diff --git a/Set-BitLockerPIN.ps1 b/Set-BitLockerPIN.ps1 new file mode 100644 index 0000000..4cfac30 --- /dev/null +++ b/Set-BitLockerPIN.ps1 @@ -0,0 +1,44 @@ +# Variables +$Target = "$env:ProgramData\Scripts" +$Script = "BitPin.ps1" + +# If local path for script doesn't exist, create it +If (!(Test-Path $Target)) { New-Item -Path $Target -Type Directory -Force } + +#Create the PS1 File and write the code into it +Set-Content -Path "$Target\$Script" -Force -Value @' +do{ +$proc = Get-Process -Name SecurityHealthSystray -ErrorAction SilentlyContinue + if ($proc) + { + $OSVolume = Get-BitlockerVolume | Where {$_.VolumeType -eq "OperatingSystem"} + Initialize-Tpm -AllowClear + $DevicePIN = ConvertTo-SecureString ([System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("MDAwMA=="))) -AsPlainText -Force + Add-BitlockerKeyProtector -MountPoint $OSVolume.MountPoint -RecoveryPasswordProtector + Enable-BitLocker -MountPoint $OSVolume.MountPoint -UsedSpaceOnly -Pin $DevicePIN -TPMandPinProtector + $RecoveryKeyID = ((Get-BitlockerVolume).KeyProtector | Where {$_.KeyProtectorType -eq "RecoveryPassword"}).KeyProtectorId + + Unregister-ScheduledTask -TaskName "BitPinSet" -Confirm:$False + + # Remove this script after execution + Remove-Item -Path $MyInvocation.MyCommand.Source -Force + + $RestartTime = (Get-Date).AddSeconds(300).ToString("HH:mm:ss") + shutdown /r /t 300 /c "BitLocker PIN code has been set, Windows will restart at $RestartTime. Please save your work now." + + Exit 0 + } + Else { + Start-Sleep -s 5 + } +} while (1 -eq 1) +'@ + +# Create the scheduled task to run the script at logon +$action = New-ScheduledTaskAction -Execute 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -Argument "-NoProfile -ExecutionPolicy Bypass -File $Target\$Script" +$trigger = New-ScheduledTaskTrigger -AtLogOn +$settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -Compatibility Win8 +$principal = New-ScheduledTaskPrincipal -GroupId "NT AUTHORITY\SYSTEM" +$task = New-ScheduledTask -Action $action -Trigger $trigger -Settings $settings -Principal $principal + +Register-ScheduledTask -InputObject $task -TaskName "BitPinSet" -Force \ No newline at end of file