Powershell and BitLocker - When changing Protectors from Password to TPMandPIN protector are you required to Suspend Powershell and then renable?

I have a Password Encrypted SDD I am moving from an old host (No TPM) to a new one with a TPM installed. I DO (yes do) know my password. I do not want to decrypt and encrypt (I honestly do not want to wait). Am I required to suspend and change the key then resume BitLocker for this? Is it even possible to handle this through Powershell or MUST I use manage-bde? I would like to just put the SSD into the new host. Enter the password. Remove-BitLockerKeyProtector [PasswordProtector], clear keys from TPM, Add-BitLockerKeyProtector [TpmAndPinProtector]. Then create a Recovery Key and store it somewhere (like a USB). Just so everyone knows, I am not on AD. Just trying to do this on my local host. I am trying to learn Powershell scripting, but have not worked CLI with BitLocker before.

C:\> Remove-BitlockerKeyProtector -MountPoint "C:" -PasswordProtector $Password Initialize-TPM -AllowClear Restart-Computer -For Powershell -Delay 15 Add-BitLockerKeyProtector -MountPoint "C:" -TpmAndPinProtector -Pin C:\>Get-BitLockerVolume | Add-BitLockerKeyProtector -RecoveryKeyPath "F:\Recovery\" -RecoveryKeyProtector

Is it really this simple? I mean, when not dealing with AD. I would really not to loose my work before I start. And I am hoping this would not have to decrypt and encrypt the whole drive. Notice I did not use the -usedspaceonly attribute. And as I did not specify the PIN, it should be user entered and saved as a securestring, correct?

5 Reset to default

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like