70-411: BitLocker Protectors

mattsaundersmcpmattsaundersmcp Member Posts: 14 ■□□□□□□□□□
in MCSA / MCSE on Windows 2012 General
Hello



I have completed the following procedure,

This created the startup key which is fine 
Manage-bde -protectors -add C: -startupkey :E


I then encrypted the drive, which also worked 
manage-bde -on C:

Rebooted the server, once the server came back up I decided to add another protector

I then ran these commands to add a password protector which worked 
$SecureString = ConvertTo-SecureString "SomePassowrdInHere" -AsPlainText -Force

Add-BitLockerKeyProtector -MountPoint C: -PasswordProtector -Password $SecureString

So then I ran 
manage-bde -status

You can see the two protectors
2m5jz1e.png

When I reboot the server, I am never prompted to enter a password when the server starts

What did I do wrong?
· Share on FacebookShare on Twitter

Comments

  • poolmanjimpoolmanjim Member Posts: 285 ■■■□□□□□□□
    Do you have the "Computer Configuration \ Administrative Templates \ Windows Components \ BitLocker Drive Encryption \ Operating System Drives \ 'Require additional authentication at startup'" policy enabled and configured?
    2019 Goals: Security+
    2020 Goals: 70-744, Azure
    Completed: MCSA 2012 (01/2016), MCSE: Cloud Platform and Infrastructure (07/2017), MCSA 2017 (09/2017)
    Future Goals: CISSP, CCENT
    · Share on FacebookShare on Twitter
  • mattsaundersmcpmattsaundersmcp Member Posts: 14 ■□□□□□□□□□
    poolmanjim wrote: »
    Do you have the "Computer Configuration \ Administrative Templates \ Windows Components \ BitLocker Drive Encryption \ Operating System Drives \ 'Require additional authentication at startup'" policy enabled and configured?

    Yes this is enabled

    So I did some testing and I deleted the startup file from the E: drive and then when I rebooted the server it then started to ask for me for the startup password
    · Share on FacebookShare on Twitter
Sign In or Register to comment.