Powershell Bitlocker

如何通过Powershell给Bitlocker解锁。可以使用Win32_EncryptableVolume类进行操作。
本篇主要包括:

• 通过 Win32_EncryptableVolume 类显示分区信息
• 通过ProtectionStatus过滤设置了Bitlocker的分区
• 查看Win32_EncryptableVolume 类支持的方法
• 通过UnlockWithPassPhrase()方法解锁
• 通过lock()方法重新上锁

根据 Win32_EncryptableVolume 类显示分区信息

PS C:> $disks=get-wmiobject -namespace rootCIMv2SecurityMicrosoftVolumeEncryption -class Win32_EncryptableVolume
PS C:> $disks | Select DeviceID,DriveLetter,PersistentVolumeID,ProtectionStatus  | fl

DeviceID           : ?Volume{d0b1d4c4-6270-11e1-ae1b-806e6f6e6963}
DriveLetter        : C:
PersistentVolumeID :
ProtectionStatus   : 0

DeviceID           : ?Volume{dfd7f9e2-68e8-11e1-9f44-e83935391b99}
DriveLetter        : E:
PersistentVolumeID : {A46928EC-DD5A-4113-A803-F9575607C7C9}
ProtectionStatus   : 1

通过ProtectionStatus过滤设置了Bitlocker的分区

PS C:> $disks |where {$_.ProtectionStatus -eq 2}

__GENUS            : 2
__CLASS            : Win32_EncryptableVolume
__SUPERCLASS       :
__DYNASTY          : Win32_EncryptableVolume
__RELPATH          : Win32_EncryptableVolume.DeviceID="\?Volume{dfd7f9e2-68e8-11e1-9f44-e83935391b99}"
__PROPERTY_COUNT   : 4
__DERIVATION       : {}
__SERVER           : CDM-V-BALI-01
__NAMESPACE        : rootCIMv2SecurityMicrosoftVolumeEncryption
__PATH             : CDM-V-BALI-01rootCIMv2SecurityMicrosoftVolumeEncryption:Win32_EncryptableVolume.DeviceID="
                     ?Volume{dfd7f9e2-68e8-11e1-9f44-e83935391b99}"
DeviceID           : ?Volume{dfd7f9e2-68e8-11e1-9f44-e83935391b99}
DriveLetter        : E:
PersistentVolumeID : {A46928EC-DD5A-4113-A803-F9575607C7C9}
ProtectionStatus   : 2

查看Win32_EncryptableVolume 类支持的方法

PS C:> $disks[1] | Get-Member -MemberType method | select Name

Name
----
BackupRecoveryInformationToActiveDirectory
ChangeExternalKey
ChangePassPhrase
ChangePIN
ClearAllAutoUnlockKeys
Decrypt
DeleteKeyProtector
DeleteKeyProtectors
DisableAutoUnlock
DisableKeyProtectors
EnableAutoUnlock
EnableKeyProtectors
Encrypt
EncryptAfterHardwareTest
FindValidCertificates
GetConversionStatus
GetEncryptionMethod
GetExternalKeyFileName
GetExternalKeyFromFile
GetHardwareTestStatus
GetIdentificationField
GetKeyPackage
GetKeyProtectorCertificate
GetKeyProtectorExternalKey
GetKeyProtectorFriendlyName
GetKeyProtectorNumericalPassword
GetKeyProtectorPlatformValidationProfile
GetKeyProtectors
GetKeyProtectorType
GetLockStatus
GetProtectionStatus
GetVersion
IsAutoUnlockEnabled
IsAutoUnlockKeyStored
IsKeyProtectorAvailable
Lock
PauseConversion
PrepareVolume
ProtectKeyWithCertificateFile
ProtectKeyWithCertificateThumbprint
ProtectKeyWithExternalKey
ProtectKeyWithNumericalPassword
ProtectKeyWithPassPhrase
ProtectKeyWithTPM
ProtectKeyWithTPMAndPIN
ProtectKeyWithTPMAndPINAndStartupKey
ProtectKeyWithTPMAndStartupKey
ResumeConversion
SaveExternalKeyToFile
SetIdentificationField
UnlockWithCertificateFile
UnlockWithCertificateThumbprint
UnlockWithExternalKey
UnlockWithNumericalPassword
UnlockWithPassPhrase

通过UnlockWithPassPhrase()方法解锁

PS C:> $bitlockerdisk= $disks |where {$_.ProtectionStatus -eq 2}

PS C:> $bitlockerdisk.UnlockWithPassPhrase("password")

__GENUS          : 2
__CLASS          : __PARAMETERS
__SUPERCLASS     :
__DYNASTY        : __PARAMETERS
__RELPATH        :
__PROPERTY_COUNT : 1
__DERIVATION     : {}
__SERVER         :
__NAMESPACE      :
__PATH           :
ReturnValue      : 0

通过lock()方法重新上锁

PS C:> $bitlockerdisk.lock(1)