Windows PowerShell cmdlets render a new way to do business with BitLocker. Playing with Window PowerShell’s scripting potential, administrators normally consist of BitLocker possibilities to your current texts with ease. The list less than displays new offered BitLocker cmdlets.
Exactly like manage-bde, new Windows PowerShell cmdlets allow setup beyond the solutions available in the brand new panel. Like with manage-bde, users need certainly to consider the certain need of your own frequency they are encrypting in advance of powering Windows PowerShell cmdlets.
Good first rung on the ladder is to try to determine the modern state of the quantity(s) using the pc. You can do this with the Rating-BitLocker frequency cmdlet. New yields out of this cmdlet screens information on the quantity type of, protectors, shelter standing, and other useful information.
Sporadically, all of the protectors is almost certainly not shown while using the Get-BitLockerVolume on account of diminished space about productivity display screen. If you don’t come across all protectors to have an effective regularity, you need the brand new Windows PowerShell tubing demand (|) so you can style a listing of the brand new protectors.
In the event that there are more than just four protectors having a volume, the new tubing command could possibly get use up all your screen room. To possess quantities with well over five protectors, utilize the method explained on the area below to generate a beneficial list of most of the protectors that have guardian ID.
Should you want to take away the present protectors ahead of provisioning BitLocker with the frequency, you are able to the fresh new Eradicate-BitLockerKeyProtector cmdlet. Carrying this out activity requires the GUID on the protector to help you go off. An easy program can be tube the costs of each and every Rating-BitLockerVolume come back off to some other varying since the seen less than:
Using this type of script, we could display screen all the details on the $keyprotectors variable to determine the GUID for each and every guardian. With this specific suggestions, we could then get rid of the trick guardian having a certain frequency making use of the demand:
The brand new BitLocker cmdlet requires the secret protector GUID enclosed into the price scratching to do. Make sure the entire GUID, having braces, is roofed from the command.
Os’s frequency
By using the BitLocker Window PowerShell cmdlets is a lot like handling the fresh perform-bde device to possess encrypting operating systems amounts. Windows PowerShell has the benefit of pages plenty of liberty. Such as for example, users can add the desired protector as an ingredient command to possess encrypting the amount. Listed here are samples of well-known affiliate issues and tips accomplish them by using the BitLocker cmdlets having Windows PowerShell.
The analogy below contributes one to additional protector, the new StartupKey protectors, and you can chooses to miss out the BitLocker methods try. Contained in this analogy, encryption begins quickly without the need for a great restart.
Investigation regularity
Study volume encoding having fun with Window PowerShell is the same as for operating systems quantities. Range from the need protectors in advance of encrypting the volume. The next example adds a password guardian into the Elizabeth: frequency using the variable $pw as password. The latest $pw changeable is held given that a SecureString value to keep the latest user-defined password. Past, security initiate.
Using an SID-depending guardian within the Window PowerShell
The new ADAccountOrGroup protector is a dynamic Directory SID-centered guardian. It protector is going to be added to one another systems and you will analysis amounts, although it does not open os’s quantities from the pre-footwear environment. The guardian requires the SID towards website name account otherwise group so you can connection to brand new protector. BitLocker can protect a group-alert drive with the addition of an SID-created guardian to the People Term Target (CNO) you to lets the disk properly failover and stay unlocked to your affiliate computer of the class.
The fresh new SID-oriented protector fet life necessitates the accessibility an additional guardian (particularly TPM, PIN, recuperation secret, an such like.) whenever put on operating systems volumes.
To add an ADAccountOrGroup guardian to an amount, you would like often the genuine website name SID or even the group term preceded because of the website name and you may an excellent backslash. Regarding the example below, new CONTOSO\Manager account is extra just like the a guard to the data frequency G.