Issue to enable BitLocker with a SID-Based Identity protector

Welcome Forums General PowerShell Q&A Issue to enable BitLocker with a SID-Based Identity protector

This topic contains 3 replies, has 2 voices, and was last updated by

 
Keymaster
1 year, 1 month ago.

  • Author
    Posts
  • #78844

    Participant
    Points: 0
    Rank: Member

    Hi everyone,
    I'm facing an issue enabling BitLocker with a SID-Based Identity protector.

    Reading the documentation (https://technet.microsoft.com/en-us/itpro/powershell/windows/bitlocker/enable-bitlocker), i'm trying to follow the example 3 :

    Enable-BitLocker -MountPoint "C:" -EncryptionMethod Aes128 -AdAccountOrGroup "Western\SarahJones" -AdAccountOrGroupProtector

    I just changed the EncryptionMethod by XTSAES256 and I get this error :

    " To turn on BitLocker with a SID-Based Identity protector on this volume, you must provide at least one additional protector for recovery"

    I don't understand what is wrong...

    Thanks a lot and regards

  • #78847

    Keymaster
    Points: 1,524
    Helping HandTeam Member
    Rank: Community Hero

    So, this is what we'd call a "problem," not an "issue" :).

    The difference is likely in how your volumes are configured – yours seem to want a Recovery Key. https://technet.microsoft.com/en-us/library/jj647767(v=ws.11).aspx discusses some of the details of that.

    • #78926

      Participant
      Points: 0
      Rank: Member

      Reading the full help for Add-BitLockerKeyProtector :
      "Active Directory Domain Services (AD DS) account. BitLocker uses domain authentication to unlock data volumes. Operating system volumes cannot use this type of key protector."

      It seems that AD DS account is not compatible with Operating System, the error with Enable-BitLocker seems indicate other thing.

      Is there a way to implement TPM + AD DS account authentication to unlock OS volumes?

      Thanks a lot,
      Best regards

  • #78937

    Keymaster
    Points: 1,524
    Helping HandTeam Member
    Rank: Community Hero

    Sorry – I'm a PowerShell guy but not much of a BL expert.

The topic ‘Issue to enable BitLocker with a SID-Based Identity protector’ is closed to new replies.