Automation Scripts

PowerShell Scripts for IT Operations and Security

EnableBitlockerSystemDriveC.ps1

This script checks BitLocker status on the system drive, enables encryption using TPM if available, and backs up the recovery key to Active Directory.

#Check TPM version 
$TPMver = Get-CIMInstance -class Win32_Tpm -namespace root\CIMV2\Security\MicrosoftTpm | Select SpecVersion
if ($TPMver -match '2.0') {
  $DRIVE = Get-BitLockerVolume -MountPoint 'c:'
  if ($DRIVE.VolumeStatus -eq 'FullyDecrypted') {
    Add-BitLockerKeyProtector -MountPoint 'c:' -RecoveryPasswordProtector
    Enable-Bitlocker -MountPoint 'c:' -TpmProtector
  }
} else {
  $DRIVE = Get-BitLockerVolume -MountPoint 'c:'
  if ($DRIVE.VolumeStatus -eq 'FullyDecrypted') {
    Add-BitLockerKeyProtector -MountPoint 'c:' -RecoveryPasswordProtector
    Enable-Bitlocker -MountPoint 'c:' -RecoveryPasswordProtector
  }
}
📥 Download Full Script

EnableBitlockerDataDriveD.ps1

This script detects and encrypts data drives (D:, E:, F:) and enables auto-unlock if the system drive is already encrypted.

$DRIVEd = Get-BitLockerVolume -MountPoint 'd:'
$DRIVEe = Get-BitLockerVolume -MountPoint 'e:'
$DRIVEf = Get-BitLockerVolume -MountPoint 'f:'
$DRIVE = Get-BitLockerVolume -MountPoint 'c:'

if ($DRIVEd.volumeStatus -eq 'FullyDecrypted' -and $DRIVE.volumestatus -eq 'FullyEncrypted') {
  Add-BitLockerKeyProtector -MountPoint 'd:' -RecoveryPasswordProtector
  Enable-Bitlocker -MountPoint 'd:' -RecoveryPasswordProtector
  Enable-BitLockerAutoUnlock -MountPoint 'd:'
}
# Repeat for E: and F:
📥 Download Full Script