Configure BitLocker with GPO

Settings for BitLocker can be found under:

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption.

I’m not going to go into a lot of detail here since every organization is different. The main thing I always do is make sure that the BitLocker keys are stored in AD.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
$SetSplat = @{
    Name = 'Your BitLocker Policy'
    Key  = 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE'
    Type = 'DWord'
}

# turn on active directory backup of recovery passwords and key packages
Set-GPRegistryValue @SetSplat -ValueName 'ActiveDirectoryBackup' -Value 1
Set-GPRegistryValue @SetSplat -ValueName 'RequireActiveDirectoryBackup' -Value 1
Set-GPRegistryValue @SetSplat -ValueName 'ActiveDirectoryInfoToStore' -Value 1

# configure fix disk recovery to store keys in AD and prevent encryption until the key is stored
Set-GPRegistryValue @SetSplat -ValueName 'FDVRecovery' -Value 1
Set-GPRegistryValue @SetSplat -ValueName 'FDVManageDRA' -Value 1
Set-GPRegistryValue @SetSplat -ValueName 'FDVRecoveryPassword' -Value 2
Set-GPRegistryValue @SetSplat -ValueName 'FDVRecoveryKey' -Value 2
Set-GPRegistryValue @SetSplat -ValueName 'FDVHideRecoveryPage' -Value 1
Set-GPRegistryValue @SetSplat -ValueName 'FDVActiveDirectoryBackup' -Value 1
Set-GPRegistryValue @SetSplat -ValueName 'FDVActiveDirectoryInfoToStore' -Value 1
Set-GPRegistryValue @SetSplat -ValueName 'FDVRequireActiveDirectoryBackup' -Value 1

# configure OS disk recovery to store keys in AD and prevent encryption until the key is stored
Set-GPRegistryValue @SetSplat -ValueName 'OSRecovery' -Value 1
Set-GPRegistryValue @SetSplat -ValueName 'OSManageDRA' -Value 1
Set-GPRegistryValue @SetSplat -ValueName 'OSRecoveryPassword' -Value 2
Set-GPRegistryValue @SetSplat -ValueName 'OSRecoveryKey' -Value 2
Set-GPRegistryValue @SetSplat -ValueName 'OSHideRecoveryPage' -Value 1
Set-GPRegistryValue @SetSplat -ValueName 'OSActiveDirectoryBackup' -Value 1
Set-GPRegistryValue @SetSplat -ValueName 'OSActiveDirectoryInfoToStore' -Value 1
Set-GPRegistryValue @SetSplat -ValueName 'OSRequireActiveDirectoryBackup' -Value 1

# configure removable disk recovery to store keys in AD and prevent encryption until the key is stored
Set-GPRegistryValue @SetSplat -ValueName 'RDVRecovery' -Value 1
Set-GPRegistryValue @SetSplat -ValueName 'RDVManageDRA' -Value 1
Set-GPRegistryValue @SetSplat -ValueName 'RDVRecoveryPassword' -Value 2
Set-GPRegistryValue @SetSplat -ValueName 'RDVRecoveryKey' -Value 2
Set-GPRegistryValue @SetSplat -ValueName 'RDVHideRecoveryPage' -Value 1
Set-GPRegistryValue @SetSplat -ValueName 'RDVActiveDirectoryBackup' -Value 1
Set-GPRegistryValue @SetSplat -ValueName 'RDVActiveDirectoryInfoToStore' -Value 1
Set-GPRegistryValue @SetSplat -ValueName 'RDVRequireActiveDirectoryBackup' -Value 1

Configure Group Policy Preference to Deploy BitLocker

The Scheduled Tasks preferences we will use to deploy BitLocker are located under:

Computer Configuration > Preferences > Control Panel Settings > Scheduled Tasks

What are we doing?

We are going to create an Immediate Task that runs manage-bde.exe only if:

  1. The computer is a laptop
  2. A specific drive is un-encrypted (and not currently being encrypted)

The Task Definition

The task definition is pretty straight forward. We will run:

1
manage-bde.exe -on <DriveLetter>: -recoverypassword -skiphardwaretest

The magic happens on the Item-level targeting, here is where we do our checks.

First we create a WMI Query to select only laptop computers:

1
SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2

Then we create a second WMI Query to select the encrypted status for a specific drive:

1
SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter="<DriveLetter>:" AND VolumeType < 2 AND ProtectionStatus=0 AND ConversionStatus=0

Pulling it Together

So, now you just have to do that 26 times…

Just kidding!

