{"id":5931,"date":"2015-05-26T00:01:00","date_gmt":"2015-05-26T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2015\/05\/26\/powershell-and-bitlocker-part-2\/"},"modified":"2019-02-18T09:47:46","modified_gmt":"2019-02-18T16:47:46","slug":"powershell-and-bitlocker-part-2","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/powershell-and-bitlocker-part-2\/","title":{"rendered":"PowerShell and BitLocker: Part 2"},"content":{"rendered":"

Summary<\/b>: Guest blogger, Stephane van Gulick, continues his series about using Windows PowerShell and BitLocker together.<\/span><\/p>\n

Microsoft Scripting Guy, Ed Wilson, is here. Welcome back Stephane van Gulick for the final part of his two-part series. Be sure you read PowerShell and BitLocker: Part 1<\/a> first.<\/p>\n

Encryption operations<\/h2>\n

A lot of the following script examples come from a function I wrote called BitLockerSAK<\/a>. It is a tool written in Windows PowerShell that makes BitLocker tasks easier to automate.<\/p>\n

Finally, we arrive at the interesting part: the encryption of the drive. Don’t get me wrong—the Trusted Platform Module (TPM) operations are extremely important in the process of automating the drive encryption. Without these steps, the drive encryption might not even happen. But this is where I had the most fun in the scripting process.<\/p>\n

Are you sitting comfortably? You might want to get a refill of coffee before we hit it. Ready? All right…let’s go!<\/p>\n

Everything that relates to the proper encryption of the drive and that needs to be automated resides in the WMI (CIM) repository. It lies in the same Root\\cimv2\\Security\\ <\/b>namespace hierarchy as the Win32_TPM<\/b>. But this time we will dive into the Win32_EncryptableVolume<\/b> class.<\/i><\/p>\n

The Win32_EncryptableVolume<\/b> class contains an instance for each of the volumes that are present on the computer (for example, hard drives and USB keys).<\/p>\n

We can look into it by using the following command, and because we generally want to encrypt the system drive, we will filter on drive C.<\/p>\n

Using Get-CimInstance<\/b> will look like this (the results are shown in green in the following image):<\/p>\n

$CIMVolumeC = Get-CimInstance -namespace "Root\\cimv2\\security\\MicrosoftVolumeEncryption" -ClassName "Win32_Encryptablevolume" –<\/p>\n

Or we can use Get-WmiObject <\/b>as follows for retrocompatibility (shown in red in the following image):<\/p>\n

$WMIVolumeC= Get-WmiObject -namespace "Root\\cimv2\\security\\MicrosoftVolumeEncryption" -ClassName "Win32_Encryptablevolume" -filter "DriveLetter = 'C:'"<\/p>\n

As you can see, these two commands return (almost) the same results:<\/p>\n

\"Image<\/a><\/p>\n

The only difference is that Get-WMIObject<\/b> returns the instance and the system properties (they start with the double underscore “__<\/b>”).<\/p>\n

Let’s look at the properties and methods we have access to through the two methods.<\/p>\n

Get-CIMInstance<\/b> returns the following list:<\/p>\n

\"Image<\/a><\/p>\n

Get-WMIObject<\/b> returns a bunch more methods—there are so many that we cannot see them all on this screenshot:<\/p>\n

\"Image<\/a><\/p>\n

The CIM option returns only 18 results when piped to Get-Member<\/b>:<\/p>\n

\"Image<\/a><\/p>\n

But good old Get-WMIObject<\/b> returns 84 results:<\/p>\n

\"Image<\/a><\/p>\n

Now that we have seen the methods that are available, we can start to work with them.<\/p>\n

Key protectors<\/h2>\n

Prior to launching the encryption of a specific volume, we need to set a key protector. A key protector will protect the volume encryption key, which will protect the volume that has just been encrypted.<\/p>\n

We can find all the key protectors that can be set by using the following code:<\/p>\n

$EncryptionData = Get-WMIObject -Namespace "Root\\cimv2\\security\\MicrosoftVolumeEncryption" –classname "Win32_EncryptableVolume" -Filter "DriveLetter = 'c:'"<\/p>\n

We have a few methods available as shown in the following screenshot:<\/p>\n

\"Image<\/a><\/p>\n

Those I have worked with the most are:<\/p>\n