Window PowerShell cmdlets offer an alternative way to work well with BitLocker. Using Screen PowerShell’s scripting potential, administrators can also be add BitLocker options for the current http://www.datingmentor.org/escort/escondido/ scripts effortlessly. Record lower than displays this new available BitLocker cmdlets.
Just like would-bde, the latest Window PowerShell cmdlets ensure it is configuration not in the alternatives offered in the fresh control panel. Like with manage-bde, users need take into account the particular needs of your volume they try encrypting ahead of running Windows PowerShell cmdlets.
A great 1st step is to determine the present day county out-of the volume(s) on the pc. You can do this using the Get-BitLocker regularity cmdlet. The fresh new yields from this cmdlet displays information regarding the volume type of, protectors, cover reputation, or other helpful suggestions.
Periodically, all of the protectors may possibly not be revealed when using Score-BitLockerVolume due to insufficient space in the efficiency display. If you do not select all protectors to own a great volume, you can make use of the newest Windows PowerShell pipe order (|) so you’re able to structure a listing of the fresh protectors.
In the event that there are many more than four protectors having a quantity, new pipe command may use up all your display screen area. To own amounts with more than five protectors, use the approach discussed on section less than to create a good range of every protectors with protector ID.
If you would like remove the existing protectors prior to provisioning BitLocker to the volume, you are able to the Lose-BitLockerKeyProtector cmdlet. Accomplishing this activity necessitates the GUID of the guardian in order to be removed. A simple software can pipe the costs of each Get-BitLockerVolume go back over to various other varying as the seen below:
With this particular software, we can monitor what throughout the $keyprotectors changeable to find the GUID for every protector. With this suggestions, we can up coming get rid of the trick protector getting a specific frequency utilizing the command:
The brand new BitLocker cmdlet necessitates the secret protector GUID shut from inside the offer scratching to perform. Make sure the whole GUID, which have braces, is roofed on demand.
Operating systems regularity
Utilising the BitLocker Window PowerShell cmdlets is like handling the new carry out-bde device to possess encrypting operating systems quantities. Screen PowerShell also offers pages lots of self-reliance. For example, profiles will add the required guardian as a key part demand to own encrypting the amount. Listed here are types of preferred associate circumstances and you can actions to complete her or him by using the BitLocker cmdlets getting Windows PowerShell.
The latest example lower than adds you to definitely a lot more guardian, the fresh new StartupKey protectors, and you will decides to skip the BitLocker methods shot. Within this analogy, encryption begins quickly without needing an excellent restart.
Study regularity
Study frequency security using Window PowerShell is the same as to have os’s volumes. Range from the wished protectors ahead of encrypting the volume. The following analogy adds a code guardian for the E: regularity by using the variable $pw given that password. This new $pw variable was stored as the a SecureString value to store the fresh user-discussed password. Last, encoding starts.
Having fun with a keen SID-situated protector within the Window PowerShell
The latest ADAccountOrGroup guardian was an energetic List SID-mainly based guardian. So it guardian is put into both systems and you may study volumes, though it does not unlock os’s volumes regarding pre-footwear environment. Brand new guardian requires the SID for the domain membership otherwise class so you can link with new guardian. BitLocker can protect a cluster-aware disk with the addition of an enthusiastic SID-created protector with the Team Identity Target (CNO) one lets the drive securely failover and stay unlocked to your user computer of your party.
The brand new SID-oriented protector necessitates the access to a supplementary protector (such as for instance TPM, PIN, recovery trick, an such like.) whenever used on operating systems amounts.
To include an enthusiastic ADAccountOrGroup protector to a volume, you desire sometimes the true website name SID or even the category term preceded by website name and an effective backslash. From the analogy lower than, the CONTOSO\Manager membership are extra just like the a guard with the analysis volume Grams.
