Advertisement
Hi, I am trying to enable bitlocker in all domain joined user machines in my office. I have used a logon script to enable bitlocker in all machines. But this tool is enabling bitlocker in C drive alone. I need to enable this in all drive. How do i proceed. I have attached the script below<\/p>\n
please help<\/p>\n
$TPM = Get-WmiObject win32_tpm -Namespace root\\cimv2\\security\\microsofttpm | where {$_.IsEnabled().Isenabled -eq 'True'} -ErrorAction SilentlyContinue $WindowsVer = Get-WmiObject -Query 'select * from Win32_OperatingSystem where (Version like \"6.2%\" or Version like \"6.3%\" or Version like \"10.0%\") and ProductType = \"1\"' -ErrorAction SilentlyContinue $BitLockerReadyDrive = Get-BitLockerVolume -MountPoint $env:SystemDrive -ErrorAction SilentlyContinue #If all of the above prequisites are met, then create the key protectors, then enable BitLocker and backup the Recovery key to AD. if ($WindowsVer -and $TPM -and $BitLockerReadyDrive) { #Creating the recovery key Start-Process 'manage-bde.exe' -ArgumentList \" -protectors -add $env:SystemDrive -recoverypassword\" -Verb runas -Wait #Adding TPM key Start-Process 'manage-bde.exe' -ArgumentList \" -protectors -add $env:SystemDrive -tpm\" -Verb runas -Wait sleep -Seconds 15 #This is to give sufficient time for the protectors to fully take effect. #Enabling Encryption Start-Process 'manage-bde.exe' -ArgumentList \" -on $env:SystemDrive -em aes256\" -Verb runas -Wait #Getting Recovery Key GUID $RecoveryKeyGUID = (Get-BitLockerVolume -MountPoint $env:SystemDrive).keyprotector | where {$_.Keyprotectortype -eq 'RecoveryPassword'} | Select-Object -ExpandProperty KeyProtectorID #Backing up the Recovery to AD. manage-bde.exe -protectors $env:SystemDrive -adbackup -id $RecoveryKeyGUID #Restarting the computer, to begin the encryption process Restart-Computer}\n<\/code><\/pre>","upvoteCount":2,"answerCount":6,"datePublished":"2018-06-11T06:55:29.000Z","author":{"@type":"Person","name":"vellurpandianrk6213","url":"https://community.spiceworks.com/u/vellurpandianrk6213"},"suggestedAnswer":[{"@type":"Answer","text":"
Advertisement
Hi, I am trying to enable bitlocker in all domain joined user machines in my office. I have used a logon script to enable bitlocker in all machines. But this tool is enabling bitlocker in C drive alone. I need to enable this in all drive. How do i proceed. I have attached the script below<\/p>\n
please help<\/p>\n
$TPM = Get-WmiObject win32_tpm -Namespace root\\cimv2\\security\\microsofttpm | where {$_.IsEnabled().Isenabled -eq 'True'} -ErrorAction SilentlyContinue $WindowsVer = Get-WmiObject -Query 'select * from Win32_OperatingSystem where (Version like \"6.2%\" or Version like \"6.3%\" or Version like \"10.0%\") and ProductType = \"1\"' -ErrorAction SilentlyContinue $BitLockerReadyDrive = Get-BitLockerVolume -MountPoint $env:SystemDrive -ErrorAction SilentlyContinue #If all of the above prequisites are met, then create the key protectors, then enable BitLocker and backup the Recovery key to AD. if ($WindowsVer -and $TPM -and $BitLockerReadyDrive) { #Creating the recovery key Start-Process 'manage-bde.exe' -ArgumentList \" -protectors -add $env:SystemDrive -recoverypassword\" -Verb runas -Wait #Adding TPM key Start-Process 'manage-bde.exe' -ArgumentList \" -protectors -add $env:SystemDrive -tpm\" -Verb runas -Wait sleep -Seconds 15 #This