Last active
May 12, 2019 11:19
-
-
Save glassdfir/9fdeba642ed47a0e26ca to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $BitLocker = Get-WmiObject -ComputerName ComputerX -Namespace "Root\cimv2\Security\MicrosoftVolumeEncryption" -Class "Win32_EncryptableVolume" -Filter "DriveLetter = 'C:'" | |
| $VolumeKeyProtectorIDs = $BitLocker.GetKeyProtectors()|Select-Object VolumeKeyProtectorID | |
| #Let's loop through all of the VolumeKeyProtectorIDs for the C Volume and delete them. | |
| ForEach($ID in $VolumeKeyProtectorIDs){$BitLocker.DeleteKeyProtector($ID)} | |
| #Now that all of the previous Protectors are gone, let's add our own. | |
| #Let's add a new password that only the security team will need to know. | |
| $BitLocker.ProtectKeyWithTPMAndPin("","","BrandNewPassword123") | |
| #As a backup, let's also add a couple of recovery keys just in case noone can find the sticky note with the password. | |
| $BitLocker.ProtectKeyWithNumericalPassword("Primary","555555-555555-555555-555555-555555-555555-555555-555555") | |
| #Adding an additional optional recovery key might be helpful if you have more than one team that might need to gain access. | |
| $BitLocker.ProtectKeyWithNumericalPassword("Secondary","050505-050505-050505-050505-050505-050505-050505-050505") | |
| $BitLocker.EnableKeyProtectors() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment