通过Powershell启用Bitlocker - 恢复密钥将无法保存?

时间:2016-08-18 08:30:54

标签: powershell bitlocker

很长一段时间潜伏在第一次发帖。不使用它已经有一段时间了,我再次涉足PowerShell。我目前正在尝试创建一个启用Bitlocker的脚本,并将恢复密钥备份到桌面。我发现它可以使Bitlocker很好,但桌面上的恢复密钥没有显示恢复密钥?到目前为止,这是脚本:

#Test Registry paths before trying to modify
Test-Path HKLM:\SOFTWARE\Policies\Microsoft\FVE

#Change Registry keys to allow BitLocker without TPM and with additional authentication

#Check EnableBDEWithNoTPM value is correct, if not set it to be correct value.
Get-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -name "EnableBDEWithNoTPM"
if($val.EnableBDEWithNoTPM -ne 1)
{
Set-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -Name "EnableBDEWithNoTPM" -value 1
}

#Check UseAdvancedStartup value is correct, if not set it to be correct value.
Get-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -name "UseAdvancedStartup"
if($val.UseAdvancedStartup -ne 1)
{
Set-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -Name "UseAdvancedStartup" -value 1
}

#Check UseTPM value is correct, if not set it to be correct value.
Get-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -name "UseTPM"
if($val.UseTPM -ne 2)
{
Set-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -Name "UseTPM" -value 2
}

#Check UseTPMKey value is correct, if not set it to be correct value.
Get-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -name "UseTPMKey"
if($val.UseTPMKey -ne 2)
{
Set-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -Name "UseTPMKey" -value 2
}

#Check UseTPMKeyPIN value is correct, if not set it to be correct value.
Get-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -name     "UseTPMKeyPIN"
if($val.UseTPMKeyPIN -ne 2)
{
Set-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -Name "UseTPMKeyPIN" -value 2
}

#Check UseTPMPIN value is correct, if not set it to be correct value.
Get-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -name "UseTPMPIN"
if($val.UseTPMPIN -ne 2)
{
Set-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -Name "UseTPMPIN" -value 2
}

#Prompt the user to enter a password, which will be stored as a string and used to set Bitlocker password
$pass = Read-Host 'Please set new password' -AsSecureString

#Enable BitLocker on Drive C: with password set by user and encrypt used space only.
Enable-BitLocker -MountPoint "C:" -Password $pass -EncryptionMethod Aes256 -UsedSpaceOnly -PasswordProtector

#Generate Recovery Key and store in C:\Recovery
Get-BitLockerVolume | Enable-BitLocker -EncryptionMethod Aes256 -RecoveryKeyPath "C:\Recovery" -RecoveryKeyProtector

#Save Recovery Key to C:
(Get-BitLockerVolume -MountPoint C:).KeyProtector > $env:UserProfile\Desktop\BitLocker_Recovery_Key.txt

当我添加这部分时:

    Get-BitLockerVolume | Enable-BitLocker -EncryptionMethod Aes256 -RecoveryKeyPath "C:\Recovery" -RecoveryKeyProtector

在桌面上生成的recoverykey.txt文件包含“Recovery Key”部分,但它是空白的,此行也会导致错误,指出我需要重新启动以启动Bitlocker才能运行。

任何人都可以给我一些指示,说明为什么.txt中缺少恢复密钥以及我是否在任何地方出错?

感谢。

1 个答案:

答案 0 :(得分:0)

我知道这已经过时了,但上面的powershell只是帮助了我。谢谢!

我认为它不能保存的原因是你需要选择一个网络驱动器。 当您通过bitlocker gui执行此操作时,它不会让您将密钥保存在正在使用bitlocker加密的驱动器上。