Detect if BitLocker Protection Status is 0, enable
hi,
i tested each command separately , works.
1. use enter-pssession -computername dcblt222
2. manage-bde.exe -status c:
protection status: protection off
3. manage-bde.exe –protectors –enable c:
protection status: protection on
i run against 100 laptops. script below shows error:
a. .\manage-bde.exe-protectors-enable c:
error: error occurred (code 0x8004100e):
invalid namespace
b. resume-bitlocker -mountpoint "c:"
get-ciminstance : invalid namespace
at c:\windows\system32\windowspowershell\v1.0\modules\bitlocker\bitlocker.psm1:
146 char:13
+ get-ciminstance `
+ ~~~~~~~~~~~~~~~~~
+ categoryinfo : metadataerror: (root\cimv2\secu...cryptablevolum
e:string) [get-ciminstance], cimexception
+ fullyqualifiederrorid : hresult 0x8004100e,microsoft.management.infrastr
ucture.cimcmdlets.getciminstancecommand
get-win32encryptablevolumeinternal : c: not have associated bitlocker
volume.
at c:\windows\system32\windowspowershell\v1.0\modules\bitlocker\bitlocker.psm1:
358 char:35
+ ... blevolume = get-win32encryptablevolumeinternal -mountpoint $mountpoin ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ categoryinfo : notspecified: (:) [write-error], comexception
+ fullyqualifiederrorid : system.runtime.interopservices.comexception,get-
win32encryptablevolumeinternal
__________________________________________________________________
script:
$computer="dcblt222"
if(test-connection-computername$computer-quiet) {
if($encryption_check_all=get-wmiobject-computername$computer-namespace"root/cimv2/security/microsoftvolumeencryption"`
-query"select * win32_encryptablevolume driveletter='c:'"|select-object*){
$protection_check=$encryption_check_all.protectionstatus
$protection_check
}
if($protection_check-eq"0"){
.\manage-bde.exe-protectors-enablec:
#resume-bitlocker -mountpoint "c:"
}
}
else{}
figured out. andy.
-scriptblock {& 'manage-bde.exe' -protectors -enable c: }
Windows Server > Windows PowerShell
Comments
Post a Comment