Jump to content











Photo

BITLOCKER: Use BDE command to set -reboot count from WinPE?


  • Please log in to reply
No replies to this topic

#1 Rootman

Rootman

    Frequent Member

  • Advanced user
  • 314 posts
  • Location:USA

Posted A week ago

Does anyone know of a way to use this command from within a WinPE environment to set Bitlocker to NOT ask for a PIN X number of times?  I can unlock the drive using the recovery password while in WinPE, I just can't issue the -rebootcount command and have it work while booted from WinPE. . 

 

I can run the command fine when booted to the real OS after unlocking the OS drive with the recovery key at boot time, what I can't do is use the -rebootcount command from WinPE,  it complains that the drive specified is not the OS drive - because I didn't boot from the actual OS.  The SSDs OS drive IS actually the C; drive in all cases. It's unlocked and accessible already too.

 

Does anyone know how to enter a command like below from within WinPE to keep BDE from asking for a PIN 10 times in a row?  It would make my life a lot easier.  

manage-bde -protectors -disable C: -rebootcount 10

I tried resetting all the environmental variables to show C: as the OS drive and then run the command - still nada. I can fully DECRYPT the drive to avoid this, I'd rather just use the -rebootcount in order to no to mess with the users choice of BDE PINs. The way our domain policy is set it also does not force the user to reset the PIN once the drive is unencrypted either, so I have to coach the user to reset it - something else I want to avoid. 

 

Anyone have any ideas? 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users