New-CMTSStepOfflineEnableBitLocker

Create a Pre-provision BitLocker step, which you can add to a task sequence.

Syntax

New-CMTSStepOfflineEnableBitLocker
   [-Disk <Int32>]
   [-Drive <String>]
   [-EnableSkipWhenTpmInvalid <Boolean>]
   [-EncryptionMethod <DiskEncryptionMethod>]
   [-Partition <Int32>]
   [-VariableName <String>]
   [-Condition <IResultObject[]>]
   [-ContinueOnError]
   [-Description <String>]
   [-Disable]
   -Name <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

This cmdlet creates a new Pre-provision BitLocker step object. Then use the Add-CMTaskSequenceStep cmdlet to add the step to a task sequence. For more information on this task sequence step, see About task sequence steps.

Note

Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.

Examples

Example 1

This example creates an object for the Pre-provision BitLocker step to encrypt the C: drive.

It then gets a task sequence object, and adds this new step to the task sequence at index 11.

$step = New-CMTSStepOfflineEnableBitLocker -Name "Pre-provision BitLocker" -Drive "C:" -EncryptionMethod AES_256 -EnableSkipWhenTpmInvalid $false

$tsNameOsd = "Default OS deployment"
$tsOsd = Get-CMTaskSequence -Name $tsNameOsd -Fast

$tsOsd | Add-CMTaskSequenceStep -Step $step -InsertStepStartIndex 11

Parameters

-Condition

Specify a condition object to use with this step. To get this object, use one of the task sequence condition cmdlets. For example, Get-CMTSStepConditionVariable.

Type:IResultObject[]
Aliases:Conditions
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ContinueOnError

Add this parameter to enable the step option Continue on error. When you enable this option, if the step fails, the task sequence continues.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Description

Specify an optional description for this task sequence step.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Disable

Add this parameter to disable this task sequence step.

Type:SwitchParameter
Aliases:DisableThisStep
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableWildcardHandling

This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Disk

Specify the specific disk number to encrypt. Use this parameter with the -Partition parameter.

Type:Int32
Aliases:DestinationDisk
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Drive

Specify the logical drive letter to encrypt. For example, C:

Type:String
Aliases:DestinationDrive
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EnableSkipWhenTpmInvalid

Set this parameter to true to skip this step for computers that don't have a TPM or when the TPM isn't enabled.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EncryptionMethod

Applies to version 2006 and later. Use this parameter to specify the disk encryption mode. By default or if not specified, the step continues to use the default encryption method for the OS version.

Type:DiskEncryptionMethod
Aliases:DiskEncryptionMethod
Accepted values:DoNotSpecify, AES_128, AES_256, XTS_AES128, XTS_AES256, TotalCount
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ForceWildcardHandling

This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specify a name for this step to identify it in the task sequence.

Type:String
Aliases:StepName
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Partition

Specify the specific partition number to encrypt. Use this parameter with the -Disk parameter.

Type:Int32
Aliases:DestinationPartition
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-VariableName

Specify a task sequence variable to identify the logical drive letter as the destination for BitLocker.

Type:String
Aliases:DestinationVariable
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. It doesn't run the cmdlet.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

Outputs

IResultObject

Notes

For more information on this return object and its properties, see SMS_TaskSequence_OfflineEnableBitLockerAction server WMI class.