我正在尝试在办公室中所有加入域的用户机器上启用 bitlocker。
我已经使用 Widows 任务计划程序脚本在所有机器上启用 bitlocker。
但是下面的代码仅在 C 盘中启用 bitlocker。
我需要在笔记本电脑的所有驱动器中启用此功能。我该怎么做?我已将脚本附加到下方
$TPM = Get-WmiObject win32_tpm -Namespace root\cimv2\security\microsofttpm | where {$_.IsEnabled().Isenabled -eq 'True'} -ErrorAction SilentlyContinue
$WindowsVer = Get-WmiObject -Query 'select * from Win32_OperatingSystem where (Version like "6.2%" or Version like "6.3%" or Version like "10.0%") and ProductType = "1"' -ErrorAction SilentlyContinue
$BitLockerReadyDrive = Get-BitLockerVolume -MountPoint $env:SystemDrive -ErrorAction SilentlyContinue
#If all of the above prequisites are met, then create the key protectors, then enable BitLocker and backup the Recovery key to AD.
if ($WindowsVer -and $TPM -and $BitLockerReadyDrive) {
#Creating the recovery key
Start-Process 'manage-bde.exe' -ArgumentList " -protectors -add $env:SystemDrive -recoverypassword" -Verb runas -Wait
#Adding TPM key
Start-Process 'manage-bde.exe' -ArgumentList " -protectors -add $env:SystemDrive -tpm" -Verb runas -Wait
sleep -Seconds 15 #This is to give sufficient time for the protectors to fully take effect.
#Enabling Encryption
Start-Process 'manage-bde.exe' -ArgumentList " -on $env:SystemDrive -em aes256" -Verb runas -Wait
#Getting Recovery Key GUID
$RecoveryKeyGUID = (Get-BitLockerVolume -MountPoint $env:SystemDrive).keyprotector | where {$_.Keyprotectortype -eq 'RecoveryPassword'} | Select-Object -ExpandProperty KeyProtectorID
#Backing up the Recovery to AD.
manage-bde.exe -protectors $env:SystemDrive -adbackup -id $RecoveryKeyGUID
#Restarting the computer, to begin the encryption process
Restart-Computer}
答案1
您可以尝试此代码来获取所有驱动器,然后在“Foreach”中运行 bitlocker cmdlet
$drives = Get-Volume | Where {$_.DriveType -like "Fixed" -and $_.DriveLetter -ne $null -and $_.FileSystem -ne $null}
Foreach ($drive in $drives){
$drive.DriveLetter
}