如何启用 BitLocker 在云平台系统 (CPS)

重要说明:本文是由 Microsoft 机器翻译软件进行的翻译并可能由 Microsoft 社区通过社区翻译机构(CTF)技术进行后期编辑,或可能是由人工进行的翻译。Microsoft 同时向您提供机器翻译、人工翻译及社区后期编辑的文章,以便对我们知识库中的所有文章以多种语言提供访问。翻译的文章可能存在词汇、句法和/或语法方面的错误。Microsoft 对由于内容的误译或客户对内容的使用所导致的任何不准确、错误或损失不承担责任。

点击这里察看该文章的英文版: 3078425
概要
本文介绍如何启用 BitLocker ® 在静态加密在 Microsoft 云平台系统 (CPS) 提供的数据。
更多信息
Microsoft 的云平台系统利用 Windows Server 2012 能够使用 BitLocker ® 加密群集共享卷 (CSV)。本文介绍如何启用 BitLocker。它还提供脚本来自动执行此过程。

注意: 应从 CPS 生命周期中尽可能早启用 BitLocker,因为过程会产生大量的停机时间。也就是说,您必须先关闭 所有 租户的虚拟机, 所有 管理虚拟机 (除了 AD/DC Vm) 以启用 BitLocker。

认真执行这些步骤。如果不这样做可能导致扩展的停机时间和数据损坏。
  1. 启用存储群集的每个节点上的 BitLocker 驱动器加密功能

    1.1 复制下面的代码,然后将其保存为启用-BitLockerFeature.ps1 中myfolder 文件夹> VM 控制台上:

     <#################################################### ## Copyright (c) Microsoft. All rights reserved. ## ###################################################><#.SYNOPSISInstall BitLocker Drive Encryption feature on each of the storage cluster nodes.DESCRIPTIONInstall BitLocker Drive Encryption feature on each node of the storage cluster. THIS CODE IS PROVIDED *AS IS* WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANYIMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.#> Param([Parameter (Mandatory = $true)] [string] $storageClusterName )$clusterNodes =Invoke-Command -ComputerName $storageClusterName {Get-ClusterNode}if($clusterNodes -eq $null){$errorMessageForUser = "Failed while retrieving the nodes of the storage cluster $storageClusterName"throw $errorMessageForUser }foreach ($node in $clusterNodes.Name){Write-Verbose "Installing BitLocker feature on node $node..."$BitlockerStatus = Invoke-Command -ComputerName $node {Add-WindowsFeature Bitlocker -Verbose}if(($BitlockerStatus -eq $null) -or (!$BitlockerStatus.Success)){$errorMessageForUser = "Add-WindowsFeature failed on node $node. Please try to install the feature on this node manually and then rerun this script to continue with the installation on the other nodes. "throw $errorMessageForUser}if($BitlockerStatus.RestartNeeded -eq "Yes"){Write-Verbose "Restarting Node $node..."Restart-Computer -ComputerName $BitlockerStatus.PSComputerName -waitWrite-Verbose "Node $node restarted."}}$installedCounter=0foreach ($node in $clusterNodes.Name){$featureState = Invoke-Command -ComputerName $node {Get-WindowsFeature "bitlocker"}if($featureState -eq $null){$errorMessageForUser = "Could not verify that BitLocker feature is correctly installed on storage node $node. Please connect to the node and run 'Get-WindowsFeature bitlocker' to verify the correct installation."Write-Warning $errorMessageForUser}if ($featureState.InstallState -eq "Installed"){$installedCounter++}}if($installedCounter -eq $clusterNodes.Count){Write-Verbose "BitLocker feature is now installed on all the nodes of the storage cluster"}else{Write-Error "BitLocker feature was not properly installed on all the nodes of the storage cluster"}

    1.2 从 VM 控制台,打开具有管理员权限的 PowerShell 的控制台,请转到myfolder 文件夹>,然后输入以下:
    ./Enable-BitLockerFeature.ps1 -storageClusterName <yourStorageCluster> -verbose
    该脚本将循环访问存储在群集的所有节点,并安装 BitLocker。在过程中,将重新启动节点。

    1.3 后脚本完成运行成功,请转到步骤 2。

  2. 基于 活动目录(AD) 的 BitLocker 恢复创建的 GPO

    2.1 从 VM 控制台中,打开组策略管理编辑器。

    2.2 展开林,CPS 域中,用鼠标右键单击,然后单击在此域中创建 GPO 此处链接

    2.3 授予 GPO (例如,BitLocker),您选择的名称,然后单击确定

    2.4 一个新的 GPO 现在应显示在 CPS 域下。BitLocker GPO 的设置选项卡,右键单击计算机配置,然后单击编辑。这将打开另一个组策略管理编辑器窗口。

    2.5 在组策略管理编辑器的左窗格中,导航到计算机配置->策略 ->管理模板 ->->固定数据驱动器上、 BitLocker 驱动器加密Windows 组件,然后右键单击可以恢复固定的选择如何受 BitLocker 保护的驱动器

    2.6 在策略设置弹出的对话框中,启用该策略,并设置以下选项:
    1. 允许数据恢复代理程序
    2. 将 BitLocker 恢复信息保存到 AD DS 为固定的数据驱动器
    3. 不要启用 BitLocker,直到恢复信息存储到 AD DS 为固定的数据驱动器

