<# # It is recommended to test the script on a local machine for its purpose and effects. # Endpoint Central will not be responsible for any # damage/loss to the data/setup based on the behavior of the script. # Description: Script To enable remote locking of a misplaced Windows machine using BitLocker. # Caution: Please review the following article before proceeding with the script: https://www.manageengine.com/products/desktop-central/remotely-lock-windows-computer.html # Configuration Type - COMPUTER # Note: By default, the BitLocker password is set to "password". If needed, the customer can hardcode their desired password. For example, if the intended passcode is 1234567, update the script as follows: $password = "1234567" # Script Logging file will be store in C:\BlmLockScriptOutput.txt #> #Logging start time Get-Date >> C:\BlmLockScriptOutput.txt #Removing the existing if((Test-Path HKLM:\SOFTWARE\Policies\Microsoft\FVE) -eq $True){ Remove-Item HKLM:\SOFTWARE\Policies\Microsoft\FVE -Recurse >> C:\BlmLockScriptOutput.txt Write-Output "Log : FVE Deleted" >> C:\BlmLockScriptOutput.txt } #Enabling Password protector support. if((Test-Path HKLM:\SOFTWARE\Policies\Microsoft\FVE) -eq $False){ New-Item -Path HKLM:\SOFTWARE\Policies\Microsoft\FVE >> C:\BlmLockScriptOutput.txt } New-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\FVE -Name UseAdvancedStartup -PropertyType DWord -Value 1 -Force >> C:\BlmLockScriptOutput.txt New-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\FVE -Name EnableBDEWithNoTPM -PropertyType DWord -Value 1 -Force >> C:\BlmLockScriptOutput.txt Write-Output "Log : Enabled Password protector" >> C:\BlmLockScriptOutput.txt #Printing status Write-Output "Log : Drive status before script" manage-bde -status >> C:\BlmLockScriptOutput.txt Write-Output "Log : Drive status prited" #Removing Existing Protectors. manage-bde -protectors -delete c: >> C:\BlmLockScriptOutput.txt Write-Output "Log : Deleted Existing Protectors" >> C:\BlmLockScriptOutput.txt #Adding Password. (Hardcode the password in the below area) $password = "password" $SecureString = ConvertTo-SecureString $password -AsPlainText -Force Add-BitLockerKeyProtector -MountPoint "C:" -PasswordProtector -password $SecureString >> C:\BlmLockScriptOutput.txt Write-Output "Log : Password Added" >> C:\BlmLockScriptOutput.txt #Starting Encryption. manage-bde -on c: -skiphardwaretest >> C:\BlmLockScriptOutput.txt Write-Output "Log : Bitlocker Encryption started" >> C:\BlmLockScriptOutput.txt #Printing status Write-Output "Log : Drive status after script" manage-bde -status >> C:\BlmLockScriptOutput.txt Write-Output "Log : Drive status prited" #Initiating Shutdown shutdown /s /f >> C:\BlmLockScriptOutput.txt Write-Output "Log : Shutdown Initiated" >> C:\BlmLockScriptOutput.txt #Logging end time Get-Date >> C:\BlmLockScriptOutput.txt