我们有带有TPM芯片的Windows 7企业笔记本电脑。我们已将Bitlocker部署到这些笔记本电脑上。我要完成的工作是编写一个PowerShell脚本,以查找AD中特定计算机的MSTPM所有信息值。我希望它取值并重置tpmlockout。
现在,我们必须进入TPM控制台,然后单击"重置"并指定包含该值的XML文件。
我已经开始使用一个脚本,但是它并没有做我想做的事情,因为我对PowerShell非常陌生。
创建一个名为" get_mstpm-hownerInformation.ps1"的新文件并粘贴以下文本。
将零件"域/OU"更改为您的需求。这应该在广告中读取您所需的所有信息
#----------------------Start----------------------------------------------------------------
#Custom variables
$CsvFilePath = "C:TempBitLockerComputerReport.csv"
#Create array to hold computer information
$export = @()
#Export computers not Bitlocker-enabled to a CSV-file
#$BitLockerEnabled = Get-QADObject -SizeLimit 0 -IncludedProperties cn,Name,ParentContainer,msFVE-RecoveryPassword | Where-Object {$_.type -eq “msFVE-RecoveryInformation”} | Foreach-Object {
$BitLockerEnabled = Get-QADObject -SearchRoot 'DOMAIN/OU' -SizeLimit 0 -IncludedProperties cn,Name,ParentContainer,msFVE-RecoveryPassword | Where-Object {$_.type -eq “msFVE-RecoveryInformation”} | Foreach-Object {
#Get PasswordID
$_.cn -match “(?<={).*(?=})"
#Create custom object for each computer
$computerobj = New-Object -TypeName psobject
#Add information to custom object
$computerobj | Add-Member -MemberType NoteProperty -Name Name -Value (Split-Path -Path $_.ParentContainer -Leaf)
$computerobj | Add-Member -MemberType NoteProperty -Name PasswordID -Value $matches[0]
$computerobj | Add-Member -MemberType NoteProperty -Name "msFVE-RecoveryPassword" -Value $_."msFVE-RecoveryPassword"
$computerobj | Add-Member -MemberType NoteProperty -Name "msTPM-OwnerInformation" -Value (Get-QADComputer -IncludedProperties "msTPM-OwnerInformation" -Name (Split-Path -Path $_.ParentContainer -Leaf))."msTPM-OwnerInformation"
$export += $computerobj
}
#Export the array with computerinformation to the user-specified path
$export | Export-Csv -Path $CsvFilePath -NoTypeInformation
#------------------------End--------------------------------------------------------------