daknetworks.com

DISM.exe /Online /add-capability /CapabilityName:Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0 /CapabilityName:Rsat.BitLocker.Recovery.Tools~~~~0.0.1.0 /CapabilityName:Rsat.CertificateServices.Tools~~~~0.0.1.0 /CapabilityName:Rsat.DHCP.Tools~~~~0.0.1.0 /CapabilityName:Rsat.Dns.Tools~~~~0.0.1.0 /CapabilityName:Rsat.FailoverCluster.Management.Tools~~~~0.0.1.0 /CapabilityName:Rsat.FileServices.Tools~~~~0.0.1.0 /CapabilityName:Rsat.GroupPolicy.Management.Tools~~~~0.0.1.0 /CapabilityName:Rsat.IPAM.Client.Tools~~~~0.0.1.0 /CapabilityName:Rsat.LLDP.Tools~~~~0.0.1.0 /CapabilityName:Rsat.NetworkController.Tools~~~~0.0.1.0 /CapabilityName:Rsat.NetworkLoadBalancing.Tools~~~~0.0.1.0 /CapabilityName:Rsat.RemoteAccess.Management.Tools~~~~0.0.1.0 /CapabilityName:Rsat.RemoteDesktop.Services.Tools~~~~0.0.1.0 /CapabilityName:Rsat.ServerManager.Tools~~~~0.0.1.0 /CapabilityName:Rsat.Shielded.VM.Tools~~~~0.0.1.0 /CapabilityName:Rsat.StorageReplica.Tools~~~~0.0.1.0 /CapabilityName:Rsat.VolumeActivation.Tools~~~~0.0.1.0 /CapabilityName:Rsat.WSUS.Tools~~~~0.0.1.0 /CapabilityName:Rsat.StorageMigrationService.Management.Tools~~~~0.0.1.0 /CapabilityName:Rsat.SystemInsights.Management.Tools~~~~0.0.1.0

DISM.exe /Online /add-capability /CapabilityName:Rsat.BitLocker.Recovery.Tools~~~~0.0.1.0

Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools

:: Get Bitlocker status:
manage-bde -status

:: Get Bitlocker status powershell:
Get-BitLockerVolume -MountPoint "C:"

:: Suspend Bitlocker for a drive:
manage-bde -protectors -disable C:

:: Suspend Bitlocker for a drive powershell:
Suspend-BitLocker -MountPoint "C:" -RebootCount 0

:: Resume Bitlocker for a drive:
manage-bde –resume C:

:: Resume Bitlocker for a drive powershell:
Resume-BitLocker -MountPoint "C:"

:: Enable Bitlocker for a drive:
manage-bde -protectors -enable C:

:: Enable Bitlocker for a drive powershell:
Enable-BitLocker C:

:: Encrypt the used space only, skip the hardware test and store the recovery password in the Active Directory:
Enable-Bitlocker -MountPoint c: -UsedSpaceOnly -SkipHardwareTest -RecoveryPasswordProtector

::Powershell command on device to get the status of the local volume (ie C drive):
get-bitlockervolume
get-bitlockervolume |fl

:: Powershell command on device to get the RecoveryPassword
(Get-BitLockerVolume).KeyProtector

NOTES:
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer
https://4sysops.com/archives/enable-bitlocker-with-powershell/
https://4sysops.com/archives/configure-and-enabling-bitlocker-on-windows-server/
https://4sysops.com/archives/store-and-retrieve-bitlocker-recovery-keys-from-active-directory/
https://www.rebeladmin.com/2019/09/step-step-guide-enable-bitlocker-cloud-managed-windows-10-devices-using-microsoft-intune/