70-411: BitLocker Protectors

mattsaundersmcpmattsaundersmcp Member Posts: 14 ■□□□□□□□□□
Hello



I have completed the following procedure,

This created the startup key which is fine
Manage-bde -protectors -add C: -startupkey :E


I then encrypted the drive, which also worked
manage-bde -on C:

Rebooted the server, once the server came back up I decided to add another protector

I then ran these commands to add a password protector which worked
$SecureString = ConvertTo-SecureString "SomePassowrdInHere" -AsPlainText -Force
Add-BitLockerKeyProtector -MountPoint C: -PasswordProtector -Password $SecureString

So then I ran
manage-bde -status

You can see the two protectors
2m5jz1e.png

When I reboot the server, I am never prompted to enter a password when the server starts

What did I do wrong?

Comments

  • poolmanjimpoolmanjim MCSE, MCSA: 2016, MCSA: 2012 KC, KS, USAMember Posts: 285 ■■■□□□□□□□
    Do you have the "Computer Configuration \ Administrative Templates \ Windows Components \ BitLocker Drive Encryption \ Operating System Drives \ 'Require additional authentication at startup'" policy enabled and configured?
    2019 Goals: Security+
    2020 Goals: 70-744, Azure
    Completed: MCSA 2012 (01/2016), MCSE: Cloud Platform and Infrastructure (07/2017), MCSA 2017 (09/2017)
    Future Goals: CISSP, CCENT
  • mattsaundersmcpmattsaundersmcp Member Posts: 14 ■□□□□□□□□□
    poolmanjim wrote: »
    Do you have the "Computer Configuration \ Administrative Templates \ Windows Components \ BitLocker Drive Encryption \ Operating System Drives \ 'Require additional authentication at startup'" policy enabled and configured?

    Yes this is enabled

    So I did some testing and I deleted the startup file from the E: drive and then when I rebooted the server it then started to ask for me for the startup password
Sign In or Register to comment.