Configuring BitLocker in Intune - Part 3 testing the scripts

[anyweb]

You may have already seen Part 2 of this series where you can automate BitLocker encryption in Intune using supplied MSI's, which contain logging, reboot prompt and other features.

I've put together this video to show you how you can test the PowerShell scripts contained within the two MSI's here. This allows you to test the scripts outside of Intune, and when you are happy with the results you can re-package them and deploy the MSI via Intune.

The video shows you how to use Psexec to start a process (in this example it's CMD.EXE) as SYSTEM.

psexec.exe /s /i cmd.exe

After starting the cmd prompt as SYSTEM, you can launch powershell. Next, browse to the folder where the scripts are, by default it's C:\Program Files (x86)\BitLockerTrigger and launch Enable_BitLocker.ps1.

After the TriggerBitlocker msi is installed by Intune on a Windows AutoPilot enrolled device, the PowerShell script will run via the Scheduled Task as SYSTEM, so this method of testing is a valid way to verify any changes you add to the PowerShell script before repackaging it as an MSI.

To see the video click below, have a look and happy troubleshooting.

cheers

niall

 

 

[DimZen]

Hi,

I'm  a bit new to all this...

I'm trying to run BitlockerTriggerUser on 2 Danish Windows 10 1803 installations, one on a Dell laptop and the other on a vm in Vmware Fusion with TPM enabled.
Both using Autopilot with the user not admin.

On the Dell laptop BitlockerTriggerUser runs fine, the HD gets Bitlocked.

But on the vm, nothing happens ?
In c:\windows\temp there's no log-file, but in scheduled tasks MoveKeyToOD4B is set to run at 14:00

If I try manuel run the script with PsExec, as in the video, the script can't be run, because running scripts is disabled on this system.
If I run Set-ExecutionPolicy Unrestricted, the script runs fine. 

But why? ?

Edit:

Just tried on Hyper-V, the same thing happens, as on VMware Fusion ?

Edited May 19, 2018 by DimZen
New info