Skip to content

Commit

Permalink
Merge pull request #2 from PowerShell/dev
Browse files Browse the repository at this point in the history
Update to version 1.0.1.1 from PSGallery
  • Loading branch information
vors committed Apr 23, 2015
2 parents 23da51c + e22dc8f commit fa6c7d1
Show file tree
Hide file tree
Showing 11 changed files with 351 additions and 385 deletions.
150 changes: 113 additions & 37 deletions DSCResources/MSFT_xBLAutoBitlocker/MSFT_xBLAutoBitlocker.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ function Get-TargetResource
[System.Int32]
$MinDiskCapacityGB,

[ValidateSet("AdAccountOrGroupProtector","PasswordProtector","Pin","RecoveryKeyProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector")]
[ValidateSet("PasswordProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector")]
[parameter(Mandatory = $true)]
[System.String]
$PrimaryProtector,
Expand Down Expand Up @@ -74,36 +74,8 @@ function Get-TargetResource

CheckForPreReqs

#First get all Bitlocker Volumes of type Data
$allBlvs = Get-BitLockerVolume | where {$_.VolumeType -eq "Data"}

#Filter on size if it was specified
if ($PSBoundParameters.ContainsKey("MinDiskCapacityGB"))
{
$allBlvs = $allBlvs | where {$_.CapacityGB -ge $MinDiskCapacityGB}
}

#Now find disks of the appropriate drive type, and add them to the collection
if ($allBlvs -ne $null)
{
[Hashtable]$returnValue = @{}

foreach ($blv in $allBlvs)
{
$vol = $null
$vol = Get-Volume -Path $blv.MountPoint -ErrorAction SilentlyContinue | where {$_.DriveType -like $DriveType}

if ($vol -ne $null)
{
[Hashtable]$props = @{
VolumeStatus = $blv.VolumeStatus
KeyProtectors = $blv.KeyProtector
EncryptionMethod = $blv.EncryptionMethod
}

$returnValue.Add($blv.MountPoint, $props)
}
}
$returnValue = @{
DriveType = $DriveType
}

$returnValue
Expand All @@ -122,7 +94,7 @@ function Set-TargetResource
[System.Int32]
$MinDiskCapacityGB,

[ValidateSet("AdAccountOrGroupProtector","PasswordProtector","Pin","RecoveryKeyProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector")]
[ValidateSet("PasswordProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector")]
[parameter(Mandatory = $true)]
[System.String]
$PrimaryProtector,
Expand Down Expand Up @@ -184,7 +156,7 @@ function Set-TargetResource

CheckForPreReqs

$autoBlVols = Get-TargetResource @PSBoundParameters
$autoBlVols = GetAutoBitlockerStatus @PSBoundParameters

if ($autoBlVols -eq $null)
{
Expand All @@ -210,7 +182,6 @@ function Set-TargetResource
}
}


function Test-TargetResource
{
[CmdletBinding()]
Expand All @@ -225,7 +196,7 @@ function Test-TargetResource
[System.Int32]
$MinDiskCapacityGB,

[ValidateSet("AdAccountOrGroupProtector","PasswordProtector","Pin","RecoveryKeyProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector")]
[ValidateSet("PasswordProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector")]
[parameter(Mandatory = $true)]
[System.String]
$PrimaryProtector,
Expand Down Expand Up @@ -287,7 +258,7 @@ function Test-TargetResource

CheckForPreReqs

$autoBlVols = Get-TargetResource @PSBoundParameters
$autoBlVols = GetAutoBitlockerStatus @PSBoundParameters

if ($autoBlVols -eq $null)
{
Expand Down Expand Up @@ -315,8 +286,113 @@ function Test-TargetResource
return $true
}

function GetAutoBitlockerStatus
{
[CmdletBinding()]
[OutputType([System.Collections.Hashtable])]
param
(
[parameter(Mandatory = $true)]
[ValidateSet("Fixed","Removable")]
[System.String]
$DriveType,

