Windows PowerShell cmdlets give an alternative way to do business with BitLocker. Using Window PowerShell’s scripting potential, administrators normally put BitLocker alternatives on the established texts with ease. The list less than screens the brand new readily available BitLocker cmdlets.
Exactly like do-bde, brand new Screen PowerShell cmdlets allow it to be arrangement beyond the options offered in the latest control panel. Just as in create-bde, pages need certainly to check out the particular demands of frequency they try encrypting in advance of running Screen PowerShell cmdlets.
An effective first faltering step is to determine the modern condition away from the volume(s) using the pc. You can do this utilising the Score-BitLocker frequency cmdlet. The brand new yields out of this cmdlet screens information on the amount sorts of, protectors, safeguards standing, or other helpful tips.
Sometimes, most of the protectors may not be revealed when using Get-BitLockerVolume on account of insufficient area on the output screen. If you do not see every protectors to have a beneficial regularity, you need this new Window PowerShell pipe demand (|) to format a listing of new protectors.
When the there are many than four protectors for an amount, the brand new tube command will get lack display screen place. Getting quantities along with four protectors, utilize the strategy demonstrated on section less than to produce a good a number of all protectors that have protector ID.
If you wish to get rid of the present protectors in advance of provisioning BitLocker on the volume, you need the fresh new Lose-BitLockerKeyProtector cmdlet. Carrying this out task requires the GUID of this protector in order to come off. An easy program can tubing the prices of each Rating-BitLockerVolume come back out to some other changeable because the viewed less than:
With this program, we can display what regarding the $keyprotectors changeable to find the GUID per guardian. With this specific guidance, we are able to up coming get rid of the secret guardian for a particular regularity utilising the command:
New BitLocker cmdlet necessitates the secret protector GUID shut when you look at the price scratches to perform. Make sure the whole GUID, with braces, is roofed throughout the demand.
Os’s volume
With the BitLocker Windows PowerShell cmdlets is a lot like dealing with the latest create-bde product getting encrypting systems amounts. Windows PowerShell now offers profiles many self-reliance. Such as for instance, profiles can also add the necessary guardian as part command to possess encrypting the amount. Here are examples of common user issues and you may measures to do them utilizing the BitLocker cmdlets for Windows PowerShell.
Brand new example lower than adds one to even more guardian, the newest StartupKey protectors, and you can chooses to skip the BitLocker tools shot. Contained in this example, encoding starts immediately without needing a great reboot.
Study volume
Analysis frequency security using Window PowerShell matches to own systems quantities. Range from the wished protectors in advance of encrypting the volume. The second example contributes a password protector for the E: volume utilising the changeable $pw since the code. New $pw changeable was stored because the a good SecureString value to keep the brand new user-discussed password. Last, security starts.
Having fun with an enthusiastic SID-oriented guardian into the Windows PowerShell
The brand new ADAccountOrGroup protector are an active Directory SID-created guardian. It guardian is put in both os’s and analysis quantities, although it doesn’t open operating systems volumes regarding the pre-boot ecosystem. New protector necessitates the SID with the domain account or class to help you connection to the guardian. BitLocker can safeguard a group-alert disk adding a keen look through this site SID-dependent guardian to the Party Title Target (CNO) one to lets brand new drive safely failover and get unlocked to your affiliate computer system of one’s party.
Brand new SID-centered protector necessitates the entry to an additional guardian (including TPM, PIN, recuperation key, etcetera.) whenever placed on systems volumes.
To include a keen ADAccountOrGroup guardian in order to a quantity, you need either the genuine domain name SID and/or classification title preceded from the domain and you may a great backslash. Regarding analogy less than, the latest CONTOSO\Officer account try additional just like the a guard to the analysis volume G.