For Win10:
-----------------------------------
#Decrypt-BitlockerDrives.PS1
#Script by Mark Randol
#randoltech.blogspot.com
#This script finds all local encrypted volumes and decrypt them.
#Does not exit until decryption is completed.
CLS
Clear-BitLockerAutoUnlock #Since we're decrypting all of the drives, and any Auto-Unlock protectors are tied to the encryption on the system drive, these need to go away.
$PossibleDrives = (Get-BitLockerVolume).MountPoint #get all of the drives that could possibly be encrypted
#Disable-BitLocker -MountPoint $PossibleDrives #start all of the discovered drives decrypting in parallel
foreach ($DriveLetter in $PossibleDrives) { #step through the drives in series to ensure they get decrypted
[int]$LastEncryptPercent = 100 #This variable stores the most recent change to the encryption percentage
[int]$CurrentEncryptPercent = 2 #This variable stores the current check that we are making on the encryption level
#If these two variables are equal we know that no progress has been made in decryption since the last check
do { #check the encryption level of the drive every five minutes until it is fully decrypted
$CurrentEncryptPercent = (Get-BitLockerVolume -MountPoint $DriveLetter).EncryptionPercentage
if ($CurrentEncryptPercent -ne $LastEncryptPercent) { #if the percentage of encryption has changed since the last check then write that to the output
$OutputString = "Drive " + $DriveLetter + $CurrentEncryptPercent.ToString() + "% encrypted"
Write-Output $OutputString
$LastEncryptPercent = (Get-BitLockerVolume -MountPoint $DriveLetter).EncryptionPercentage #Since the encryption percentage has changed, lets store the this percentage as our "last" (most recent)
}
Start-Sleep -Seconds 300 #wait five minutes before checking again
}
while ($CurrentEncryptPercent -ne 0)
}
Write-Output (Get-BitLockerVolume)
---------------------------------
For Win7
#Decrypt-BitlockerDrives.PS1
#Script by Mark Randol
#randoltech.blogspot.com
#
#This script will list out all of the encryptable volumes on the local machine and decrypt them
#Do not exit until decryption is completed.
#there are simpler ways to do this with modern Powershell commands (Get-BitLockerVolume for example)
#but those methods do not work with a native Windows 7 PowerShell environment so this was
#developed to help facilitate Windows 7 to Windows 10 migration.
$WMINameSpace = "root\CIMv2\Security\MicrosoftVolumeEncryption"
$WMIClass = "Win32_EncryptableVolume"
$BitLockerDrives = (Get-Wmiobject -Namespace $WMINameSpace -Class $WMIClass -ComputerName $env:COMPUTERNAME).DriveLetter
foreach ($LockedDrive in $BitLockerDrives) {
$Status = (Get-Wmiobject -Namespace $WMINameSpace -Class $WMIClass -ComputerName $env:COMPUTERNAME -Filter “DriveLetter=""$LockedDrive""”).ConversionStatus
if ($Status -ne 0) {
if ($Status -eq 1) {
Invoke-Command {manage-bde.exe -off C:}
}
}
foreach ($LockedDrive in $BitLockerDrives) {
$Status = (Get-Wmiobject -Namespace $WMINameSpace -Class $WMIClass -ComputerName $env:COMPUTERNAME -Filter “DriveLetter=""$LockedDrive""”).ConversionStatus
if ($Status -ne 0) {
do {
Start-Sleep 15
$Status = (Get-Wmiobject -Namespace $WMINameSpace -Class $WMIClass -ComputerName $env:COMPUTERNAME -Filter “DriveLetter=""$LockedDrive""”).ConversionStatus
}
until ($Status -eq 0)
}
}
{Exit $LASTEXITCODE}
No comments:
Post a Comment