Active Directory Domain Services account. BitLocker uses domain authentication to unlock data volumes. It is a sequence of 48 digits divided by dashes. Recovery key. A recovery key also called a numerical password, is stored as a specified file in a USB memory device. 
A user-supplied password is used to access the volume.
TPM+Startup key. BitLocker uses a combination of the TPM and input from a USB memory device that contains an external key. TPM+PIN+Startup key. BitLocker uses a combination of the TPM, a user-supplied PIN, and input from a USB memory device that contains an external key. BitLocker uses input from a USB memory device that contains the external key. A PIN is four to twenty digits or if you allow enhanced PINs, four to twenty letters, symbols, spaces, or numbers. BitLocker uses a combination of the TPM and a user-supplied Personal Identification Number (PIN). In general, TPM-based protectors can only be associated to an operating system volume. If you specify this protector, users can access the encrypted drive as long as it is connected to the system board that hosts the TPM and the system boot integrity is intact. BitLocker uses the computer’s TPM to protect the encryption key. The list of protectors will be displayed as follows:ĭetailed information on each protector type, in accordance with Microsoft documentation, is provided below: (where C: is the name of the mounted BitLocker-encrypted volume) To list the protectors of a given BitLocker volume, type the following command in command-line prompt (cmd): manage-bde -protectors -get C: Active Directory Domain Services (AD DS) account. Recovery key (numerical password on a USB drive). Protectors that can be used to encrypt a BitLocker volume include: $Chars = "0123456789".ToCharArray() Do While ($PIN -imatch '()\1') $TSEnv = New-Object -ComObject $TSEnv.This article explains BitLocker protectors and talks about the best ways to get the data decrypted, even for computers that are turned off. Credit to reddit user yeah_i_got_skills for the original code. I borrowed it from the Reddit thread and tweaked it based on my desired end result. Say, you can’t have consecutive numerical characters anywhere in the PIN? Here is the full script $PIN = Get-Random -Maximum 99999999 -Minimum 11111111 $TSEnv = New-Object -ComObject $TSEnv.Value("OSDBitlockerPIN") = $PIN 
The above should work if you just need random output. The below code will generate a random 8 digit number with 9999999 as it’s ceiling, and 11111111 as it’s floor.
0 kommentar(er)
