Skip to content

Commit 78ad3b1

Browse files
PowerShellTeamPowerShellTeam
committed
Transfer development to github
0 parents  commit 78ad3b1

File tree

15 files changed

+1826
-0
lines changed

15 files changed

+1826
-0
lines changed

DSCResources/MSFT_xBLAutoBitlocker/MSFT_xBLAutoBitlocker.psm1

Lines changed: 322 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,322 @@
1+
function Get-TargetResource
2+
{
3+
[CmdletBinding()]
4+
[OutputType([System.Collections.Hashtable])]
5+
param
6+
(
7+
[parameter(Mandatory = $true)]
8+
[ValidateSet("Fixed","Removable")]
9+
[System.String]
10+
$DriveType,
11+
12+
[System.Int32]
13+
$MinDiskCapacityGB,
14+
15+
[ValidateSet("AdAccountOrGroupProtector","PasswordProtector","Pin","RecoveryKeyProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector")]
16+
[parameter(Mandatory = $true)]
17+
[System.String]
18+
$PrimaryProtector,
19+
20+
[System.String]
21+
$AdAccountOrGroup,
22+
23+
[System.Boolean]
24+
$AdAccountOrGroupProtector,
25+
26+
[System.Boolean]
27+
$AutoUnlock = $false,
28+
29+
[ValidateSet("Aes128","Aes256")]
30+
[System.String]
31+
$EncryptionMethod,
32+
33+
[System.Boolean]
34+
$HardwareEncryption,
35+
36+
[System.Management.Automation.PSCredential]
37+
$Password,
38+
39+
[System.Boolean]
40+
$PasswordProtector,
41+
42+
[System.Management.Automation.PSCredential]
43+
$Pin,
44+
45+
[System.String]
46+
$RecoveryKeyPath,
47+
48+
[System.Boolean]
49+
$RecoveryKeyProtector,
50+
51+
[System.Boolean]
52+
$RecoveryPasswordProtector,
53+
54+
[System.Boolean]
55+
$Service,
56+
57+
[System.Boolean]
58+
$SkipHardwareTest,
59+
60+
[System.String]
61+
$StartupKeyPath,
62+
63+
[System.Boolean]
64+
$StartupKeyProtector,
65+
66+
[System.Boolean]
67+
$TpmProtector,
68+
69+
[System.Boolean]
70+
$UsedSpaceOnly
71+
)
72+
73+
#Load helper module Import-Module "$((Get-Item -LiteralPath "$($PSScriptRoot)").Parent.Parent.FullName)\Misc\xBitlockerCommon.psm1" -Verbose:0
74+
75+
CheckForPreReqs
76+
77+
#First get all Bitlocker Volumes of type Data
78+
$allBlvs = Get-BitLockerVolume | where {$_.VolumeType -eq "Data"}
79+
80+
#Filter on size if it was specified
81+
if ($PSBoundParameters.ContainsKey("MinDiskCapacityGB"))
82+
{
83+
$allBlvs = $allBlvs | where {$_.CapacityGB -ge $MinDiskCapacityGB}
84+
}
85+
86+
#Now find disks of the appropriate drive type, and add them to the collection
87+
if ($allBlvs -ne $null)
88+
{
89+
[Hashtable]$returnValue = @{}
90+
91+
foreach ($blv in $allBlvs)
92+
{
93+
$vol = $null
94+
$vol = Get-Volume -Path $blv.MountPoint -ErrorAction SilentlyContinue | where {$_.DriveType -like $DriveType}
95+
96+
if ($vol -ne $null)
97+
{
98+
[Hashtable]$props = @{
99+
VolumeStatus = $blv.VolumeStatus
100+
KeyProtectors = $blv.KeyProtector
101+
EncryptionMethod = $blv.EncryptionMethod
102+
}
103+
104+
$returnValue.Add($blv.MountPoint, $props)
105+
}
106+
}
107+
}
108+
109+
$returnValue
110+
}
111+
112+
function Set-TargetResource
113+
{
114+
[CmdletBinding()]
115+
param
116+
(
117+
[parameter(Mandatory = $true)]
118+
[ValidateSet("Fixed","Removable")]
119+
[System.String]
120+
$DriveType,
121+
122+
[System.Int32]
123+
$MinDiskCapacityGB,
124+
125+
[ValidateSet("AdAccountOrGroupProtector","PasswordProtector","Pin","RecoveryKeyProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector")]
126+
[parameter(Mandatory = $true)]
127+
[System.String]
128+
$PrimaryProtector,
129+
130+
[System.String]
131+
$AdAccountOrGroup,
132+
133+
[System.Boolean]
134+
$AdAccountOrGroupProtector,
135+
136+
[System.Boolean]
137+
$AutoUnlock = $false,
138+
139+
[ValidateSet("Aes128","Aes256")]
140+
[System.String]
141+
$EncryptionMethod,
142+
143+
[System.Boolean]
144+
$HardwareEncryption,
145+
146+
[System.Management.Automation.PSCredential]
147+
$Password,
148+
149+
[System.Boolean]
150+
$PasswordProtector,
151+
152+
[System.Management.Automation.PSCredential]
153+
$Pin,
154+
155+
[System.String]
156+
$RecoveryKeyPath,
157+
158+
[System.Boolean]
159+
$RecoveryKeyProtector,
160+
161+
[System.Boolean]
162+
$RecoveryPasswordProtector,
163+
164+
[System.Boolean]
165+
$Service,
166+
167+
[System.Boolean]
168+
$SkipHardwareTest,
169+
170+
[System.String]
171+
$StartupKeyPath,
172+
173+
[System.Boolean]
174+
$StartupKeyProtector,
175+
176+
[System.Boolean]
177+
$TpmProtector,
178+
179+
[System.Boolean]
180+
$UsedSpaceOnly
181+
)
182+
183+
#Load helper module Import-Module "$((Get-Item -LiteralPath "$($PSScriptRoot)").Parent.Parent.FullName)\Misc\xBitlockerCommon.psm1" -Verbose:0
184+
185+
CheckForPreReqs
186+
187+
$autoBlVols = Get-TargetResource @PSBoundParameters
188+
189+
if ($autoBlVols -eq $null)
190+
{
191+
throw "No Auto Bitlocker volumes were found"
192+
}
193+
else
194+
{
195+
RemoveParameters -PSBoundParametersIn $PSBoundParameters -ParamsToRemove "DriveType","MinDiskCapacityGB"
196+
AddParameters -PSBoundParametersIn $PSBoundParameters -ParamsToAdd @{"MountPoint" = ""}
197+
198+
#Loop through each potential AutoBitlocker volume, see whether they are enabled for Bitlocker, and if not, enable it
199+
foreach ($key in $autoBlVols.Keys)
200+
{
201+
$PSBoundParameters["MountPoint"] = $key
202+
203+
$testResult = TestBitlocker @PSBoundParameters
204+
205+
if ($testResult -eq $false)
206+
{
207+
EnableBitlocker @PSBoundParameters -VerbosePreference $VerbosePreference
208+
}
209+
}
210+
}
211+
}
212+
213+
214+
function Test-TargetResource
215+
{
216+
[CmdletBinding()]
217+
[OutputType([System.Boolean])]
218+
param
219+
(
220+
[parameter(Mandatory = $true)]
221+
[ValidateSet("Fixed","Removable")]
222+
[System.String]
223+
$DriveType,
224+
225+
[System.Int32]
226+
$MinDiskCapacityGB,
227+
228+
[ValidateSet("AdAccountOrGroupProtector","PasswordProtector","Pin","RecoveryKeyProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector")]
229+
[parameter(Mandatory = $true)]
230+
[System.String]
231+
$PrimaryProtector,
232+
233+
[System.String]
234+
$AdAccountOrGroup,
235+
236+
[System.Boolean]
237+
$AdAccountOrGroupProtector,
238+
239+
[System.Boolean]
240+
$AutoUnlock = $false,
241+
242+
[ValidateSet("Aes128","Aes256")]
243+
[System.String]
244+
$EncryptionMethod,
245+
246+
[System.Boolean]
247+
$HardwareEncryption,
248+
249+
[System.Management.Automation.PSCredential]
250+
$Password,
251+
252+
[System.Boolean]
253+
$PasswordProtector,
254+
255+
[System.Management.Automation.PSCredential]
256+
$Pin,
257+
258+
[System.String]
259+
$RecoveryKeyPath,
260+
261+
[System.Boolean]
262+
$RecoveryKeyProtector,
263+
264+
[System.Boolean]
265+
$RecoveryPasswordProtector,
266+
267+
[System.Boolean]
268+
$Service,
269+
270+
[System.Boolean]
271+
$SkipHardwareTest,
272+
273+
[System.String]
274+
$StartupKeyPath,
275+
276+
[System.Boolean]
277+
$StartupKeyProtector,
278+
279+
[System.Boolean]
280+
$TpmProtector,
281+
282+
[System.Boolean]
283+
$UsedSpaceOnly
284+
)
285+
286+
#Load helper module Import-Module "$((Get-Item -LiteralPath "$($PSScriptRoot)").Parent.Parent.FullName)\Misc\xBitlockerCommon.psm1" -Verbose:0
287+
288+
CheckForPreReqs
289+
290+
$autoBlVols = Get-TargetResource @PSBoundParameters
291+
292+
if ($autoBlVols -eq $null)
293+
{
294+
return $false
295+
}
296+
else
297+
{
298+
RemoveParameters -PSBoundParametersIn $PSBoundParameters -ParamsToRemove "DriveType","MinDiskCapacityGB"
299+
AddParameters -PSBoundParametersIn $PSBoundParameters -ParamsToAdd @{"MountPoint" = ""}
300+
301+
#Check whether any potential AutoBitlocker volume is not currently enabled for Bitlocker, or doesn't have the correct settings
302+
foreach ($key in $autoBlVols.Keys)
303+
{
304+
$PSBoundParameters["MountPoint"] = $key
305+
306+
$testResult = TestBitlocker @PSBoundParameters -VerbosePreference $VerbosePreference
307+
308+
if ($testResult -eq $false)
309+
{
310+
return $testResult
311+
}
312+
}
313+
}
314+
315+
return $true
316+
}
317+
318+
319+
Export-ModuleMember -Function *-TargetResource
320+
321+
322+

DSCResources/MSFT_xBLAutoBitlocker/MSFT_xBLAutoBitlocker.schema.mof

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
2+
[ClassVersion("1.0.0.0"), FriendlyName("xBLAutoBitlocker")]
3+
class MSFT_xBLAutoBitlocker : OMI_BaseResource
4+
{
5+
//Used to automatically enable Bitlocker on drives of type Fixed or Removable. Does not work on Operating System drives.
6+
7+
[Key, ValueMap{"Fixed","Removable"}, Values{"Fixed","Removable"}] String DriveType; //The type of volume, as reported by Get-Volume, to auto apply Bitlocker to
8+
[Write] Sint32 MinDiskCapacityGB; //If specified, only disks this size or greater will auto apply Bitlocker
9+
[Required, ValueMap{"AdAccountOrGroupProtector","PasswordProtector","Pin","RecoveryKeyProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector"}, Values{"AdAccountOrGroupProtector","PasswordProtector","Pin","RecoveryKeyProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector"}] String PrimaryProtector;
10+
[Write] Boolean AutoUnlock; //Whether volumes should be enabled for auto unlock using Enable-BitlockerAutoUnlock
11+
12+
//Remaing properties correspond directly to Enable-Bitlocker parameters
13+
//http://technet.microsoft.com/en-us/library/jj649837.aspx
14+
[Write] String AdAccountOrGroup;
15+
[Write] Boolean AdAccountOrGroupProtector;
16+
[Write, ValueMap{"Aes128","Aes256"}, Values{"Aes128","Aes256"}] String EncryptionMethod;
17+
[Write] Boolean HardwareEncryption;
18+
[Write, EmbeddedInstance("MSFT_Credential")] String Password; //NOTE: Username doesn't matter for the credential. Just put the Password in the Password field
19+
[Write] Boolean PasswordProtector;
20+
[Write, EmbeddedInstance("MSFT_Credential")] String Pin; //NOTE: Username doesn't matter for the credential. Just put the Pin in the Password field
21+
[Write] String RecoveryKeyPath;
22+
[Write] Boolean RecoveryKeyProtector;
23+
[Write] Boolean RecoveryPasswordProtector;
24+
[Write] Boolean Service;
25+
[Write] Boolean SkipHardwareTest;
26+
[Write] String StartupKeyPath;
27+
[Write] Boolean StartupKeyProtector;
28+
[Write] Boolean TpmProtector;
29+
[Write] Boolean UsedSpaceOnly;
30+
};
31+
32+
33+

0 commit comments

Comments
 (0)