samsamfin/PowerShell
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6c2d8f214c5b0872d29dd74426849d4d393fc886
PowerShell/Set-BitLockerPIN.ps1
samsamfin 6c2d8f214c Upload files to "/"
2026-03-22 14:52:03 +00:00

44 lines
2.1 KiB
PowerShell
Raw Blame History

# Variables
$Target = "$env:ProgramData\Scripts"
$Script = "BitPin.ps1"
# If local path for script doesn't exist, create it
If (!(Test-Path $Target)) { New-Item -Path $Target -Type Directory -Force }
#Create the PS1 File and write the code into it
Set-Content -Path "$Target\$Script" -Force -Value @'
do{
$proc = Get-Process -Name SecurityHealthSystray -ErrorAction SilentlyContinue
if ($proc)
{
$OSVolume = Get-BitlockerVolume | Where {$_.VolumeType -eq "OperatingSystem"}
Initialize-Tpm -AllowClear
$DevicePIN = ConvertTo-SecureString ([System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String("MDAwMA=="))) -AsPlainText -Force
Add-BitlockerKeyProtector -MountPoint $OSVolume.MountPoint -RecoveryPasswordProtector
Enable-BitLocker -MountPoint $OSVolume.MountPoint -UsedSpaceOnly -Pin $DevicePIN -TPMandPinProtector
$RecoveryKeyID = ((Get-BitlockerVolume).KeyProtector | Where {$_.KeyProtectorType -eq "RecoveryPassword"}).KeyProtectorId
Unregister-ScheduledTask -TaskName "BitPinSet" -Confirm:$False
# Remove this script after execution
Remove-Item -Path $MyInvocation.MyCommand.Source -Force
$RestartTime = (Get-Date).AddSeconds(300).ToString("HH:mm:ss")
shutdown /r /t 300 /c "BitLocker PIN code has been set, Windows will restart at $RestartTime. Please save your work now."
Exit 0
}
Else {
Start-Sleep -s 5
}
} while (1 -eq 1)
'@
# Create the scheduled task to run the script at logon
$action = New-ScheduledTaskAction -Execute 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -Argument "-NoProfile -ExecutionPolicy Bypass -File $Target\$Script"
$trigger = New-ScheduledTaskTrigger -AtLogOn
$settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -Compatibility Win8
$principal = New-ScheduledTaskPrincipal -GroupId "NT AUTHORITY\SYSTEM"
$task = New-ScheduledTask -Action $action -Trigger $trigger -Settings $settings -Principal $principal
Register-ScheduledTask -InputObject $task -TaskName "BitPinSet" -Force
Reference in New Issue View Git Blame Copy Permalink