[System.Int32]
$MinDiskCapacityGB,

Export-ModuleMember -Function *-TargetResource
[ValidateSet("PasswordProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector")]
[parameter(Mandatory = $true)]
[System.String]
$PrimaryProtector,

[System.String]
$AdAccountOrGroup,

[System.Boolean]
$AdAccountOrGroupProtector,

[System.Boolean]
$AutoUnlock = $false,

[ValidateSet("Aes128","Aes256")]
[System.String]
$EncryptionMethod,

[System.Boolean]
$HardwareEncryption,

[System.Management.Automation.PSCredential]
$Password,

[System.Boolean]
$PasswordProtector,

[System.Management.Automation.PSCredential]
$Pin,

[System.String]
$RecoveryKeyPath,

[System.Boolean]
$RecoveryKeyProtector,

[System.Boolean]
$RecoveryPasswordProtector,

[System.Boolean]
$Service,

[System.Boolean]
$SkipHardwareTest,

[System.String]
$StartupKeyPath,

[System.Boolean]
$StartupKeyProtector,

[System.Boolean]
$TpmProtector,

[System.Boolean]
$UsedSpaceOnly
)

#First get all Bitlocker Volumes of type Data
$allBlvs = Get-BitLockerVolume | where {$_.VolumeType -eq "Data"}

#Filter on size if it was specified
if ($PSBoundParameters.ContainsKey("MinDiskCapacityGB"))
{
$allBlvs = $allBlvs | where {$_.CapacityGB -ge $MinDiskCapacityGB}
}

#Now find disks of the appropriate drive type, and add them to the collection
if ($allBlvs -ne $null)
{
[Hashtable]$returnValue = @{}

foreach ($blv in $allBlvs)
{
$vol = $null
$vol = Get-Volume -Path $blv.MountPoint -ErrorAction SilentlyContinue | where {$_.DriveType -like $DriveType}

if ($vol -ne $null)
{
[Hashtable]$props = @{
VolumeStatus = $blv.VolumeStatus
KeyProtectors = $blv.KeyProtector
EncryptionMethod = $blv.EncryptionMethod
}

$returnValue.Add($blv.MountPoint, $props)
}
}
}

$returnValue
}

Export-ModuleMember -Function *-TargetResource


Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ class MSFT_xBLAutoBitlocker : OMI_BaseResource

[Key, ValueMap{"Fixed","Removable"}, Values{"Fixed","Removable"}] String DriveType; //The type of volume, as reported by Get-Volume, to auto apply Bitlocker to
[Write] Sint32 MinDiskCapacityGB; //If specified, only disks this size or greater will auto apply Bitlocker
[Required, ValueMap{"AdAccountOrGroupProtector","PasswordProtector","Pin","RecoveryKeyProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector"}, Values{"AdAccountOrGroupProtector","PasswordProtector","Pin","RecoveryKeyProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector"}] String PrimaryProtector;
[Required, ValueMap{"PasswordProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector"}, Values{"PasswordProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector"}] String PrimaryProtector;
[Write] Boolean AutoUnlock; //Whether volumes should be enabled for auto unlock using Enable-BitlockerAutoUnlock

//Remaing properties correspond directly to Enable-Bitlocker parameters
Expand All @@ -30,4 +30,3 @@ class MSFT_xBLAutoBitlocker : OMI_BaseResource
};



21 changes: 6 additions & 15 deletions DSCResources/MSFT_xBLBitlocker/MSFT_xBLBitlocker.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ function Get-TargetResource
[System.String]
$MountPoint,

[ValidateSet("AdAccountOrGroupProtector","PasswordProtector","Pin","RecoveryKeyProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector")]
[ValidateSet("PasswordProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector")]
[parameter(Mandatory = $true)]
[System.String]
$PrimaryProtector,
Expand Down Expand Up @@ -73,18 +73,10 @@ function Get-TargetResource

