# Variables $Target = "$env:ProgramData\Scripts" $Script = "BitPin.ps1" # If local path for script doesn't exist, create it If (!(Test-Path $Target)) { New-Item -Path $Target -Type Directory -Force } #Create the PS1 File and write the code into it Set-Content -Path "$Target\$Script" -Force -Value @' do{ $proc = Get-Process -Name SecurityHealthSystray -ErrorAction SilentlyContinue if ($proc) { $OSVolume = Get-BitlockerVolume | Where {$_.VolumeType -eq "OperatingSystem"} Initialize-Tpm -AllowClear $DevicePIN = ConvertTo-SecureString ([System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("MDAwMA=="))) -AsPlainText -Force Add-BitlockerKeyProtector -MountPoint $OSVolume.MountPoint -RecoveryPasswordProtector Enable-BitLocker -MountPoint $OSVolume.MountPoint -UsedSpaceOnly -Pin $DevicePIN -TPMandPinProtector $RecoveryKeyID = ((Get-BitlockerVolume).KeyProtector | Where {$_.KeyProtectorType -eq "RecoveryPassword"}).KeyProtectorId Unregister-ScheduledTask -TaskName "BitPinSet" -Confirm:$False # Remove this script after execution Remove-Item -Path $MyInvocation.MyCommand.Source -Force $RestartTime = (Get-Date).AddSeconds(300).ToString("HH:mm:ss") shutdown /r /t 300 /c "BitLocker PIN code has been set, Windows will restart at $RestartTime. Please save your work now." Exit 0 } Else { Start-Sleep -s 5 } } while (1 -eq 1) '@ # Create the scheduled task to run the script at logon $action = New-ScheduledTaskAction -Execute 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -Argument "-NoProfile -ExecutionPolicy Bypass -File $Target\$Script" $trigger = New-ScheduledTaskTrigger -AtLogOn $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -Compatibility Win8 $principal = New-ScheduledTaskPrincipal -GroupId "NT AUTHORITY\SYSTEM" $task = New-ScheduledTask -Action $action -Trigger $trigger -Settings $settings -Principal $principal Register-ScheduledTask -InputObject $task -TaskName "BitPinSet" -Force