Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Enable Bitlocker on C: Drive then Backup Bitlocker Recovery Key to Azure for Devices Joined to Azure Active Directory.
- # Review this site to prep AD for Recovery Keys - https://theitbros.com/config-active-directory-store-bitlocker-recovery-keys/
- # Check if Bitlocker is already enabled on C: Drive
- $bitlockerStatus = Get-BitLockerVolume -MountPoint "C:"
- if ($bitlockerStatus.ProtectionStatus -eq 'On') {
- Write-Host "BitLocker is already enabled on C: drive. Exiting script."
- exit
- }
- # Enable Bitlocker on C: Drive
- Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes128 -UsedSpaceOnly -SkipHardwareTest -RecoveryPasswordProtector
- # Backup Bitlocker Recovery Key to AD or AAD depending on if system is Azure / AD joined.
- $key = (Get-BitLockerVolume -MountPoint "C:").KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' } | Foreach-Object { "$($_.KeyProtectorId)" }
- # Checks to see if system is domain joined - If AD Joined backs up to AD otherwise Backs up Recovery key to AAD.
- if ((gwmi win32_computersystem).partofdomain -eq $true) {
- Manage-BDE -Protectors -ADBackup C: -ID "$key"
- }
- else {
- Manage-BDE -Protectors -AADBackup C: -ID "$key"
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement