|
1 | 1 | [](https://ci.appveyor.com/project/PowerShell/xbitlocker/branch/master) |
2 | 2 |
|
3 | 3 | # xBitlocker |
| 4 | +The** xBitlocker** module is a part of the Windows PowerShell Desired State Configuration (DSC) Resource Kit, which is a collection of DSC Resources produced by the PowerShell Team. |
| 5 | +This module contains the **xBLAutoBitlocker, xBLBitlocker, xBLTpm** resources. |
| 6 | +This DSC Module allows you to configure Bitlocker on a single disk, configure a TPM chip, or automatically enable Bitlocker on multiple disks. |
4 | 7 |
|
5 | | -{{Description}} |
| 8 | +**All of the resources in the DSC Resource Kit are provided AS IS, and are not supported through any Microsoft standard support program or service. |
| 9 | +The ""x" in xBitlocker stands for experimental**, which means that these resources will be **fix forward** and monitored by the module owner(s). |
| 10 | + |
| 11 | +If you would like to modify **xBitlocker** module, feel free. |
| 12 | +When modifying, please update the module name, resource friendly name, and MOF class name (instructions below). |
| 13 | +As specified in the license, you may copy or modify this resource as long as they are used on the Windows Platform. |
6 | 14 |
|
7 | 15 | ## Contributing |
8 | 16 | Please check out common DSC Resources [contributing guidelines](https://github.com/PowerShell/DscResource.Kit/blob/master/CONTRIBUTING.md). |
| 17 | + |
| 18 | +## Installation |
| 19 | + |
| 20 | +To install **xBitlocker** module |
| 21 | + |
| 22 | +* Unzip the content under $env:ProgramFiles\WindowsPowerShell\Modules folder |
| 23 | + |
| 24 | +To confirm installation: |
| 25 | + |
| 26 | +* Run **Get-DSCResource** to see that **xBLAutoBitlocker, xBLBitlocker, xBLTpm** are among the DSC Resources listed |
| 27 | + |
| 28 | +## Requirements |
| 29 | + |
| 30 | +This module requires that both the 'Bitlocker' and 'RSAT-Feature-Tools-Bitlocker' features are installed. |
| 31 | +It also requires the latest version of PowerShell (v4.0, which ships in Windows 8.1 or Windows Server 2012R2). |
| 32 | +To easily use PowerShell 4.0 on older operating systems, [<span style="color:#0000ff">install WMF 4.0](http://www.microsoft.com/en-us/download/details.aspx?id=40855). |
| 33 | +Please read the installation instructions that are present on both the download page and the release notes for WMF 4.0. |
| 34 | + |
| 35 | +## Description |
| 36 | + |
| 37 | +The **xBitlocker ** module contains the **xBLAutoBitlocker, xBLBitlocker, xBLTpm** DSC Resources. |
| 38 | +This DSC Module allows you to configure Bitlocker on a single disk, configure a TPM chip, or automatically enable Bitlocker on multiple disks. |
| 39 | + |
| 40 | +## Resources |
| 41 | + |
| 42 | +**xBLAutoBitlocker** is used to automatically enable Bitlocker on drives of type Fixed or Removable. |
| 43 | +It does not work on Operating System drives. |
| 44 | +**xBLAutoBitlocker** has the following properties. |
| 45 | +Where no description is listed, properties correspond directly to [Enable-Bitlocker](http://technet.microsoft.com/en-us/library/jj649837.aspx) parameters. |
| 46 | + |
| 47 | +* *DriveType:The type of volume, as reported by Get-Volume, to auto apply Bitlocker to |
| 48 | +* *PrimaryProtector:The primary protector type to be used for AutoBitlocker. |
| 49 | +Valid values are: "AdAccountOrGroupProtector", "PasswordProtector", "Pin", "RecoveryKeyProtector", "RecoveryPasswordProtector", "StartupKeyProtector", or "TpmProtector" |
| 50 | +* MinDiskCapacityGB:If specified, only disks this size or greater will auto apply Bitlocker |
