Let’s face it, using your pet’s name and some random numbers and symbols as your device password just doesn’t cut it anymore. These days, hackers can bypass even the most creative of passwords, so it’s important to have a more secure solution. That’s where BitLocker encryption comes in. By encrypting the data on your device, BitLocker can help ensure that your sensitive data stays safe even if your device is lost or stolen.
This script makes it easy to enable BitLocker encryption on your C drive, providing you with the highest level of protection. And we know that even the best of us can forget our passwords from time to time. That’s why this script also lets you back up your recovery key to Active Directory or Azure AD, you can access your data even if you forget your password or if there’s a problem with the encryption.
With this script, you can have peace of mind knowing that your data is safe and secure. So give it a try and protect your devices like your neighbor protects his Wi-Fi password (we’re guessing he doesn’t use his pet’s name…).
The Script:
Atera does not guarantee the integrity, availability, security, virus-free, safety, lawfulness, non-infringement, rights’ status, or functionality of the scripts. The use of the shared scripts is at your own risk. Scripts are provided “AS IS”. *
File Type: Ps1
#Enable Bitlocker on C: Drive
Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes128 -UsedSpaceOnly -SkipHardwareTest -RecoveryPasswordProtector
#Backup Bitlocker Recovery Key to AD or AAD depending on if system is Azure / AD joined.
(Get-BitLockerVolume -MountPoint $volume.MountPoint).KeyProtector |
Where-Object {
$_.KeyProtectorType -eq 'RecoveryPassword'
} |
Foreach-Object {
$key = "$($_.KeyProtectorId)"
}
#Checks to see if system is domain joined - If AD Joined backs up to AD otherwise Backs up Recovery key to AAD.
if ((gwmi win32_computersystem).partofdomain -eq $true) {
Manage-BDE -Protectors -ADBackup C: -ID "$key"
}
else{
Manage-BDE -Protectors -AADBackup C: -ID "$key"
Technical Notes:
- Note that specific permissions and access rights are required to write the BitLocker recovery key to Active Directory. By default, only members of the Domain Admins group or the Enterprise Admins group have these permissions. Make sure to adjust the necessary permissions in Active Directory before running the script for a smooth backup process.
- The script uses the XtsAes128 encryption method.
- -ADBackup: parameter used to backup the recovery key to Active Directory if the system is domain joined.
- -AADBackup: parameter used to backup the recovery key to Azure Active Directory if the system is not domain joined.