Window PowerShell cmdlets give an alternative way to do business with BitLocker. Playing with Window PowerShell’s scripting potential, administrators can include BitLocker choices on current programs effortlessly. Record below displays the fresh readily available BitLocker cmdlets.
Exactly like create-bde, the fresh new Screen PowerShell cmdlets allow it to be setup outside the alternatives offered in this new panel. Just as in would-bde, pages need certainly to look at the certain needs of the frequency they is actually encrypting prior to powering Window PowerShell cmdlets.
An excellent initial step would be to dictate the modern county out-of the amount(s) on the pc. You can do this utilising the Get-BitLocker frequency cmdlet. The brand new yields from this cmdlet displays information regarding the volume particular, protectors, shelter standing, and other tips.
Sporadically, every protectors is almost certainly not shown while using Get-BitLockerVolume due to not enough room in the returns screen. If you don’t come across every protectors having a great regularity, you can utilize the latest Window PowerShell pipe demand (|) so you can structure a summary of the brand new protectors.
When the there are other than simply four protectors to own a quantity, the latest tubing command will get lack display screen space. To own quantities with more than four protectors, use the strategy discussed from the point less than to produce a good directory of the protectors which have protector ID.
If you would like take away the current protectors in advance of provisioning BitLocker on volume, you can utilize the Lose-BitLockerKeyProtector cmdlet. Accomplishing this task necessitates the GUID with the protector to help you go off. An easy program normally tubing the costs of any Get-BitLockerVolume get back off to several other varying since seen below:
With this particular program, we can display screen the information about $keyprotectors variable to find the GUID for every single protector. With this particular information, we are able to after that eliminate the secret guardian for a specific frequency utilising the demand:
The fresh new BitLocker cmdlet necessitates the secret protector GUID sealed for the price marks to perform. Ensure the whole GUID, which have braces, is included about order.
Operating system volume
Utilizing the BitLocker Window PowerShell cmdlets is similar to dealing with the newest manage-bde product to have encrypting systems volumes. Window PowerShell also provides users many liberty. Eg, users could www.datingmentor.org/pl/dominicancupid-recenzja/ add the required protector as a key part demand to own encrypting the amount. Listed here are types of prominent representative situations and you may methods to-do him or her by using the BitLocker cmdlets to possess Windows PowerShell.
The brand new analogy lower than adds one even more protector, the newest StartupKey protectors, and you may chooses to miss out the BitLocker methods test. Within example, encoding begins immediately without the need for a good restart.
Investigation regularity
Studies regularity encoding using Window PowerShell is equivalent to for operating systems amounts. Range from the need protectors ahead of encrypting the volume. The following example adds a password protector into the Age: frequency utilizing the varying $pw because the code. The new $pw changeable try held since a great SecureString value to save the new user-defined code. Past, security begins.
Using an enthusiastic SID-established protector in the Screen PowerShell
New ADAccountOrGroup protector is a dynamic Index SID-situated guardian. That it guardian might be added to both operating system and you will investigation volumes, although it doesn’t open operating systems quantities throughout the pre-boot environment. The newest guardian requires the SID towards domain membership otherwise classification to help you link with the protector. BitLocker can protect a group-aware computer by adding a keen SID-established protector for the Class Name Target (CNO) you to allows the fresh new computer properly failover and be unlocked to any user pc of your party.
The new SID-established protector necessitates the access to an additional protector (like TPM, PIN, data recovery secret, etcetera.) whenever applied to os’s quantities.
To add an enthusiastic ADAccountOrGroup guardian to a levels, you desire often the actual domain name SID or the group title preceded by the website name and you will a beneficial backslash. In the analogy less than, new CONTOSO\Manager membership try additional while the a protector to your investigation frequency Grams.