BitLocker Series Part 4: Moving from Auto-Unlock to Manual Security

# 1. Ask the user for the password manually
$UserPass = Read-Host "Enter the password to lock this Fixed Drive" -AsSecureString

# 2. Enable BitLocker with the Password Protector
# We REMOVE the -AutoUnlock flag to ensure it stays locked until the password is typed
Enable-BitLocker -MountPoint "D:" -PasswordProtector $UserPass -UsedSpaceOnly -SkipHardwareTest

# 3. Key upload to AD (Critical for your Forensic/Admin role)
$keyID = Get-BitLockerVolume -MountPoint "D:" | select -ExpandProperty keyprotector | 
            where {$_.KeyProtectorType -eq 'RecoveryPassword'}
Backup-BitLockerKeyProtector -MountPoint "D:" -KeyProtectorId $keyID.KeyProtectorId

Leave a Reply

Your email address will not be published. Required fields are marked *