Pre-Build XML Scheduled Tasks:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<?xml version="1.0"?>
<ScheduledTasks clsid="{CC63F200-7309-4ba0-B154-A71CD118DBCC}">
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - C Drive" image="0" changed="2022-07-28 14:23:34" uid="e78e5fcf-c535-41e2-b10a-3c2ef7103957" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on C: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;C:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - D Drive" image="0" changed="2022-07-28 14:23:34" uid="c73765ef-2d87-4450-a25c-fef7f2343291" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on D: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;D:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - E Drive" image="0" changed="2022-07-28 14:23:34" uid="16db6ce5-93eb-43a2-ad3b-92542fd1a47e" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on E: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;E:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - F Drive" image="0" changed="2022-07-28 14:23:34" uid="a2808e72-11cd-4d98-b468-47d40069f1d3" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on F: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;F:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - G Drive" image="0" changed="2022-07-28 14:23:34" uid="1595b805-4abf-4c90-bd36-b8613ab24123" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on G: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;G:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - H Drive" image="0" changed="2022-07-28 14:23:34" uid="3aec21b6-eaab-4a5b-8cf5-9888a6375949" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on H: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;H:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - I Drive" image="0" changed="2022-07-28 14:23:34" uid="f5469bd1-abf8-47ad-97c5-995b20e1dd61" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on I: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;I:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - J Drive" image="0" changed="2022-07-28 14:23:34" uid="5d3a8dab-fcae-43eb-82b5-38a4092a2eac" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on J: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;J:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - K Drive" image="0" changed="2022-07-28 14:23:34" uid="01a725db-621f-4bd8-94a1-9bb67c130832" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on K: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;K:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - L Drive" image="0" changed="2022-07-28 14:23:34" uid="7f41e16a-3bcf-4bdd-9e74-277011b29f1c" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on L: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;L:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - M Drive" image="0" changed="2022-07-28 14:23:34" uid="a914cf28-3e94-4c9d-9080-370d2b2fc5d0" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on M: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;M:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - N Drive" image="0" changed="2022-07-28 14:23:34" uid="a82bce91-f281-4e7b-b96d-03dba8fa5fac" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on N: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;N:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - O Drive" image="0" changed="2022-07-28 14:23:34" uid="dc74537c-5ad8-49e6-bd91-a9c899af8456" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on O: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;O:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - P Drive" image="0" changed="2022-07-28 14:23:34" uid="cab9f2f1-0870-4971-a7f1-ba5710f57faf" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on P: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;P:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - Q Drive" image="0" changed="2022-07-28 14:23:34" uid="305d4476-5a0e-486d-a60b-9cf5dfe7f302" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on Q: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;Q:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - R Drive" image="0" changed="2022-07-28 14:23:34" uid="d6ac4a6a-548e-4043-bbb2-cf0f16ff2adf" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on R: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;R:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - S Drive" image="0" changed="2022-07-28 14:23:34" uid="0f159325-04fa-41e3-a8d6-46228f8c89c8" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on S: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;S:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - T Drive" image="0" changed="2022-07-28 14:23:34" uid="4e9483f9-219b-4f91-94ef-148f8d063c1a" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on T: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;T:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - U Drive" image="0" changed="2022-07-28 14:23:34" uid="ef2aaf6c-9fa9-4255-95c5-0a8f0c1a8aeb" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on U: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;U:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - V Drive" image="0" changed="2022-07-28 14:23:34" uid="2d46dae9-0d13-401a-9c12-b2b84d9d3847" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on V: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;V:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - W Drive" image="0" changed="2022-07-28 14:23:34" uid="bb0ee948-4239-4b72-9da2-98f3ec92980d" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on W: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;W:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - X Drive" image="0" changed="2022-07-28 14:23:34" uid="a1504299-4adf-4606-aaca-46a858d94872" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on X: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;X:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - Y Drive" image="0" changed="2022-07-28 14:23:34" uid="d180ee83-a6bd-453d-a6e3-ed6837def465" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on Y: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;Y:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
<ImmediateTaskV2 clsid="{9756B581-76EC-4169-9AFC-0CA8D43ADB5F}" name="BitLocker Encryption - Z Drive" image="0" changed="2022-07-28 14:23:34" uid="0567d4da-12f5-4fd1-a43b-0fecb5dffd90" disabled="0" userContext="0" removePolicy="0"><Properties action="C" name="BitLocker Encryption - C Drive" runAs="NT AUTHORITY\System" logonType="InteractiveToken"><Task version="1.3"><RegistrationInfo><Author>github.com\realslacker</Author><Description/></RegistrationInfo><Principals><Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>InteractiveToken</LogonType><RunLevel>HighestAvailable</RunLevel></Principal></Principals><Settings><IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><StartWhenAvailable>true</StartWhenAvailable><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>PT0S</ExecutionTimeLimit><Priority>7</Priority><DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter></Settings><Actions Context="Author"><Exec><Command>manage-bde.exe</Command><Arguments>-on Z: -recoverypassword -skiphardwaretest</Arguments></Exec></Actions><Triggers><TimeTrigger><StartBoundary>%LocalTimeXmlEx%</StartBoundary><EndBoundary>%LocalTimeXmlEx%</EndBoundary><Enabled>true</Enabled></TimeTrigger></Triggers></Task></Properties><Filters><FilterWmi bool="AND" not="0" query="SELECT PCSystemType FROM Win32_ComputerSystem WHERE PCSystemType=2" nameSpace="Root\cimv2" property="" variableName=""/><FilterWmi bool="AND" not="0" query="SELECT DriveLetter FROM Win32_EncryptableVolume WHERE DriveLetter=&quot;Z:&quot; AND VolumeType &lt; 2 AND ProtectionStatus=0 AND ConversionStatus=0" nameSpace="root\CIMv2\Security\MicrosoftVolumeEncryption" property="DriveLetter" variableName=""/></Filters></ImmediateTaskV2>
</ScheduledTasks>

Just open the Group Policy Scheduled Tasks preference panel and paste the XML content into the window.