Introduction

The xBitlocker module is a part of the Windows PowerShell Desired State Configuration (DSC) Resource Kit, which is a collection of DSC Resources produced by the PowerShell Team. This module contains the xBLAutoBitlocker, xBLBitlocker, xBLTpm resources. This DSC Module allows you to configure Bitlocker on a single disk, configure a TPM chip, or automatically enable Bitlocker on multiple disks.

All of the resources in the DSC Resource Kit are provided AS IS, and are not supported through any Microsoft standard support program or service. The ""x" in xBitlocker stands for experimental, which means that these resources will be fix forward and monitored by the module owner(s).

Please leave comments, feature requests, and bug reports in the Q & A tab for this module.

If you would like to modify xBitlocker module, feel free. When modifying, please update the module name, resource friendly name, and MOF class name (instructions below). As specified in the license, you may copy or modify this resource as long as they are used on the Windows Platform.

For more information about Windows PowerShell Desired State Configuration, check out the blog posts on the PowerShell Blog (this is a good starting point). There are also great community resources, such as PowerShell.org, or PowerShell Magazine. For more information on the DSC Resource Kit, check out this blog post.

Installation

To install xBitlocker module

To confirm installation:

Requirements

This module requires that both the 'Bitlocker' and 'RSAT-Feature-Tools-Bitlocker' features are installed. It also requires the latest version of PowerShell (v4.0, which ships in Windows 8.1 or Windows Server 2012R2). To easily use PowerShell 4.0 on older operating systems, install WMF 4.0. Please read the installation instructions that are present on both the download page and the release notes for WMF 4.0.

Description

The xBitlocker module contains the xBLAutoBitlocker, xBLBitlocker, xBLTpm DSC Resources. This DSC Module allows you to configure Bitlocker on a single disk, configure a TPM chip, or automatically enable Bitlocker on multiple disks.

Details

xBLAutoBitlocker is used to automatically enable Bitlocker on drives of type Fixed or Removable. It does not work on Operating System drives. xBLAutoBitlocker has the following properties. Where no description is listed, properties correspond directly to Enable-Bitlocker parameters.

xBLBitlocker has the following properties. Where no description is listed, properties correspond directly to Enable-Bitlocker parameters.

xBLTpm is used to initialize a TPM chip using Initialize-TPM. xBLTpm has the following properties.

Renaming Requirements

When making changes to these resources, we suggest the following practice:

  1. Update the following names by replacing MSFT with your company/community name and replacing the "x" with "c" (short for "Community") or another prefix of your choice:
    • Module name (ex: xBitlocker becomes cBitlocker)
    • Resource folder (ex: MSFT_xBLBitlocker becomes Contoso_cBLBitlocker)
    • Resource Name (ex: MSFT_xBLBitlocker becomes Contoso_cBLBitlocker)
    • Resource Friendly Name (ex: xBLBitlocker becomes cBLBitlocker)
    • MOF class name (ex: MSFT_xBLBitlocker becomes Contoso_cBLBitlocker)
    • Filename for the <resource>.schema.mof (ex: MSFT_xBLBitlocker.schema.mof becomes Contoso_cBLBitlocker.schema.mof)
  2. Update module and metadata information in the module manifest
  3. Update any configuration that use these resources

We reserve resource and module names without prefixes ("x" or "c") for future use (e.g. "MSFT_BLAutoBitlocker, MSFT_BLBitlocker, MSFT_BLTpm" or "BLAutoBitlocker, BLBitlocker, BLTpm"). If the next version of Windows Server ships with "MSFT_BLAutoBitlocker, MSFT_BLBitlocker, MSFT_BLTpm" resources, we don't want to break any configurations that use any community modifications. Please keep a prefix such as "c" on all community modifications.

Versions

1.0.0.0

Example: ConfigureBitlockerOnOSDrive

This example enables Bitlocker on an Operating System drive. The example code for ConfigureBitlockerOnOSDrive is located in "ConfigureBitlockerOnOSDrive.ps1" in the module folder under ...\xExchange\Examples\ConfigureBitlockerOnOSDrive.

Example: ConfigureBitlockerAndAutoBitlocker

Enables Bitlocker on an Operating System drive, and automatically enables Bitlocker on all drives of type 'Fixed'. The example code for ConfigureBitlockerAndAutoBitlocker is located in "ConfigureBitlockerAndAutoBitlocker.ps1" in the module folder under ...\xExchange\Examples\ConfigureBitlockerAndAutoBitlocker.