Enable Bitlocker Disk Encryption Via Scheduled Task
I’ve been working on deploying Bitlocker across our Active Directory domain via a scheduled task. My goals here were as such:
- Enable encryption on any platform which is capable of running it.
- Prepare the disk for encryption (if necessary).
- On some of our devices (HP EliteBooks) the TPM was not enabled by default, so I needed to enable it.
The advantage of using a scheduled task to enable Bitlocker (versus a startup or shutdown script) is that I can configure it to run when the computer is idle. I liked this solution over a startup script because my users on laptops very very rarely reboot their computers, and so startup scripts very very rarely get a chance to run.