is to give sufficient time for the protectors to fully take effect. #Enabling Encryption Start-Process 'manage-bde.exe' -ArgumentList \" -on $env:SystemDrive -em aes256\" -Verb runas -Wait #Getting Recovery Key GUID $RecoveryKeyGUID = (Get-BitLockerVolume -MountPoint $env:SystemDrive).keyprotector | where {$_.Keyprotectortype -eq 'RecoveryPassword'} | Select-Object -ExpandProperty KeyProtectorID #Backing up the Recovery to AD. manage-bde.exe -protectors $env:SystemDrive -adbackup -id $RecoveryKeyGUID #Restarting the computer, to begin the encryption process Restart-Computer}\n<\/code><\/pre>","upvoteCount":2,"datePublished":"2018-06-11T06:55:29.000Z","url":"https://community.spiceworks.com/t/powershell-script-to-run-bitlocker/656227/1","author":{"@type":"Person","name":"vellurpandianrk6213","url":"https://community.spiceworks.com/u/vellurpandianrk6213"}},{"@type":"Answer","text":"Wow, that came out bad! Can you edit and use the code button?<\/p>\n
![\"codebutton.png\"](\"https://us1.discourse-cdn.com/spiceworks/original/4X/c/f/d/cfd00be9c93cacb162aadced7f3aa18541adfdf3.png\")
<\/p>","upvoteCount":0,"datePublished":"2018-06-11T07:23:13.000Z","url":"https://community.spiceworks.com/t/powershell-script-to-run-bitlocker/656227/2","author":{"@type":"Person","name":"martin9700","url":"https://community.spiceworks.com/u/martin9700"}},{"@type":"Answer","text":"
Please edit your post and insert the code using the Insert Code </><\/strong> button. It’s just a mass of test as is.<\/p>","upvoteCount":0,"datePublished":"2018-06-11T07:24:01.000Z","url":"https://community.spiceworks.com/t/powershell-script-to-run-bitlocker/656227/3","author":{"@type":"Person","name":"psophos","url":"https://community.spiceworks.com/u/psophos"}},{"@type":"Answer","text":"Thanks!. I have edited<\/p>","upvoteCount":0,"datePublished":"2018-06-11T07:30:21.000Z","url":"https://community.spiceworks.com/t/powershell-script-to-run-bitlocker/656227/4","author":{"@type":"Person","name":"vellurpandianrk6213","url":"https://community.spiceworks.com/u/vellurpandianrk6213"}},{"@type":"Answer","text":"
Can anyone help me on this please?<\/p>","upvoteCount":0,"datePublished":"2018-06-11T08:08:57.000Z","url":"https://community.spiceworks.com/t/powershell-script-to-run-bitlocker/656227/5","author":{"@type":"Person","name":"vellurpandianrk6213","url":"https://community.spiceworks.com/u/vellurpandianrk6213"}},{"@type":"Answer","text":"
Wrap your bitlocker routine inside an iterative drive loop like so:<\/p>\n
$Drives = Get-PSDrive -PSProvider ‘FileSystem’ foreach($Drive in $drives) {<\/p>\n
#bitlocker<\/span> code here<\/p>\n}<\/p>\n
Where you substitute everywhere you invoke the SystemDrive object of your original script with the interactive $Drive object variable.<\/p>\n
CAUTION: I do not know your environment and you may need a more fine tuned Get-PSDrive command if you need to exclude any external USB or iSCSI attached storage. One filter you may use is the -name or -pSProvider arguments if the drive names or properties are consistent. Otherwise you might need an elaborate filter nested inside the $Drive assignment operation .<\/p>","upvoteCount":1,"datePublished":"2018-06-11T14:09:10.000Z","url":"https://community.spiceworks.com/t/powershell-script-to-run-bitlocker/656227/6","author":{"@type":"Person","name":"ralhow","url":"https://community.spiceworks.com/u/ralhow"}}]}}
