Your network contains an Active Directory domain named contoso.com. The domain
contains a virtual machine named Server1 that runs Windows Server 2012 R2.
Server1 has a dynamically expanding virtual hard disk that is mounted to drive E.
You need to ensure that you can enable BitLocker Drive Encryption (BitLocker) on drive E.
Which command should you run?
A.
manage-bde -protectors -add c: -startup e:
B.
manage-bde -lock e:
C.
manage-bde -protectors -add e: -startupkey c:
D.
manage-bde -on e:
Explanation:
Manage-bde: on
Encrypts the drive and turns on BitLocker.
Example:The following example illustrates using the -on command to turn on BitLocker for drive C and
add a recovery password to the drive.
manage-bde –on C: -recoverypassword
I think it’s wrong, I tried this command on dynamically expanding disk and got an error:
“BitLocker Drive Encryption only supports Used Space Only encryption on thin prov
isioned storage.”
I tried this same command, having the same error message (dynamically expanding disk).
Adding the switch -UsedSpaceOnly did the trick, and the disk is being encrypted.
So, not sure what’s the right answer :
If you do :
manage-bde -on e: -UsedSpaceOnly
it works.
I also tried option C (as stated on my anser on April 20), and IT DOES NOT WORK.
So, I’m at a loss now.
I would make the argument that it’s C simply because they explicitly say it’s a thin provisioned drive but D does NOT include -UsedSpaceOnly.
https://technet.microsoft.com/en-us/library/ff829873.aspx
Doesn’t work!
PS C:\Windows\system32> manage-bde -on a:
BitLocker Drive Encryption: Configuration Tool version 6.1.7601
Copyright (C) Microsoft Corporation. All rights reserved.
Volume A: [New Volume]
[Data Volume]
ERROR: An error occurred (code 0x8031002e):
BitLocker Drive Encryption cannot encrypt the specified drive because an encryption key is not available. Add a key prot
ector to encrypt this drive.
PS C:\Windows\system32>
This is test from my pc.
C works!
I think answer is C
because the question says “You need to ensure that you can enable BitLocker”
and, as Ward says : an encryption key is not available. Add a key prot
ector to encrypt this drive
and the way to add a key protector is :
manage-bde -protectors -add e: -startupkey c:
the parameter “startupkey” Adds an external key protector for startup and “c:” is the path of the startup key .
agreed, they don’t ask to enable bitlocker, just making sure you can enable it.
I’m with the C sayers, D does not work unless adding parameter “-used”, but it’s not included in this answer.
For my understanding of:
https://technet.microsoft.com/en-us/library/jj647767.aspx
it does not make sense just to turn on Bitlocker omitting a protector.
So answer C worked for me in lab, and then I could enable encryption with “-on e: -used”
A. Wrong syntax with startup. Also E is the drive to encrypt. B. -lock is not part of the command. C. is the command to create the startup key for bit locker to run. D. Turns Bitlocker on.
You need to *ensure* that you can enable BitLocker Drive Encryption (BitLocker) on drive E.
Which command should you run? It does not say it needs to be engaged, notice, just that it is possible to run.
from https://technet.microsoft.com/en-us/library/jj647767.aspx
The following example illustrates enabling BitLocker on a computer without a TPM chip.
manage-bde –protectors -add C: -startupkey E:
OR
manage-bde -protectors -add C: -pw -sid
AND
manage-bde -on C:
How do you *ensure* that you can enable Bitlocker? I think you’ll definitely need encryption. So, C.
on the other hand D. would actually turn Bitlocker on and therefore it would tell you if you can enable Bitlocker.