70-411: BitLocker Protectors

Hello

I have completed the following procedure,

This created the startup key which is fine

Manage-bde -protectors -add C: -startupkey :E

I then encrypted the drive, which also worked

manage-bde -on C:

Rebooted the server, once the server came back up I decided to add another protector

I then ran these commands to add a password protector which worked

$SecureString = ConvertTo-SecureString "SomePassowrdInHere" -AsPlainText -Force

Add-BitLockerKeyProtector -MountPoint C: -PasswordProtector -Password $SecureString

So then I ran

manage-bde -status

You can see the two protectors

When I reboot the server, I am never prompted to enter a password when the server starts

What did I do wrong?

Find more posts tagged with

Comments

poolmanjim

Do you have the "Computer Configuration \ Administrative Templates \ Windows Components \ BitLocker Drive Encryption \ Operating System Drives \ 'Require additional authentication at startup'" policy enabled and configured?

mattsaundersmcp

poolmanjim wrote: »

Do you have the "Computer Configuration \ Administrative Templates \ Windows Components \ BitLocker Drive Encryption \ Operating System Drives \ 'Require additional authentication at startup'" policy enabled and configured?

Yes this is enabled

So I did some testing and I deleted the startup file from the E: drive and then when I rebooted the server it then started to ask for me for the startup password