CheckForPreReqs

$blv = Get-BitLockerVolume -MountPoint $MountPoint -ErrorAction SilentlyContinue

if ($blv -ne $null)
{
$returnValue = @{
MountPoint = $MountPoint
VolumeStatus = $blv.VolumeStatus
KeyProtectors = $blv.KeyProtector
EncryptionMethod = $blv.EncryptionMethod
}
$returnValue = @{
MountPoint = $MountPoint
}

$returnValue
}

Expand All @@ -98,7 +90,7 @@ function Set-TargetResource
[System.String]
$MountPoint,

[ValidateSet("AdAccountOrGroupProtector","PasswordProtector","Pin","RecoveryKeyProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector")]
[ValidateSet("PasswordProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector")]
[parameter(Mandatory = $true)]
[System.String]
$PrimaryProtector,
Expand Down Expand Up @@ -176,7 +168,7 @@ function Test-TargetResource
[System.String]
$MountPoint,

[ValidateSet("AdAccountOrGroupProtector","PasswordProtector","Pin","RecoveryKeyProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector")]
[ValidateSet("PasswordProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector")]
[parameter(Mandatory = $true)]
[System.String]
$PrimaryProtector,
Expand Down Expand Up @@ -249,4 +241,3 @@ function Test-TargetResource
Export-ModuleMember -Function *-TargetResource



Expand Down
3 changes: 1 addition & 2 deletions DSCResources/MSFT_xBLBitlocker/MSFT_xBLBitlocker.schema.mof
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
class MSFT_xBLBitlocker : OMI_BaseResource
{
[Key] String MountPoint; //The MountPoint name as reported in Get-BitLockerVolume
[Required, ValueMap{"AdAccountOrGroupProtector","PasswordProtector","Pin","RecoveryKeyProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector"}, Values{"AdAccountOrGroupProtector","PasswordProtector","Pin","RecoveryKeyProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector"}] String PrimaryProtector; //The type of key protector that will be used as the primary key protector
[Required, ValueMap{"PasswordProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector"}, Values{"PasswordProtector","RecoveryPasswordProtector","StartupKeyProtector","TpmProtector"}] String PrimaryProtector; //The type of key protector that will be used as the primary key protector
[Write] Boolean AutoUnlock; //Whether volumes should be enabled for auto unlock using Enable-BitlockerAutoUnlock
[Write] Boolean AllowImmediateReboot; //Whether the computer can be immediately rebooted after enabling Bitlocker on an OS drive. Defaults to false.

Expand All @@ -28,4 +28,3 @@ class MSFT_xBLBitlocker : OMI_BaseResource
};



13 changes: 4 additions & 9 deletions DSCResources/MSFT_xBLTpm/MSFT_xBLTpm.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ function Get-TargetResource
{
$returnValue = @{
Identity = $Identity
TpmReady = $tpm.TpmReady
}
}

Expand Down Expand Up @@ -59,18 +58,15 @@ function Set-TargetResource
{
if ($tpm.RestartRequired -eq $true)
{
$global:DSCMachineStatus = 1

if ($AllowImmediateReboot -eq $true)
{
Write-Verbose "Forcing an immediate reboot of the computer"
Write-Verbose "Forcing an immediate reboot of the computer in 30 seconds"

Start-Sleep -Seconds 30
Restart-Computer -Force
}
else
{
Write-Verbose "Setting DSCMachineStatus to 1"

$global:DSCMachineStatus = 1
}
}
}
else
Expand Down Expand Up @@ -120,4 +116,3 @@ function Test-TargetResource
Export-ModuleMember -Function *-TargetResource



Expand Down
1 change: 0 additions & 1 deletion DSCResources/MSFT_xBLTpm/MSFT_xBLTpm.schema.mof
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,3 @@ class MSFT_xBLTpm : OMI_BaseResource
};



Loading

0 comments on commit fa6c7d1

Please sign in to comment.