PS C:\WINDOWS\system32> .\manage-bde.exe -protectors -get c:
BitLocker Drive Encryption: Configuration Tool version 10.0.15063
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Volume C: [Windows]
All Key Protectors
Numerical Password:
ID: {5AE32687-8E48-46D9-8096-9394B996323A}
Password:
003135-453508-448393-555390-091179-159577-396374-379665
TPM:
ID: {D25D3302-CC81-4FA5-BA41-F84F64D4246F}
PCR Validation Profile:
7, 11
(Uses Secure Boot for integrity validation)
Data Recovery Agent (Certificate Based):
ID: {7184E029-D82C-47D8-AEA1-507E1EB8FAC6}
Certificate Thumbprint:
482bda8296519fbdb95e3228ff021d1cf2c62ab2
推送到AD
PS C:\WINDOWS\system32> .\manage-bde.exe -protectors -adbackup c: -id '{5AE32687-8E48-46D9-8096-9394B996323A}'
BitLocker Drive Encryption: Configuration Tool version 10.0.15063
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Recovery information was successfully backed up to Active Directory.
PS C:\WINDOWS\system32>
登陆ADUC,查看一下已经成功保持到AD了
7. 测试
我电脑上弄了3种类型的盘符,一个是操作系统C盘,一个是放数据的E盘,还有一个U盘 D。
看看状态
PS C:\WINDOWS\system32>
PS C:\WINDOWS\system32> .\manage-bde.exe -status
BitLocker Drive Encryption: Configuration Tool version 10.0.15063
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [Windows]
[OS Volume]
Size: 231.29 GB
BitLocker Version: 2.0
Conversion Status: Used Space Only Encrypted
Percentage Encrypted: 100.0%
Encryption Method: AES 128
Protection Status: Protection On
Lock Status: Unlocked
Identification Field: omnicom
Key Protectors:
Numerical Password
TPM
Data Recovery Agent (Certificate Based)
Volume E: [Data]
[Data Volume]
Size: 0.49 GB
BitLocker Version: 2.0
Conversion Status: Used Space Only Encrypted
Percentage Encrypted: 100.0%
Encryption Method: XTS-AES 128
Protection Status: Protection On
Lock Status: Unlocked
Identification Field: omnicom
Automatic Unlock: Disabled
Key Protectors:
Numerical Password
Password
Data Recovery Agent (Certificate Based)
Volume D: [Label Unknown]
[Data Volume]
Size: Unknown GB
BitLocker Version: 2.0
Conversion Status: Unknown
Percentage Encrypted: Unknown%
Encryption Method: AES 128
Protection Status: Unknown
Lock Status: Locked
Identification Field: Unknown
Automatic Unlock: Disabled
Key Protectors:
Numerical Password
Password
Data Recovery Agent (Certificate Based)
PS C:\WINDOWS\system32> .\manage-bde.exe -lock d:
BitLocker Drive Encryption: Configuration Tool version 10.0.15063
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Volume D: is now locked
查看一下对应的证书是否配置,指纹是什么
PS C:\WINDOWS\system32> .\manage-bde.exe -protectors -get d:
BitLocker Drive Encryption: Configuration Tool version 10.0.15063
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Volume D: [Label Unknown]
All Key Protectors
Numerical Password:
ID: {92319191-E7DC-4393-875A-663926AC47D7}
Password:
ID: {DCF42582-F2C3-44A7-81E2-6FC26685060E}
Data Recovery Agent (Certificate Based):
ID: {AD39876C-3D7C-4444-91BA-EFE6C11ACE34}
Certificate Thumbprint:
482bda8296519fbdb95e3228ff021d1cf2c62ab2