I have a Password Encrypted SDD I am moving from an old host (No TPM) to a new one with a TPM installed. I DO (yes do) know my password. I do not want to decrypt and encrypt (I honestly do not want to wait). Am I required to suspend and change the key then resume BitLocker for this? Is it even possible to handle this through Powershell or MUST I use manage-bde? I would like to just put the SSD into the new host. Enter the password. Remove-BitLockerKeyProtector [PasswordProtector], clear keys from TPM, Add-BitLockerKeyProtector [TpmAndPinProtector]. Then create a Recovery Key and store it somewhere (like a USB). Just so everyone knows, I am not on AD. Just trying to do this on my local host. I am trying to learn Powershell scripting, but have not worked CLI with BitLocker before.
C:\> Remove-BitlockerKeyProtector -MountPoint "C:" -PasswordProtector $Password Initialize-TPM -AllowClear Restart-Computer -For Powershell -Delay 15 Add-BitLockerKeyProtector -MountPoint "C:" -TpmAndPinProtector -Pin C:\>Get-BitLockerVolume | Add-BitLockerKeyProtector -RecoveryKeyPath "F:\Recovery\" -RecoveryKeyProtectorIs it really this simple? I mean, when not dealing with AD. I would really not to loose my work before I start. And I am hoping this would not have to decrypt and encrypt the whole drive. Notice I did not use the -usedspaceonly attribute. And as I did not specify the PIN, it should be user entered and saved as a securestring, correct?
5 Reset to default