Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
New-CMUseOsEnforcePolicy
- Module:
- ConfigurationManager Module
Create a policy to configure the number of days that users can delay complying with BitLocker policies for their OS drive.
Syntax
Default (Default)
New-CMUseOsEnforcePolicy
[-PolicyState <State>]
[-GracePeriodDays <Int32>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>]
Description
Create a policy to configure the number of days that users can delay complying with BitLocker policies for their OS drive. After the grace period expires, users can't postpone the required action or request an exemption. The grace period begins when BitLocker first detects that the OS drive is noncompliant. This grace period is the same for all users of the computer, regardless of when each user signs in.
Examples
Example 1: New enabled policy with a grace period of seven days
This example creates a policy that's enabled and a grace period of one week (five days).
New-CMUseOsEnforcePolicy -PolicyState Enabled -GracePeriodDays 7
Parameters
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-GracePeriodDays
Specify the number of days that the OS drive can be not protected by BitLocker. After this number of days, BitLocker protects the drive and encrypts it.
Specify a value of 0 to immediately enforce this OS drive policy.
Parameter properties
| Type: | Int32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-PolicyState
Use this parameter to configure the policy.
Enabled: If you enable this policy, BitLocker enforces the policy on the OS drive, and provides users with grace period that you specify in the -GracePeriodDays parameter.Disabled,NotConfigured: If you disable or don't configure this setting, Configuration Manager doesn't require users to comply with BitLocker policies.
Parameter properties
| Type: | State |
| Default value: | None |
| Accepted values: | Enabled, Disabled, NotConfigured |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
None
Outputs
Microsoft.ConfigurationManagement.AdminConsole.BitlockerManagement.PolicyObject
Related Links
Feedback
Was this page helpful?