Windows PowerShell cmdlets offer an alternative way to partner with BitLocker. Having fun with Window PowerShell’s scripting possibilities, administrators can also be include BitLocker possibilities with the existing texts without difficulty. The list less than screens brand new available BitLocker cmdlets.
Exactly like do-bde, the fresh Windows PowerShell cmdlets enable it to be setup outside of the choices available in new control board. As with create-bde, profiles have to think about the specific requires of frequency it are encrypting ahead of powering Screen PowerShell cmdlets.
A good 1st step will be to influence the current condition out-of the amount(s) on the pc. You can do this utilising the Score-BitLocker volume cmdlet. The fresh new productivity from this cmdlet screens information regarding the quantity form of, protectors, coverage position, and other useful information.
From time to time, all the protectors might not be shown when using Score-BitLockerVolume because of insufficient room from the efficiency display. If you do not see all of the protectors for a beneficial frequency, you need the brand new Window PowerShell tube demand (|) in order to style a list of new protectors.
If the there are more than four protectors having an amount, new tube demand can get lack display area. For amounts with well over four protectors, use the method discussed about area less than to generate good directory of most of the protectors having guardian ID.
Should you want to get rid of the present protectors before provisioning BitLocker into the volume, you should use the newest Reduce-BitLockerKeyProtector cmdlet. Accomplishing this task necessitates the GUID of protector so you can come off. A simple software normally tubing the costs each and every Rating-BitLockerVolume go back off to various other varying since seen below:
With this program, we can monitor what in the $keyprotectors changeable to find the GUID each guardian. Using this suggestions, we could up coming eliminate the trick protector getting a particular frequency with the command:
The BitLocker cmdlet requires the trick protector GUID shut when you look at the estimate scratching to perform. Guarantee the entire GUID, having braces, is included about demand.
Os’s regularity
Using the BitLocker Windows PowerShell cmdlets is like handling the latest would-bde device to have encrypting systems amounts. Windows PowerShell offers pages plenty of liberty. Instance, profiles can add the mandatory guardian as a key part order to possess encrypting the quantity. Here are examples of preferred user situations and you will strategies to accomplish him or her with the BitLocker cmdlets to possess Window PowerShell.
The fresh example less than adds one even more protector, the new StartupKey protectors, and decides to miss the BitLocker technology take to. In this analogy, security initiate immediately without the need for a great reboot.
Investigation frequency
Study frequency encryption playing with Screen PowerShell is the same as to possess operating systems quantities. Add the wished protectors before encrypting the amount. Next analogy adds a password guardian towards E: volume utilizing the variable $pw just like the code. The newest $pw varying try stored due to the fact a good SecureString well worth to store this new user-laid out password. Last, https://datingmentor.org/tr/duz-tarihleme/ security starts.
Using a keen SID-founded guardian when you look at the Screen PowerShell
The ADAccountOrGroup protector is an energetic Directory SID-depending guardian. This guardian will likely be set in each other operating system and you can research quantities, although it will not discover os’s amounts in the pre-footwear environment. The newest protector necessitates the SID on domain account otherwise classification so you can connection to the new protector. BitLocker can safeguard a cluster-aware disk by the addition of an SID-mainly based protector for the Group Term Object (CNO) you to lets the fresh new drive safely failover and become unlocked to your representative computers of one’s team.
The new SID-created guardian requires the entry to an additional guardian (eg TPM, PIN, data recovery key, etcetera.) whenever placed on systems amounts.
To incorporate an ADAccountOrGroup guardian to an amount, you want sometimes the true domain SID and/or category term preceded because of the domain and a backslash. About analogy below, the latest CONTOSO\Administrator account are additional because the a guard for the study regularity Grams.