Subscribe to Help Center RSS FeedIf you're troubleshooting an issue with BitLocker on a device, you can use this script to collect all relevant information about a device’s BitLocker status in a single operation.
You can run this script locally on a device, or remotely via a Windows PowerShell JumpCloud Command. It returns all data needed to help understand why BitLocker isn't functioning correctly.
- See Creating a Command Manually to learn how to leverage JumpCloud Commands to run the script remotely.
- See Troubleshoot: BitLocker Policy for Windows Devices to learn more about specific scenarios that may cause the policy to fail.
Diagnose BitLocker Script:
# = = = = [To Diagnose BitLocker Status on System and HW Requirements] = = = = =
Echo "===Verify TPM Chip details==="
get-tpm
Echo "===Verify Supported TPM Chip Features==="
get-tpmsupportedfeature
Echo "===Verify Encryption Status==="
manage-bde -Status
Echo "===Verify HW Platform==="
get-WmiObject win32_bios
Echo "===Verify HW Model Components==="
gwmi win32_baseboard | FL Product,Manufacturer,SerialNumber,Version
Echo "===Verify Boot Configuration==="
bcdedit
Echo "===Verify SecureBootStatus==="
confirm-SecureBootUEFI
# = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
# = = = = = = = = [To Obtain the Recovery Key if it exists] = = = = = = = = =
Echo "===Obtain Bitlocker Recovery Key if present==="
$BitlockerVolumes = Get-BitLockerVolume
$BitlockerVolumes |
ForEach-Object {
$MountPoint = $_.MountPoint
$RecoveryKey = [string]($_.KeyProtector).RecoveryPassword
if ($RecoveryKey.Length -gt 5) {
Write-Output ("The drive $MountPoint has a recovery key $RecoveryKey.")
}
}
# = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Learn More