我们的Windows 7企业笔记本电脑配有TPM芯片。我们已经为这些笔记本电脑部署了Bitlocker。我想要完成的是编写一个PowerShell脚本来查找AD中特定计算机的msTPM-OwnerInformation值。我希望它接受该值并重置TPMLockout。
现在我们必须进入TPM控制台并单击重置并指定包含该值的XML文件。
我已经开始使用脚本,但它并没有按照我想要它做的事情,因为我对PowerShell很新。
答案 0 :(得分:1)
创建名为“Get_msTPM-OwnerInformation.ps1”的新文件 并将以下文本粘贴到其中。
根据您的需要更改零件'DOMAIN / OU'。 这应该从AD中读取您需要的所有信息
#----------------------Start----------------------------------------------------------------
#Custom variables
$CsvFilePath = "C:\Temp\BitLockerComputerReport.csv"
#Create array to hold computer information
$export = @()
#Export computers not Bitlocker-enabled to a CSV-file
#$BitLockerEnabled = Get-QADObject -SizeLimit 0 -IncludedProperties cn,Name,ParentContainer,msFVE-RecoveryPassword | Where-Object {$_.type -eq “msFVE-RecoveryInformation”} | Foreach-Object {
$BitLockerEnabled = Get-QADObject -SearchRoot 'DOMAIN/OU' -SizeLimit 0 -IncludedProperties cn,Name,ParentContainer,msFVE-RecoveryPassword | Where-Object {$_.type -eq “msFVE-RecoveryInformation”} | Foreach-Object {
#Get PasswordID
$_.cn -match “(?<={).*(?=})"
#Create custom object for each computer
$computerobj = New-Object -TypeName psobject
#Add information to custom object
$computerobj | Add-Member -MemberType NoteProperty -Name Name -Value (Split-Path -Path $_.ParentContainer -Leaf)
$computerobj | Add-Member -MemberType NoteProperty -Name PasswordID -Value $matches[0]
$computerobj | Add-Member -MemberType NoteProperty -Name "msFVE-RecoveryPassword" -Value $_."msFVE-RecoveryPassword"
$computerobj | Add-Member -MemberType NoteProperty -Name "msTPM-OwnerInformation" -Value (Get-QADComputer -IncludedProperties "msTPM-OwnerInformation" -Name (Split-Path -Path $_.ParentContainer -Leaf))."msTPM-OwnerInformation"
$export += $computerobj
}
#Export the array with computerinformation to the user-specified path
$export | Export-Csv -Path $CsvFilePath -NoTypeInformation
#------------------------End--------------------------------------------------------------