Write-MbamComputerUser
Writes a set of users to a computer's Trusted Platform Module (TPM) owner authorization and each of the currently known computer's encrypted volumes.
Syntax
Write-MbamComputerUser
-ComputerUser <String[]>
-Computer <String>
-RecoveryServiceEndPoint <Uri>
[-RetryCount <Int32>]
[-RetryIntervalSeconds <Int32>]
[-Force]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Write-MbamComputerUser cmdlet writes a set of users to a computer's Trusted Platform Module (TPM) owner authorization and each of the currently known computer's encrypted volumes.
Examples
Example 1: Give a user permission to recover TPM and Bitlocker information for a specified computer
PS C:\>Write-MbamComputerUser -RecoveryServiceEndPoint http://MBAMServer.contoso.com:8080 -Computer User12-PC.Contoso.com -user @("User12@Contoso.com")This command gives User12@Contoso.com permission to recover TPM and Bitlocker information from self-service portal for computer User12-PC.Contoso.com and its volumes.
Example 2: Give a user permission to recover TPM and Bitlocker information for a specified computer and suppress user confirmation
PS C:\>Write-MbamComputerUser -RecoveryServiceEndPoint http://MBAMServer.contoso.com:8080 -Computer User12-PC.Contoso.com -user @("User12@Contoso.com") -ForceThis command gives User12@Contoso.com permission to recover TPM and Bitlocker information from self-service portal for computer User12-PC.Contoso.com and its volumes.
This command additionally suppresses user confirmation.
Example 3: Give multiple users permission to recover TPM and Bitlocker information for a specified computer and attempt recovery if the cmdlet fails
PS C:\>Write-MbamComputerUser -svc http://MBAMServer.contoso.com:8080 -Computer User12-PC.Contoso.com -ComputerUser @("User12@Contoso.com", "User13@Contoso.net") -RetryCount 2 -RetryIntervalSeconds 10 -ForceThis command gives User12@Contoso.com and User13@Contoso.com permission to recover TPM and Bitlocker information from self-service portal for computer User12-PC.Contoso.com and its volumes.
The command also attempts recovery two more times with a ten second wait time between attempts. This command additionally suppresses user confirmation.
Example 4: Give a user permission to recover TPM and Bitlocker information for a specified computer and attempt recovery if the cmdlet fails
PS C:\>Write-MbamComputerUser -service http://MBAMServer.contoso.com:8080 -Computer User13-Desktop.Domain.Net -user @("User12@Contoso.com") -rc 2 -ri 10This command gives User12@Contoso.com permission to recover TPM and Bitlocker information from self-service portal for the computer User13-Desktop.Domain.Net and its volumes.
This command attempts recovery two more times with a ten second wait time between attempts.
Example 5: Give a user permission to recover TPM and Bitlocker information for a specified machine and attempt recovery if the cmdlet fails
PS C:\>Write-MbamComputerUser -service http://MBAMServer.contoso.com:8080 -Computer User13-Desktop.Domain.Net -user @("User12@Contoso.com") -rc 2 -ri 10 -ConfirmThis command gives User12@Contoso.com permission to recover TPM and Bitlocker information from the self-service portal for the machine User13-Desktop.Domain.Net and its volumes.
This command also attempts recovery two more times with a ten second wait time between attempts.
Parameters
-Computer
Specifies the domain name and machine name of the domain-joined computer in <domain name>\<machine name> format (For instance, "contoso.com\ user12-pc").
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ComputerUser
Specifies an array of fully qualified domain user accounts that have permission to access this volume recovery information in user principal name (UPN) (<login name>@<domain name> format (For instance, @("user12@contoso.com", " user13@contoso.com")).
| Type: | String[] |
| Aliases: | user |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Force
Forces the command to run without asking for user confirmation.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RecoveryServiceEndPoint
Specifies the path to the Microsoft BitLocker Administration and Monitoring (MBAM) Recovery Service endpoint on the network. The URL for the MBAM Recovery service endpoint is http(s)://<servername>:<port>/MBAMRecoveryAndHardwareService/CoreService.svc (for instance, https://mbamserver.contoso.com:8080/ MBAMRecoveryAndHardwareService/CoreService.svc).
| Type: | Uri |
| Aliases: | svc, service |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RetryCount
Specifies the maximum number of times to retry to send recovery information. The cmdlet proceeds to the next record after the retry limit is exceeded.
| Type: | Int32 |
| Aliases: | rc |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RetryIntervalSeconds
Specifies the amount of time in seconds to wait before the cmdlet retries to send the recovery information.
| Type: | Int32 |
| Aliases: | ri |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |