Skip to main content
Question

Enforce a user login to bitlocker recovery

  • November 1, 2024
  • 2 replies
  • 32 views

Forum|alt.badge.img

Hi Folks,

 

Has anyone did this before? We have a need to enforce the windows laptop of user to bitlocker recovery screen.

We have tried few scripts however when the machine has customised laptop hostname or netbios name it keeps failing.

 

Can someone help

2 replies

Forum|alt.badge.img
  • Automox Employee
  • 129 replies
  • November 1, 2024

Hi Arunchandar,

Is grabbing the device name necessary? Since the Worklet is executing locally on the endpoint and the Activity Log contains the name of the endpoint I would just recommended skipping that part if it appears to cause an issue.


We did something similar using the following code. We cleared cached credentials and forced bitlocker recovery… 

Evaluation Code

<#
.SYNOPSIS
    Clear cached credentials, force bitlocker recovery and reboot computer
    OS Support: Windows
    Supported Powershell Versions: 2.0+
    Required modules: NONE
.DESCRIPTION
 Clear cached credentials, force bitlocker recovery and reboot computer
.NOTES
    Author: Your Name
    Date: Your Date
#>
exit 1

 

Remediation Code

# Delete all values in the CACHE registry key
reg delete "HKEY_LOCAL_MACHINE\SECURITY\CACHE" /va /f

# Force BitLocker recovery on drive C:
$scriptBlock = {
$hostname = hostname
manage-bde -forcerecovery C: -computername $hostname
}

& "$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptBlock

echo " "
echo "Internal IT - Forced TPM reset"

Restart-Computer -Force

Exit 0

 


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings