question

GauravRanjan-3077 avatar image
0 Votes"
GauravRanjan-3077 asked LuDaiMSFT-0289 answered

Issues related execution of PowerShell script with MS Intune

Hello Everyone,

I have a Powershell script to decrypt the hard drive of a device if the encryption algorithm is other that "XTS AES 256". We have devices encrypted with XTS AES 128 and now we are in a process of encrypting all drives with "XTS AES 256" for which we have to first decrypt and then re-encrypt. We are managing encryption through MS Intune and using PowerShell to commence the decryption process.

Now, the script detects the encryption algorithm and starts the decryption. I have tested the script manually on a device and it is working. I also tested the script execution through system account using PSEXEC. But when I am trying to execute the script through Intune, the status shows Success, but the decryption does not starts. I can also see the success status in the registry but the everytime, the result details in registry are always blank.

this is the script I am using:-


$BitlockerStatus = Get-BitLockerVolume -MountPoint $env:SystemDrive

$status = $BitlockerStatus.VolumeStatus

$algorithm = $BitlockerStatus.EncryptionMethod


if ($status -eq 'FullyEncrypted')
{
#Write-Host $status
if ($algorithm -eq 'XTSAES256')
{

 }
 Else 
 {
     Disable-BitLocker -MountPoint $env:SystemDrive
                    
 }

}

Any help will be highly appreciated.


Thanks,
Gaurav Ranjan

mem-intune-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LuDaiMSFT-0289 avatar image
0 Votes"
LuDaiMSFT-0289 answered

@GauravRanjan-3077 Thanks for posting in our Q&A. From your description, I know that the decryption PowerShell script is deployed successfully via intune, but it doesn't work in the devices. If there is anything misunderstanding, feel free to let us know.

In fact, I haven't met this issue before. Given this situation, it is needed to create an online support ticket to get more accurate help. It is free. Here is the online support link and hope it helpful.
https://docs.microsoft.com/en-us/mem/get-support

Thanks for understanding.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.