Site icon TOSS

BitLocker

powershell

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.

BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline.

BitLocker Module will be not installed by default. You want to install them manually. Below are the steps to install them Manually.

We can Install Bit Locker Module in 2 ways one is through the PowerShell (Using Server Module and Dism Module) and another one is through Server Manager Tool(GUI)

Installing BitLocker Module through Powershell(CLI)

Server Module

Go to PowerShell With Administrator access. Give the below command

Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -Restart

The above command to complete a full installation of the BitLocker feature with all available features and then rebooting the server at completion.

Dism Module

Enable-WindowsOptionalFeature -Online -FeatureName BitLocker, BitLocker-Utilities -All

The Above command installs the Bit Locker and all available management tools. If you don’t required Management tools you can remove “Bitlocker-Utilities“. This command will prompt the user for a reboot the machine.

Installing Bit Locker through Server Manager Tool GUI

Click on Start > Server Manager > Manage > Add Roles and Features

We don’t select Server Roles, as Bit Locker is an Feature

Select the Bit Locker Drive Encryption. You can Also enable the Bit locker Network Encryption which helps you in Network-based key protector.

When you select Bit Locker Drive Encryption the additional features will also be selected.

As the additional Features required the WDS(Windows Deployment Service) it will ask for that also to be installed.

Confirmation will provides the list of features which are been installed on the server. In this some are additional for Managing Bit locker. If you don’t required you can un-select them and install only the required features based on your requirement.

Once You have completed with the Above Procedure GUI or Powershell we can use the below

Click on any of the cmdlet or description to get more details

Add-BitLockerKeyProtectorAdds a key protector for a Bit Locker volume.
Backup-BitLockerKeyProtectorSaves a key protector for a Bit Locker volume in AD DS.
Clear-BitLockerAutoUnlockRemoves Bit Locker automatic unlocking keys.
Disable-BitLockerDisables Bit Locker encryption for a volume.
Disable-BitLockerAutoUnlockDisables automatic unlocking for a Bit Locker volume.
Enable-BitLockerEnables encryption for a Bit Locker volume.
Enable-BitLockerAutoUnlockEnables automatic unlocking for a Bit Locker volume.
Get-BitLockerVolumeGets information about volumes that Bit Locker can protect.
Lock-BitLockerPrevents access to encrypted data on a Bit Locker volume.
Remove-BitLockerKeyProtectorRemoves a key protector for a Bit Locker volume.
Resume-BitLockerRestores Bit locker encryption for the specified volume.
Suspend-BitLockerSuspends Bit locker encryption for the specified volume.
Unlock-BitLockerRestores access to data on a Bit Locker volume.

Click on this Link for an Single place where you get all the PowerShell cmdlet sorted based on the modules.

You can also refer other blogs on PowerShell at link

You can also refer other blogs on Microsoft at link

And also if you required any technology you want to learn, let us know below we will publish them in our site http://tossolution.com/

Like our page in Facebook and follow us for New technical information. Paragraph

References are taken from official Microsoft websites

Exit mobile version