New-CMTSStepOfflineEnableBitLocker
Create a Pre-provision BitLocker step, which you can add to a task sequence.
Syntax
New-CMTSStepOfflineEnableBitLocker
[-Disk <Int32>]
[-Drive <String>]
[-EnableSkipWhenTpmInvalid <Boolean>]
[-EncryptionMethod <DiskEncryptionMethod>]
[-Partition <Int32>]
[-VariableName <String>]
[-Condition <IResultObject[]>]
[-ContinueOnError]
[-Description <String>]
[-Disable]
-Name <String>
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
This cmdlet creates a new Pre-provision BitLocker step object. Then use the Add-CMTaskSequenceStep cmdlet to add the step to a task sequence. For more information on this task sequence step, see About task sequence steps.
Note
Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>
. For more information, see getting started.
Examples
Example 1
This example creates an object for the Pre-provision BitLocker step to encrypt the C: drive.
It then gets a task sequence object, and adds this new step to the task sequence at index 11.
$step = New-CMTSStepOfflineEnableBitLocker -Name "Pre-provision BitLocker" -Drive "C:" -EncryptionMethod AES_256 -EnableSkipWhenTpmInvalid $false
$tsNameOsd = "Default OS deployment"
$tsOsd = Get-CMTaskSequence -Name $tsNameOsd -Fast
$tsOsd | Add-CMTaskSequenceStep -Step $step -InsertStepStartIndex 11
Parameters
-Condition
Specify a condition object to use with this step. To get this object, use one of the task sequence condition cmdlets. For example, Get-CMTSStepConditionVariable.
Type: | IResultObject[] |
Aliases: | Conditions |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ContinueOnError
Add this parameter to enable the step option Continue on error. When you enable this option, if the step fails, the task sequence continues.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Description
Specify an optional description for this task sequence step.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Disable
Add this parameter to disable this task sequence step.
Type: | SwitchParameter |
Aliases: | DisableThisStep |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Disk
Specify the specific disk number to encrypt. Use this parameter with the -Partition parameter.
Type: | Int32 |
Aliases: | DestinationDisk |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Drive
Specify the logical drive letter to encrypt. For example, C:
Type: | String |
Aliases: | DestinationDrive |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-EnableSkipWhenTpmInvalid
Set this parameter to true
to skip this step for computers that don't have a TPM or when the TPM isn't enabled.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-EncryptionMethod
Applies to version 2006 and later. Use this parameter to specify the disk encryption mode. By default or if not specified, the step continues to use the default encryption method for the OS version.
Type: | DiskEncryptionMethod |
Aliases: | DiskEncryptionMethod |
Accepted values: | DoNotSpecify, AES_128, AES_256, XTS_AES128, XTS_AES256, TotalCount |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Name
Specify a name for this step to identify it in the task sequence.
Type: | String |
Aliases: | StepName |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Partition
Specify the specific partition number to encrypt. Use this parameter with the -Disk parameter.
Type: | Int32 |
Aliases: | DestinationPartition |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-VariableName
Specify a task sequence variable to identify the logical drive letter as the destination for BitLocker.
Type: | String |
Aliases: | DestinationVariable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. It doesn't run the cmdlet.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
None
Outputs
IResultObject
Notes
For more information on this return object and its properties, see SMS_TaskSequence_OfflineEnableBitLockerAction server WMI class.