Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
New-CMBMSFDVEncryptionPolicy
- Module:
- ConfigurationManager Module
Create a policy to manage whether to use BitLocker encryption on fixed data drives.
Syntax
Default (Default)
New-CMBMSFDVEncryptionPolicy
[-PolicyState <State>]
[-AutoUnlock <Dispensation>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>]
Description
Create a policy to manage whether to use BitLocker encryption on fixed data drives.
When you enable this policy, also create a password policy for fixed data drives. The only exception is if you allow or require the use of auto-unlock for fixed data drives. For more information, see New-CMFDVPassPhrasePolicy.
If you require the use of auto-unlock for fixed data drives, encrypt the OS volume too.
Examples
Example 1: New enabled policy that prohibits auto-unlock
This example creates a new policy that's enabled and doesn't allow auto-unlock.
New-CMBMSFDVEncryptionPolicy -PolicyState Enabled -AutoUnlock Prohibit
Parameters
-AutoUnlock
Allow, require, or prohibit BitLocker to automatically unlock any encrypted data drive. To use auto-unlock, also require BitLocker to encrypt the OS drive.
Parameter properties
| Type: | Dispensation |
| Default value: | None |
| Accepted values: | Allow, Require, Prohibit |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-PolicyState
Use this parameter to configure the policy.
Enabled: If you enable this policy, the user has to put all fixed data drives under the BitLocker protection, and BitLocker encrypts the drives.Disabled: If you disable this policy, the user can't put fixed data drives under BitLocker protection. If you disable this policy after BitLocker encrypts fixed data drives, BitLocker decrypts the fixed data drives.NotConfigured: If you don't configure this policy, BitLocker doesn't require users to put fixed data drives under protection.
Parameter properties
| Type: | State |
| Default value: | None |
| Accepted values: | Enabled, Disabled, NotConfigured |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
None
Outputs
Microsoft.ConfigurationManagement.AdminConsole.BitlockerManagement.PolicyObject
Related Links
Feedback
Was this page helpful?