Set-BitLockerAutoUnlock
Windows: Configures BitLocker automatic unlocking for a volume
#Requires -Version 5.1
#Requires -Modules BitLocker
[CmdletBinding()]
Param (
[Parameter(Mandatory = $true)]
[string]$MountPoint,
[Parameter(Mandatory = $true)]
[bool]$Enabled,
[string]$ComputerName = $env:COMPUTERNAME,
[pscredential]$Credential
)
Process {
try {
$scriptBlock = {
Param($Drive, $Enable)
if ($Enable) {
Enable-BitLockerAutoUnlock -MountPoint $Drive -ErrorAction Stop
}
else {
Disable-BitLockerAutoUnlock -MountPoint $Drive -ErrorAction Stop
}
Get-BitLockerVolume -MountPoint $Drive | Select-Object MountPoint, AutoUnlockEnabled
}
if ($ComputerName -ne $env:COMPUTERNAME) {
$invokeParams = @{
'ComputerName' = $ComputerName
'ScriptBlock' = $scriptBlock
'ArgumentList' = @($MountPoint, $Enabled)
'ErrorAction' = 'Stop'
}
if ($null -ne $Credential) {
$invokeParams.Add('Credential', $Credential)
}
$result = Invoke-Command @invokeParams
}
else {
$result = &$scriptBlock -Drive $MountPoint -Enable $Enabled
}
$output = [PSCustomObject]@{
MountPoint = $result.MountPoint
AutoUnlockEnabled = $result.AutoUnlockEnabled
ComputerName = $ComputerName
Action = if ($Enabled) { "AutoUnlockEnabled" } else { "AutoUnlockDisabled" }
Timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
}
Write-Output $output
}
catch {
throw
}
}Specifies the drive letter or mount point (e.g., "D:").
If set to true, enables auto-unlock. If false, disables it.
Specifies the name of the target computer. Defaults to the local computer.
Specifies a PSCredential object for remote connection.