113 lines
4.8 KiB
PowerShell
113 lines
4.8 KiB
PowerShell
<#
|
|
.SYNOPSIS
|
|
<Overview of script>
|
|
|
|
.NOTES
|
|
Version: 1.0
|
|
Author: Hubert CORNET
|
|
Creation Date: <Date>
|
|
Purpose/Change: Initial script development
|
|
|
|
.LINK
|
|
https://www.tips-of-mine.fr
|
|
|
|
.EXEMPLE
|
|
<Example goes here. Repeat this attribute for more than one example>
|
|
|
|
.DESCRIPTION
|
|
<Brief description of script>
|
|
|
|
.PARAMETER <Parameter_Name>
|
|
<Brief description of parameter input required. Repeat this attribute if required>
|
|
|
|
.INPUTS
|
|
<Inputs if any, otherwise state None>
|
|
|
|
.OUTPUTS
|
|
<Outputs if any, otherwise state None - example: Log file stored in C:\Windows\Temp\<name>.log>
|
|
#>
|
|
|
|
#---------------------------------------------------------[Initialisations]--------------------------------------------------------
|
|
# Définir l'action d'erreur pour continuer silencieusement
|
|
$ErrorActionPreference = "SilentlyContinue"
|
|
|
|
#----------------------------------------------------------[Declarations]----------------------------------------------------------
|
|
# Version Script
|
|
$sScriptVersion = "1.0"
|
|
|
|
#Log File Info
|
|
$sLogPath = "C:\Tmp"
|
|
$sLogName = "Activation-BitLocker.log"
|
|
$sLogFile = Join-Path -Path $sLogPath -ChildPath $sLogName
|
|
|
|
Start-Transcript -Path $sLogFile -NoClobber
|
|
|
|
#-----------------------------------------------------------[Functions]------------------------------------------------------------
|
|
|
|
#--------------------------------------------------------[Debut Du Script]---------------------------------------------------------
|
|
|
|
cls
|
|
|
|
|
|
# The script may fail because of race condition? Add a sleep :
|
|
Start-Sleep -Seconds 300
|
|
|
|
# Nous detectons si le disque C dispose de BitLocker.
|
|
# Si la condition n'est pas remplie, nous arretons le script.
|
|
$CdriveStatus = Get-BitLockerVolume -MountPoint 'c:'
|
|
|
|
If ($CdriveStatus.volumeStatus -eq 'FullyDecrypted') {
|
|
# On execute un systeme de logging. Il ne servira en cas de debuggage
|
|
New-EventLog -LogName "BitLocker" -Source "GPO - BitLocker" -ErrorAction Ignore
|
|
write-eventlog -LogName "BitLocker" -Source "GPO - BitLocker" -EntryType Information -Category 1 -Message "BitLocker non detecté sur le disque systeme.`nDémarrage du script." -EventId 1
|
|
|
|
# On lance notre BitLocker
|
|
$result = Enable-BitLocker -MountPoint $env:SystemDrive -SkipHardwareTest -RecoveryPasswordProtector
|
|
|
|
If ($result) {
|
|
# Si BitLocker a bien accepté notre clé
|
|
Write-EventLog -LogName "BitLocker" -Source "GPO - BitLocker" -EntryType Information -Category 1 -Message "Démarrer le cryptage BitLocker.`nCréer le CSV à extraire.`nCode de sortie de la commande pour BitLocker : $result" -EventId 2
|
|
|
|
# On recupere notre clé ici
|
|
$Key = ([string](Get-BitLockerVolume -MountPoint 'c:').keyprotector.recoverypassword)
|
|
|
|
If ($key -match [regex]"[0-9]{6}-[0-9]{6}-[0-9]{6}-[0-9]{6}-[0-9]{6}-[0-9]{6}-[0-9]{6}-[0-9]{6}"){
|
|
|
|
Write-EventLog -LogName "BitLocker" -Source "GPO - BitLocker" -EntryType Information -Category 1 -Message "PowerShell a la clé de récupération. Démarrage de la sortie vers le réseau." -EventId 3
|
|
|
|
If ($CdriveStatus.volumeStatus -eq 'FullyDecrypted') {
|
|
$info = $true
|
|
}
|
|
Else {
|
|
$info = $false
|
|
}
|
|
|
|
$result = [PSCustomObject]@{
|
|
ComputerName = ($env:COMPUTERNAME);
|
|
Date = (get-date -Format 'dd/MM/yy HH:mm');
|
|
Result = $info;
|
|
}
|
|
|
|
$result | export-csv -NoTypeInformation -Path "\\swfilevep01\logs$\BitLocker\BitLocker-$($env:COMPUTERNAME).csv"
|
|
|
|
Write-EventLog -LogName "BitLocker" -Source "GPO - BitLocker" -EntryType Information -Category 1 -Message "Exportation the CSV file to \\fr.dgs.group\systeme$\Logs\BitLocker\BitLocker-$($env:COMPUTERNAME).csv" -EventId 4
|
|
}
|
|
else {
|
|
# Si nous n'avons pas de clé de récupération, nous exportons un log.
|
|
$Status = (Get-BitLockerVolume -MountPoint 'c:').volumeStatus
|
|
|
|
Write-EventLog -LogName "BitLocker" -Source "GPO - BitLocker" -EntryType Error -Category 1 -Message "PowerShell n'a pas la clé de récupération.`nÉtat du disque : $Status" -EventId 5
|
|
}
|
|
}
|
|
Else {
|
|
Write-EventLog -LogName "BitLocker" -Source "GPO - BitLocker" -EntryType Error -Category 1 -Message "Nous ne pouvons pas lancer le cryptage.`nCode de sortie de la commande pour BitLocker : $result `nRésultat de Manage-Bde : $verbose `nCommencé par : $($env:USERNAME)" -EventId 6
|
|
}
|
|
}
|
|
Else {
|
|
New-EventLog -LogName "BitLocker" -Source "GPO - BitLocker" -ErrorAction Ignore
|
|
Write-EventLog -LogName "BitLocker" -Source "GPO - BitLocker" -EntryType Information -Category 1 -Message "Pas entièrement décrypté. Statut: $CdriveStatus.volumeStatus" -EventId 7
|
|
}
|
|
|
|
#---------------------------------------------------------[Fin Du Script]----------------------------------------------------------
|
|
|
|
Stop-Transcript |