A small blog post to share my recent experience with Bitlocker encryption. I have been looking around for information in order to write my own script, and I thought I would simply share with everybody the information I have gathered during these (sometimes loooong) moments.
Before you start to read these tips, perhaps you would like to know that I have written a bitlocker encryption tool based on PowerShell name BitlockerSAK (for Bitlocker Swiss Army Knife). I tried to mimic the way manage-bde.exe worked. It is based on the Win32_TPM and the Win32_EncryptableVolume WMI classes. (and inspired from some of the links below).
1) Official TPMcmdlets for Windows 8.1 and Windows Server 2012 R2:
If you are working on some newer versions of Windows like Windows 8.1 and Windows 2012R2 you can check this link. (this sentence will look funny in a year or so ;))
2) Official Bitlocker cmdlets for Windows 8.1 and Windows Server 2012 R2:
A link to the freshly integrated Windows 8.1 Bitlocker cmdlets (based on the BitLocker Module). Click this link.
3) How to write bitlocker and TPM scripts with PowerShell for Windows 8 and prior versions? (Windows 7, Windows Xp…)
I have written a Bitlocker automation and remediation function that called the BitlockerSAK for Bitlocker Swiss Army knife. This tool is complete and allows you to manage your Bitlocker encryption and TPM activities through PowerShell in the same way that you would use Manage-BDE for example.
The BitlockerSAK did not fullfill your needs? You can always try to write your own cmdlets!
How to write your own PowerShell Bitlocker / TPM Cmdlets?
4) Bitlocker WMI classes:
Two links which makes everything possible concerning Bitlocker Drive encryption and its automations: The two WMI classes Win32_TPM and WIN32_EncryptableVolume.
- Win32_TPM –> http://msdn.microsoft.com/en-us/library/windows/desktop/aa376484(v=vs.85).aspx
- Win32_EncryptableVolume –> http://msdn.microsoft.com/en-us/library/windows/desktop/aa376483(v=vs.85).aspx
5) Inspire yourself from existing resources:
- Bitlocker Deployment VBS Script :
A link to a very good VBS script written by “StarrAndersen” which can help to understand how things are linked / connected to each other and find out the needed worklow.
- GitHub Project
An open project on GitHub written by Thomas Malkewitz (aka “NecroMorhp”) which is actually focused on HP hardware, but it can be used as base in order to understand the exact workflow that needs to be respected.
6) Additional and external information:
- Books with Encryption scripts :
In my researches, I found this link to the book called : “Automating administration of active directoy with PowerShell 2.0” written by : Ken St. Cyr, Laura E. Hunter It contains good information on how to use the different WMI classes to automate the bitlocker tasks.