DSCResources/Bitlocker/Bitlocker.schema.psm1
|
configuration Bitlocker { param ( [Parameter()] [Hashtable] $Tpm, [Parameter()] [Hashtable[]] $Disks, [Parameter()] [Hashtable[]] $AutoDisks ) Import-DscResource -ModuleName PSDesiredStateConfiguration Import-DscResource -ModuleName xBitlocker # First install the required Bitlocker features WindowsFeature BitlockerFeature { Name = 'Bitlocker' Ensure = 'Present' IncludeAllSubFeature = $true } WindowsFeature BitlockerToolsFeature { Name = 'RSAT-Feature-Tools-Bitlocker' Ensure = 'Present' IncludeAllSubFeature = $true } $nextDepends = @( '[WindowsFeature]BitlockerFeature', '[WindowsFeature]BitlockerToolsFeature' ) if ($null -ne $Tpm) { $Tpm.Identity = 'bitlocker_Tpm' $Tpm.DependsOn = $nextDepends (Get-DscSplattedResource -ResourceName xBLTpm -ExecutionName $Tpm.Identity -Properties $Tpm -NoInvoke).Invoke($Tpm) $nextDepends = "[xBLTpm]$($Tpm.Identity)" } [boolean]$sysDrivePresent = $false if ($null -ne $Disks) { foreach ($disk in $Disks) { $disk.DependsOn = $nextDepends $executionName = "bitlocker_$($disk.MountPoint -replace '[().:\s]', '')" (Get-DscSplattedResource -ResourceName xBLBitlocker -ExecutionName $executionName -Properties $disk -NoInvoke).Invoke($disk) # first drive in list is the system drive if ($sysDrivePresent -eq $false) { $sysDrivePresent = $true $nextDepends = "[xBLBitlocker]$executionName" } } } if ($null -ne $AutoDisks) { # system drive encryption is required if ($sysDrivePresent -eq $false) { throw "ERROR: Before using 'Bitlocker - AutoDisks' the system drive encryption must be specified in the 'Bitlocker - Disks' section." } foreach ($autoDisk in $AutoDisks) { $autoDisk.DependsOn = $nextDepends $executionName = "bitlocker_$($autoDisk.DriveType)" (Get-DscSplattedResource -ResourceName xBLAutoBitlocker -ExecutionName $executionName -Properties $autoDisk -NoInvoke).Invoke($autoDisk) } } } |