[英]Bitlocker script to unlock drive
What I am trying to achieve is to create a very small script to unlock my bitlocker drive, using the password, not the recovery password. 我想要实现的是创建一个非常小的脚本来解锁我的bitlocker驱动器,使用密码,而不是恢复密码。
There is a Microsoft command for that, which is: 有一个Microsoft命令,它是:
manage-bde -unlock D: -password
where D
is my bit locker drive. 其中D
是我的位置锁定驱动器。 If I run this command line it will ask me for the password, and then the drive is properly unlocked. 如果我运行此命令行,它将询问我的密码,然后驱动器已正确解锁。
At first I thought about creating a variable to ask for the password to the user, and then use this variable in the above command line, so that the script would look like: 起初我考虑创建一个变量来向用户请求密码,然后在上面的命令行中使用这个变量,这样脚本看起来像:
set /p pass= what is your pass
manage-bde -unlock D: -password %pass%
The problem is that -password
does not seem to accept any argument, would it be the variable, or the password in clear, it will fail. 问题是-password
似乎不接受任何参数,它是变量,还是密码是clear,它会失败。 So, the only way to make it work seems to be an automatic reply to the prompt for the password, with the data in the variable. 因此,使其工作的唯一方法似乎是自动回复密码的提示,其中包含变量中的数据。 But I don't know how to do that. 但我不知道该怎么做。 I assume there is an extra command line to add after the manage-dbe
... 我假设在manage-dbe
之后还有一个额外的命令行要添加...
My programming skills are quite weak, so any help would be appreciated. 我的编程技巧很弱,所以任何帮助都会受到赞赏。
Kind of late to the party but as mentioned here you can easily do this with only a couple of lines, if you don't have any problem using PowerShell: 有点晚了党,但提到这里 ,你可以很容易地做到这一点,只有几行,如果你没有使用PowerShell的任何问题:
PS C:\> $SecureString = ConvertTo-SecureString "fjuksAS1337" -AsPlainText -Force
PS C:\> Unlock-BitLocker -MountPoint "E:" -Password $SecureString
Late reply, I know--sorry. 迟到的回复,我知道 - 抱歉。 But for anyone who wants to do this, no , you do NOT have to use the recovery password. 但是,谁想要做到这一点, 不 ,你没有使用恢复密码。 Hard-coding the recovery password like that defeats the entire purpose of using Bitlocker. 像这样对恢复密码进行硬编码会破坏使用Bitlocker的全部目的。
I put together a very simple script that works. 我整理了一个非常简单的脚本。 It does require Administrator privileges (which I will not expound on). 它确实需要管理员权限(我不会解释)。 There is a way around that using Task Scheduler (schtasks.exe), but I don't feel like getting into that here. 有一种方法可以使用Task Scheduler(schtasks.exe),但我不想进入这里。
The script assumes you know which letters you have assigned to Bitlocker volumes. 该脚本假定您知道已将哪些字母分配给Bitlocker卷。 You can make this script a lot fancier by validating the letter entered, and so on. 您可以通过验证输入的字母来使这个脚本更加漂亮,依此类推。
Save the code to a file with the .CMD file extension, preferably to a directory in your system or user path. 将代码保存到具有.CMD文件扩展名的文件中,最好保存到系统或用户路径中的目录中。 To invoke the script, simply enter [script name] [Bitlocker volume letter]
. 要调用脚本,只需输入[script name] [Bitlocker volume letter]
。 For example, unlock x
. 例如, unlock x
。 Don't include a trailing semicolon. 不要包含尾随分号。
Remember, it requires elevation ! 请记住, 它需要提升 !
@echo off & cls
set Volume=%1:
echo.
manage-bde.exe -unlock -password %Volume%
echo. & pause & echo.
:: End of script
Along with Unlock-BitLocker
You could as well prompt for a secure string, rather than putting it in the script: 与Unlock-BitLocker
您也可以提示输入安全字符串,而不是将其放在脚本中:
$key = Read-Host 'Enter Bitlocker Password!' -AsSecureString
Unlock-Bitlocker -MountPoint "Y:" -Password $key
Unlock-Bitlocker -MountPoint "Z:" -Password $key
Just make a batch file that looks file below, and add it to your start-up folder. 只需创建一个看起来如下文件的批处理文件,然后将其添加到您的启动文件夹中。 Drive gets unlocked automatically each boot. 每次启动时,驱动器都会自动解锁。
Remarks: 备注:
cscript C:\\Windows\\System32\\manage-bde.wsf -unlock d: -recoverypassword 215270-XXXXXX-345807-005038-278652-077022-634964-379346
Go to Control Panel -> Manage Bitlocker and unlock your D drive using your password. 转到控制面板 - >管理Bitlocker并使用密码解锁D驱动器。
Back up your recorvery key to a file. 将您的记录密钥备份到文件。 Get the Recovery Key (Ex: 240536-642752-211409-491690-520026-693407-016863-529159) saved in that file. 获取保存在该文件中的恢复密钥(例如:240536-642752-211409-491690-520026-693407-016863-529159)。
use the following command to automate the process: manage-bde -unlock D: -recoverypassword 240536-642752-211409-491690-520026-693407-016863-529159
使用以下命令自动执行该过程: manage-bde -unlock D: -recoverypassword 240536-642752-211409-491690-520026-693407-016863-529159
MSFT has probably changed somethings. MSFT可能改变了一些事情。 Here is a code fragment that works for encrypted drives and provides mount point for later use (eg- F: or X:) 这是一个适用于加密驱动器的代码片段,并提供挂载点供以后使用(例如-F:或X :)
$pass = Read-Host "Password for $devVHD" -AsSecureString
mount-diskimage -ImagePath $devVHD
$unlckDrive = (Get-BitLockerVolume | where {$_.CapacityGB -eq 0}).mountpoint
Unlock-BitLocker -MountPoint $unlckDrive -Password $pass
Just write this in Notepad and save it as .bat
file. 只需在记事本中写入此内容并将其另存为.bat
文件即可。
You can then set up new task in the Task Scheduler
to run the script on startup. 然后,您可以在Task Scheduler
设置新任务以在启动时运行脚本。 Don't forget to check the task to be Run as Administrator : 不要忘记检查要以管理员身份运行的任务:
@echo off
manage-bde D: -unlock -recoverypassword XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX
pause
use -recoverypassword switch and write your recovery pwd, it works for me ;) 使用-recoverypassword切换并编写你的恢复密码,它对我有用;)
EDIT: manage-bde -unlock D: -recoverypassword manage-bde -unlock D: -recoverypassword XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX
编辑: manage-bde -unlock D: -recoverypassword manage-bde -unlock D: -recoverypassword XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.