I hope somebody here has run into the same issue as myself.
Oddities running my Powershell script to enable Bitlocker, appears to get to 95% sometimes however most times it fails.
OS - Windows 10 Professional 1809 GPO - Running Microsoft's best practices
I've been reading multiple forums and Windows best practices for setting Bitlocker via Powershell, none seem to have the specific answer
Enable-BitLocker -MountPoint "C:" -EncryptionMethod Aes256 -RecoveryKeyPath "Valid Path" -RecoveryKeyProtector
do
{
$Volume = Get-BitLockerVolume -MountPoint C:
Write-Progress -Activity "Encrypting volume $($Volume.MountPoint)" -Status "Encryption Progress:" -PercentComplete $Volume.EncryptionPercentage
Start-Sleep -Seconds 1
}
until ($Volume.VolumeStatus -eq 'FullyEncrypted')
####################################################################
"Valid Path" refers to a valid UNC path with valid credentials.
The output seems to come back with:
#################################################################
Enable-BitLockerInternal : Value does not fall within the expected range.
At C:\windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psm1:3733 char:48
+ ... eInternal = Enable-BitLockerInternal -MountPoint $BitLockerVolumeInte ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException,Enable-BitLockerInternal
I believe this happens with self-encrypting drives using an encryption method below what is required by Group Policy.
My fix:
manage-bde -off C:
Delete the files in C:\\Windows\\System32\\Recovery
Wait for it to decrypt
Re-run enable-bitlocker
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.