@echo off
:: Written by Juan Calderon 22/1/23
::
:: Purpose: To encrypt after MDT built to decommission.
cls

:: if the batch file is not run as admin, quit

net.exe session 1>NUL 2>NUL || (Echo This script requires admin elevated rights, exiting. & echo. & pause & Exit /b 1)

echo This script will perform the following tasks:
echo.
echo – copy new group policy files to enable bitlocker pin requirement
echo – reload the policy
echo – trigger bitlocker encryption
echo – type in the bitlocker pin 8 digits, you will not see your input, verify pin.
echo – forced reboot in 5 secs (give time for encrytion to
echo – on reboot encryption will enable, login and monitor status by clicking on key is desktray.
echo.

::find out what path the batch file is in
set batch_path=%~dp0

::crop the last character and cd into it
cd %batch_path:~0,-1%

:: change drive

cd %CD%

echo This batch file is being run from %batch_path%
echo.

xcopy GroupPolicy\. c:\windows\system32\GroupPolicy\ /s/e/y

gpupdate /force
::manage-bde -on C: -RecoveryKey D: -RecoveryPassword
manage-bde -protectors -add c: -pw
manage-bde -on -usedspaceonly C:
shutdown /r -t 5