View all Worklets
Windows

Enforce Bitlocker Encryption

Monitors Bitlocker compliance and enforces encryption rules.

Worklet Details

Introduction to the Powershell-based Enforce Bitlocker Encryption Worklet

The Enforce Bitlocker Encryption Worklet is a PowerShell-based automation script designed for Windows systems. It facilitates the encryption of physical drives using BitLocker, ensuring data security and compliance with organizational policies.

This Worklet supports Windows 8, Windows Server 2012, and above, and requires PowerShell 4.0 or later. By utilizing this script, IT administrators can automate the process of encrypting drives, reinforcing security measures across managed devices.

Why would you use the Enforce Bitlocker Encryption Worklet?

The Enforce Bitlocker Encryption Worklet allows IT Administrators need to automate teh checking and enforcing of BitLocker compliance to protect sensitive data stored on physical drives.

This Worklet allows administrators to ensure that all targeted drives are encrypted, thereby mitigating risks associated with data breaches and unauthorized access. It also supports various compliance settings and policies, making it a valuable tool for maintaining system security.

Components of the Enforce Bitlocker Encryption Worklet

This Worklet comprises both an evaluation script and a remediation script. The evaluation script checks the encryption status of specified drives and flags unencrypted ones for remediation.

The remediation script then handles the encryption process, supporting different encryption methods including AES-128, AES-256, and hardware encryption. It also provides options for recovery key management, allowing the storage of recovery keys on a USB flash drive or generating a recovery password.

How does the Enforce Bitlocker Encryption Worklet work?

The Worklet begins by verifying the presence and readiness of a TPM chip, which is essential for BitLocker operations.

Depending on the specified drive parameters—such as "All", "OS", or a specific drive letter—the Worklet evaluates the encryption status of each drive. If it detects unencrypted drives, it initiates the encryption process using the specified encryption method. Administrators can choose between storing recovery keys locally or generating passwords, ensuring flexible recovery options.

What is the expected outcome when you use the Enforce Bitlocker Encryption Worklet?

Upon executing the Enforce Bitlocker Encryption Worklet, administrators can expect a comprehensive check of all targeted drives' encryption status. Any unencrypted drives will be flagged for remediation, leading to their subsequent encryption.

This process ensures that data across all managed devices is securely encrypted, compliant with organizational policies. The Worklet’s detailed logging provides transparency, helping administrators track compliance and security measures effectively.

View in app

Consider Worklets your easy button

What's a Worklet?

A Worklet is an automation script, written in Bash or PowerShell, designed for seamless execution on endpoints – at scale – within the Automox platform. Worklet automation scripts perform configuration, remediation, and the installation or removal of applications and settings across Windows, macOS, and Linux.

do more with worklets