bitlocker swiss army knifeI am sure you more less all know by now that I work in Switzerland. What an amazing country i have to say! The mountains, the chocolate, the watches, the nature, and… their awesome army knifes.

These knifes are really super cool! They combine so many different funtionalities in one, and it is so small that you can carry it everywhere with you! While camping, hiking etc…

It is super handy! Need to open a can?
–> Use the swiss army knife.
Went out for a lunch in the park with your girl friend/boy friend and need to open the bottle of Bordeaux Saint-emilion you specially bought for the occasion?
–> Use the Swiss army knife.
Need to fix your shirt fastly before attending this job interview?
–> again, Swiss army knife!

 

You got it, you can do everything with it :) But what does all of that have to do with PowerShell ?
Well, I have recently been developing a powershell script for bitlocker remediation purposes. The knowledge I build from it, made me realize that nothing really existed in powershell to manage the bitlocker parts.

 

[stextbox id=”note”]BitlockerSAK could be seen as a full powershell equivalent of manage-bde.exe [/stextbox]

I decided to create a powershell bitlocker encryption tool that gives any admin / system engineer to manage the bitlocker encryption and TPM settings from a machine. The powershell bitlocker encryption tool function aka “BitlockerSAK“.

The BitlockerSAK function is a big Swiss army knife that is extremely helpful to manage Powershell Bitlocker encryption / remediation automation for Windows systems (especially prior to Windows 8.1). It contains all the functionality that you would expect to be there to help you manage your bitlocker environment.

Download powershell BitlockerSAK:

BitlockerSAK is free, and is available for download on Technet. Once downloaded, please think to rate the script by clicking the stars, and do not hesitate to give me feedback concerning the tool.

[stextbox id=”note”]Rember that this function is in continuous improvement process. Bug fixes and new features will come often, but all of this depends on your valuable feedback. Contact me through twitter  at @stephanevg , on the Technet comment section right here, or by commenting directly at the end of this article for bug fixes or new feature requests.[/stextbox]
[stextbox id=”download”]Get the BitlockerSAK now by clicking on the Microsoft Technet download link right here (and don’t forget to rate it  if you like it;)[/stextbox]

What can the powershell bitlocker Swiss army knife concretely do?

 

This powershell bitlocker encryption tool “BitlockerSAK” will enable the automation of the bitlocker encryption and TPM operations that need to be done on Microsoft Windows (R) machines through PowerShell.

The following actions can be done with with BitlockerSAK:

  • Identify if the TPM is activated.
  • Identify if the TPM is enabled.
  • Identify it the TPM is owned.
  • Identify if the TPM ownership is allowed.
  • Get the current bitlocker protection status.
  • Start the bitlocker drive encryption. (with Pin).
  • Resume a bitlocker encryption that is in paused state.
  • Return the current bitlocker encryption percentage of the drive.
  • Return the bitlocker key protector id’s of the machine.
  • Return the encryption method of the encrypted drive.
  • Return the Key protector methods.

Help and examples can be easily found by using the integrated help system.

How does the PowerShell Bitlocker SAK work?

The windows powershell Bitlocker SAK tool is based on 3 different technologies: Powershell bitlocker wmi.
The combination of Powershell bitlocker and WMI brings us the possibility to manage the complete bitlocker and TPM activities using a simple windows powershell tool; BitlockerSAK.

As mentioned above, the BitlockerSAK does not work only for Powershell and bitlocker, but you can also use BitlockerSAK to work on the different TPM actions. Indeed, using the same combination as for bitlocker (powershell tpm wmi), bitlockerSAK will allow you to manage your TPM with powershell just like you would have done with manageBDE.exe.

Powershell bitlocker wmi, Powershell tpm wmi are the key features of the BitlockerSAK.

BitlockerSAK usage examples:

How to get the current Bitlocker encryption status with Powershell?

 

Simply call the BitlockerSAK function without any parameter, and it will return an object that with the current encryption status:

Bitlocker status with Powershell and BitlockerSAK

BitlockerSAK returns an object which can be integrated into existing script logic to identify and force the encryption.

 

How to remediate bitlocker drives that are not encrypted?

 

It is possible to use the BitlockerSAK in logic in order to remediate non-encrypted bitlocker drives. Here under you can see an example:

BitlockerSAK help and integrated examples:

 

In order to get more information on the bitlocker capabilities with powershell, use : Get-help Get-bitlockerInfo

Get-help BitlockerSAK

 

More help can be found using the following command:

To see examples of the powershell bitlocker encryption function bitlockerSAK, type this:

Download the bitlocker Swiss army knife:

 

The powershell bitlocker tool can be downloaded directly from Technet, or it can be copy pasted from the listing below.

 
[stextbox id=”download”]The Microsoft Technet download link is right here (and don’t forget to rate it 😉 )[/stextbox]

Listing: 

 

The listing of the latest version of the BitlockerSAK is available here below. You can copy past this function directly into one of your scripts or module and start using it.