Internal IT - Forced TPM reset"
Restart-Computer -Force
Exit 0
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.