很长一段时间潜伏在第一次发帖。不使用它已经有一段时间了,我再次涉足PowerShell。我目前正在尝试创建一个启用Bitlocker的脚本,并将恢复密钥备份到桌面。我发现它可以使Bitlocker很好,但桌面上的恢复密钥没有显示恢复密钥?到目前为止,这是脚本:
#Test Registry paths before trying to modify
Test-Path HKLM:\SOFTWARE\Policies\Microsoft\FVE
#Change Registry keys to allow BitLocker without TPM and with additional authentication
#Check EnableBDEWithNoTPM value is correct, if not set it to be correct value.
Get-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -name "EnableBDEWithNoTPM"
if($val.EnableBDEWithNoTPM -ne 1)
{
Set-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -Name "EnableBDEWithNoTPM" -value 1
}
#Check UseAdvancedStartup value is correct, if not set it to be correct value.
Get-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -name "UseAdvancedStartup"
if($val.UseAdvancedStartup -ne 1)
{
Set-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -Name "UseAdvancedStartup" -value 1
}
#Check UseTPM value is correct, if not set it to be correct value.
Get-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -name "UseTPM"
if($val.UseTPM -ne 2)
{
Set-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -Name "UseTPM" -value 2
}
#Check UseTPMKey value is correct, if not set it to be correct value.
Get-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -name "UseTPMKey"
if($val.UseTPMKey -ne 2)
{
Set-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -Name "UseTPMKey" -value 2
}
#Check UseTPMKeyPIN value is correct, if not set it to be correct value.
Get-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -name "UseTPMKeyPIN"
if($val.UseTPMKeyPIN -ne 2)
{
Set-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -Name "UseTPMKeyPIN" -value 2
}
#Check UseTPMPIN value is correct, if not set it to be correct value.
Get-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -name "UseTPMPIN"
if($val.UseTPMPIN -ne 2)
{
Set-ItemProperty -Path hklm:\SOFTWARE\Policies\Microsoft\FVE -Name "UseTPMPIN" -value 2
}
#Prompt the user to enter a password, which will be stored as a string and used to set Bitlocker password
$pass = Read-Host 'Please set new password' -AsSecureString
#Enable BitLocker on Drive C: with password set by user and encrypt used space only.
Enable-BitLocker -MountPoint "C:" -Password $pass -EncryptionMethod Aes256 -UsedSpaceOnly -PasswordProtector
#Generate Recovery Key and store in C:\Recovery
Get-BitLockerVolume | Enable-BitLocker -EncryptionMethod Aes256 -RecoveryKeyPath "C:\Recovery" -RecoveryKeyProtector
#Save Recovery Key to C:
(Get-BitLockerVolume -MountPoint C:).KeyProtector > $env:UserProfile\Desktop\BitLocker_Recovery_Key.txt
当我添加这部分时:
Get-BitLockerVolume | Enable-BitLocker -EncryptionMethod Aes256 -RecoveryKeyPath "C:\Recovery" -RecoveryKeyProtector
在桌面上生成的recoverykey.txt文件包含“Recovery Key”部分,但它是空白的,此行也会导致错误,指出我需要重新启动以启动Bitlocker才能运行。
任何人都可以给我一些指示,说明为什么.txt中缺少恢复密钥以及我是否在任何地方出错?
感谢。
答案 0 :(得分:0)
我知道这已经过时了,但上面的powershell只是帮助了我。谢谢!
我认为它不能保存的原因是你需要选择一个网络驱动器。 当您通过bitlocker gui执行此操作时,它不会让您将密钥保存在正在使用bitlocker加密的驱动器上。