| 51 | +* AutoUnlock:Whether volumes should be enabled for auto unlock using Enable-BitlockerAutoUnlock |
| 52 | +* AdAccountOrGroup |
| 53 | +* AdAccountOrGroupProtector |
| 54 | +* EncryptionMethod |
| 55 | +* HardwareEncryption |
| 56 | +* Password |
| 57 | +* PasswordProtector |
| 58 | +* Pin |
| 59 | +* RecoveryKeyPath |
| 60 | +* RecoveryKeyProtector |
| 61 | +* RecoveryPasswordProtector |
| 62 | +* Service |
| 63 | +* SkipHardwareTest |
| 64 | +* StartupKeyPath |
| 65 | +* StartupKeyProtector |
| 66 | +* TpmProtector |
| 67 | +* UsedSpaceOnly |
| 68 | + |
| 69 | +**xBLBitlocker** has the following properties. |
| 70 | +Where no description is listed, properties correspond directly to [Enable-Bitlocker](http://technet.microsoft.com/en-us/library/jj649837.aspx) parameters. |
| 71 | + |
| 72 | +* *MountPoint:The MountPoint name as reported in Get-BitLockerVolume |
| 73 | +* *PrimaryProtector:The primary protector type to be used for AutoBitlocker. |
| 74 | +Valid values are: "AdAccountOrGroupProtector", "PasswordProtector", "Pin", "RecoveryKeyProtector", "RecoveryPasswordProtector", "StartupKeyProtector", or "TpmProtector" |
| 75 | +* AutoUnlock:Whether volumes should be enabled for auto unlock using Enable-BitlockerAutoUnlock |
| 76 | +* AllowImmediateReboot:Whether the computer can be immediately rebooted after enabling Bitlocker on an OS drive. |
| 77 | +Defaults to false. |
| 78 | + |
| 79 | +* AdAccountOrGroup |
| 80 | +* AdAccountOrGroupProtector |
| 81 | +* EncryptionMethod |
| 82 | +* HardwareEncryption |
| 83 | +* Password |
| 84 | +* PasswordProtector |
| 85 | +* Pin |
| 86 | +* RecoveryKeyPath |
| 87 | +* RecoveryKeyProtector |
| 88 | +* RecoveryPasswordProtector |
| 89 | +* Service |
| 90 | +* SkipHardwareTest |
| 91 | +* StartupKeyPath |
| 92 | +* StartupKeyProtector |
| 93 | +* TpmProtector |
| 94 | +* UsedSpaceOnly |
| 95 | + |
| 96 | +**xBLTpm** is used to initialize a TPM chip using [Initialize-TPM](http://technet.microsoft.com/en-us/library/jj603112.aspx). |
| 97 | +**xBLTpm** has the following properties. |
| 98 | + |
| 99 | +* *Identity:Not actually used, so could be anything |
| 100 | +* AllowClear:Indicates that the provisioning process clears the TPM, if necessary, to move the TPM closer to complying with Windows Server® 2012 standards |
| 101 | +* AllowPhysicalPresence:Indicates that the provisioning process may send physical presence commands that require a user to be present in order to continue. |
| 102 | + |
| 103 | +* AllowImmediateReboot:Whether the computer can rebooted immediately after initializing the TPM |
| 104 | + |
| 105 | +## Versions |
| 106 | + |
| 107 | +1.0.0.0 |
| 108 | + |
| 109 | +* Initial release with the following resources |
| 110 | + * xBLAutoBitlocker |
| 111 | + * xBLBitlocker |
| 112 | + * xBLTpm |
| 113 | + |
| 114 | +## Examples |
| 115 | + |
| 116 | +### [ConfigureBitlockerOnOSDrive](Examples/ConfigureBitlockerOnOSDrive) |
| 117 | + |
| 118 | + This example enables Bitlocker on an Operating System drive. |
| 119 | +The example code for ConfigureBitlockerOnOSDrive is located in [`ConfigureBitlockerOnOSDrive.ps1`](Examples/ConfigureBitlockerOnOSDrive/ConfigureBitlockerOnOSDrive.ps1). |
| 120 | + |
| 121 | +### [ConfigureBitlockerAndAutoBitlocker](Examples/ConfigureBitlockerAndAutoBitlocker) |
| 122 | + |
| 123 | +Enables Bitlocker on an Operating System drive, and automatically enables Bitlocker on all drives of type 'Fixed'. |
| 124 | +The example code for ConfigureBitlockerAndAutoBitlocker is located in [`ConfigureBitlockerAndAutoBitlocker.ps1`](Examples/ConfigureBitlockerAndAutoBitlocker/ConfigureBitlockerAndAutoBitlocker.ps1). |
| 125 | + |
0 commit comments