Combreal

encrypt02.ps1

Sep 22nd, 2020 (edited)
1,103
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <#
  2. .SYNOPSIS
  3. This script encrypt local disk and send encryption key to the specified mail address
  4.  
  5. .DESCRIPTION
  6. Create a file containing timestamp, hostname, hostid and a random bitlocker password
  7. Send this file to the user mail address and ISD sympa list then start encrypting the disk
  8. Abort if necessary
  9. #>
  10.  
  11. #Function to generate a Bitlocker key
  12. Function recoveryKeyGen
  13. {
  14.     $recoveryKey = ""
  15.     for($i=0; $i -lt 8; $i++)
  16.     {
  17.         $completed = $null
  18.         DO
  19.         {
  20.             $recoveryKeyPart =  (Get-Random -Minimum 100000 -Maximum 720895)
  21.             if($recoveryKeyPart %11 -eq 0)
  22.             {
  23.                 $recoveryKey = $recoveryKey + $recoveryKeyPart
  24.                 $completed = $true
  25.             }
  26.         } While (-not $completed)
  27.         if ($i -ne 7)
  28.         {
  29.             $recoveryKey = $recoveryKey + "-"
  30.         }
  31.     }
  32.     $recoveryKey
  33. }
  34.  
  35. #Prepare file path
  36. if(-Not (Test-Path C:\Temp))
  37. {
  38.     New-Item -ItemType Directory -Force -Path C:\Temp
  39. }
  40. $recoveryKeyPath = "C:\Temp\" + $env:COMPUTERNAME + "_" + $env:USERNAME + "_recoveryKey.txt"
  41. if(Test-Path $recoveryKeyPath)
  42. {
  43.     Remove-Item $recoveryKeyPath
  44. }
  45.  
  46. #Get mail address
  47. Add-Type -AssemblyName System.Windows.Forms
  48. Add-Type -AssemblyName System.Drawing
  49. $form = New-Object System.Windows.Forms.Form
  50. $form.Text = 'Data Entry Form'
  51. $form.Size = New-Object System.Drawing.Size(300,200)
  52. $form.StartPosition = 'CenterScreen'
  53. $okButton = New-Object System.Windows.Forms.Button
  54. $okButton.Location = New-Object System.Drawing.Point(75,120)
  55. $okButton.Size = New-Object System.Drawing.Size(75,23)
  56. $okButton.Text = 'OK'
  57. $okButton.DialogResult = [System.Windows.Forms.DialogResult]::OK
  58. $form.AcceptButton = $okButton
  59. $form.Controls.Add($okButton)
  60. $cancelButton = New-Object System.Windows.Forms.Button
  61. $cancelButton.Location = New-Object System.Drawing.Point(150,120)
  62. $cancelButton.Size = New-Object System.Drawing.Size(75,23)
  63. $cancelButton.Text = 'Cancel'
  64. $cancelButton.DialogResult = [System.Windows.Forms.DialogResult]::Cancel
  65. $form.CancelButton = $cancelButton
  66. $form.Controls.Add($cancelButton)
  67. $label = New-Object System.Windows.Forms.Label
  68. $label.Location = New-Object System.Drawing.Point(10,20)
  69. $label.Size = New-Object System.Drawing.Size(280,20)
  70. $label.Text = 'Please enter your professional mail address :'
  71. $form.Controls.Add($label)
  72. $textBox = New-Object System.Windows.Forms.TextBox
  73. $textBox.Location = New-Object System.Drawing.Point(10,40)
  74. $textBox.Size = New-Object System.Drawing.Size(260,20)
  75. $form.Controls.Add($textBox)
  76. $form.Topmost = $true
  77. $form.Add_Shown({$textBox.Select()})
  78. $result = $form.ShowDialog()
  79. if ($result -eq [System.Windows.Forms.DialogResult]::OK)
  80. {
  81.     $userMail = $textBox.Text
  82.     $userMail
  83. }
  84. else
  85. {
  86.     Write-Host Mail address is mandatory save encryption key. Aborting.
  87.     exit
  88. }
  89.  
  90. $timeStamp = "[{0:dd/MM/yy} {0:HH:mm:ss}]" -f (Get-Date)
  91. Add-Content $recoveryKeyPath $timeStamp
  92.  
  93. $computerName = "COMPUTERNAME : " + $env:COMPUTERNAME
  94. Add-Content $recoveryKeyPath $computerName
  95.  
  96. #Get IP
  97. $ipv4 = "IP           : "
  98. $ipv4B = (Get-WmiObject -Class Win32_NetworkAdapterConfiguration | where {$_.DefaultIPGateway -ne $null}).IPAddress | select-object -first 1
  99. $ipv4 = $ipv4 + $ipv4B
  100. Add-Content $recoveryKeyPath $ipv4
  101.  
  102. #Get hostID
  103. $macAddress = "HOSTID       : "
  104. $computerSystem = (Get-WmiObject -Class:Win32_ComputerSystem)
  105. if ( $computerSystem.Manufacturer -like "Hewlett*" )
  106. {
  107.     $macAddressB =  Get-WmiObject win32_networkadapterconfiguration | select description, macaddress | ? description -like "*Network Connection" | select macaddress -ExpandProperty macaddress
  108. }
  109. elseif( $computerSystem.Manufacturer -like "Dell*" )
  110. {
  111.     $macAddressB =  Get-WmiObject win32_networkadapterconfiguration | select description, macaddress | ? description -like "Realtek*" | select macaddress -ExpandProperty macaddress
  112. }
  113. $macAddress = $macAddress + $macAddressB
  114. Add-Content $recoveryKeyPath $macAddress
  115.  
  116. #Create recovery key
  117. $recoveryKey = "RECOVERYKEY  : "
  118. $recoveryKeyB = recoveryKeyGen
  119. $recoveryKey = $recoveryKey + $recoveryKeyB
  120. Add-Content $recoveryKeyPath $recoveryKey
  121.  
  122. #Send encryption info via mail
  123. $smtpServer = "smtp.inria.fr"
  124. $smtpFromA = ($userMail | Out-String)
  125. $smtpFromB = "windows-escrow@inria.fr"
  126. $smtpToA = "windows-escrow@inria.fr"
  127. $smtpToB = ($userMail | Out-String)
  128. $messageSubject = "$env:COMPUTERNAME BitLocker Recovery Password"
  129. $messageBody = $timeStamp + "`n" + $computerName + "`n" + $ipv4 + "`n" + $macAddress + "`n" + $recoveryKey + "`n"
  130. $smtpA = New-Object Net.Mail.SmtpClient($smtpServer)
  131. $smtpB = New-Object Net.Mail.SmtpClient($smtpServer)
  132. $smtpA.Send($smtpFromA,$smtpToA,$messagesubject,$messagebody)
  133. $smtpB.Send($smtpFromB,$smtpToB,$messagesubject,$messagebody)
  134.  
  135. Write-Host "`n" $timeStamp "`n" $computerName "`n" $ipv4 "`n" $macAddress "`n" $recoveryKey "`n`n"
  136. Write-Host "Encryption informations has been sent to the specified addresse, starting the disk encryption"
  137.  
  138. #Start encryption
  139. manage-bde -protectors -add c: -RecoveryPassword $recoveryKeyB
  140. manage-bde -on c:
  141. Restart-Computer -Force
RAW Paste Data