    2.7 单击确定,然后关闭编辑器窗口。

    2.8 在安全筛选框中,单击添加 将所有存储节点的计算机帐户。在 CPS 中,有四个节点,每个机架。将它们添加后,安全筛选框架中应列出所有节点。您可以删除默认的用户组。

    2.9 在左侧的窗格中,右键单击 BitLocker 策略,然后单击强制。关闭组策略管理编辑器。

    2.10 在这情况下,应用该策略,但它可能需要多达一个小时的时间来传播。
    1. 如果您不想等待传播的策略,可以手动强制它通过登录到每个存储节点并运行 PS C:\Users\admin1\Desktop > gpupdate /force.
    2. 验证该策略已成功应用在每个存储节点上运行以下 cmdlet:

      PS C:\Users\admin1\Desktop > gpresult /scope 计算机 /v
    3. 在输出中,查找应用组策略对象。如果列出了您的策略 (在此示例中我们把它称为 BitLocker),则应用该策略,并可以转到步骤 3。

  3. 重要 [不跳过此步骤]: 如果您有需要关闭特定序列的负荷租户群集中运行,请在现在。在步骤 4 中的脚本将关闭活动上戳的所有虚拟机。请不要关闭广告/DC Vm。这些卷联机 (指示)状态后,租户的虚拟机可以安全地重新启动。
  4. 启用 BitLocker 加密所有存储卷上

    4.1 复制下面的代码,然后将其保存为启用-ClusterDiskBitlocker.ps1 中myfolder 文件夹> 上存储群集的节点之一。让我们来调用该节点myStorageNode>.
    <#################################################### ## Copyright (c) Microsoft. All rights reserved. ## ###################################################><#.SYNOPSISEnable Bitlocker on all the Cluster Shared Volumes in CPS..DESCRIPTIONEnable Bitlocker on all the Cluster Shared Volumes on the rack. The volumes will be fully encrypted. The encryption process may take long time (48-72h), depending on the amount of data stored. During that time, the volumes will be in a redirected state. The volumes will automatically go back to Online once the encryption process is complete. NOTE: Please put all the VMs, both management and tenants, into a save state. Failing to do so will result in the VMs crashing and possibly getting into an inconsistent state. Once the volumes are in Online (Redirected) status, the VMs can be safely restarted.THIS CODE IS PROVIDED *AS IS* WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANYIMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.#> Function Stop-ClusterVMs{#Stop all VMs passed as inputparam([string]$ClusterName,[Object[]]$TargetVMs)$proceed = Get-Confirmation -question "The script will now turn off ALL the virtual machines in the $ClusterName cluster"$TargetVMs | Out-File ".\$ClusterName.txt"if($proceed -eq $true){$counter=1foreach ($vm in $TargetVMs){$progress= [int] ($counter / $TargetVMs.Count * 100 )Write-Progress -Activity "Stopping $ClusterName Virtual Machines..." `-PercentComplete $progress `-CurrentOperation "$progress% complete" `-Status "Please wait."$counter++Write-Verbose "Now turning off $vm.Name on node $vm.OwnerNode"Stop-VM -Name $vm.Name -ComputerName $vm.OwnerNode -Force}Write-Progress -Activity "Stopping $ClusterName Virtual Machines..." `-Completed -Status "All VMs are shut down."}else{exit}}Function Start-ClusterVMs{#start all the VMs passed as inputparam([string]$ClusterName,[Object[]]$TargetVMs)$counter=1foreach ($vm in $TargetVMs){$progress= [int] ($counter / $TargetVMs.Count * 100 )Write-Progress -Activity "Starting $ClusterName Virtual Machines..." `-PercentComplete $progress `-CurrentOperation "$progress% complete" `-Status "Please wait."$counter++Write-Verbose "Now turning on $vm.Name..."Start-VM -Name $vm.Name -ComputerName $vm.OwnerNode }Write-Progress -Activity "Starting $ClusterName Virtual Machines..." `-Completed -Status "All VMs are running."}Function Get-ClusterVMs{#create a table with VM, OwnerNode for the given clusterparam([string]$Cluster)$resultTable = @{Expression={$_.Name};Label="Volume Name";width=80},`@{Expression={$_.OwnerNode};Label="Owner Node";width=50}$nodes = Get-ClusterNode -Cluster $Clusterforeach($node in $nodes){$targetVMs = Get-VM -ComputerName $node | Where{$_.State -like "Running"}foreach($vm in $targetVMs){[PSCustomObject] @{ "Name" = $vm.Name"OwnerNode" = $node} } }}Function Get-Confirmation {param([string]$Question, [string]$message="Do you want to proceed?")$optionYes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", "Yes"$optionNo = New-Object System.Management.Automation.Host.ChoiceDescription "&No", "No"$options = [System.Management.Automation.Host.ChoiceDescription[]]($optionYes, $optionNo)$result = $host.ui.PromptForChoice($Question, $message, $options, 0)switch ($result){0 {Return $true }1 {Return $false }}}Function Suspend-ClusterVMs{#stop the cluster and put all VMs in saved stateparam([string]$ClusterName)$proceed = Get-Confirmation -question "The script will now suspend ALL the virtual machines in the $ClusterName cluster"Get-ClusterNode -Cluster $ClusterName | Out-File ".\$ClusterName.txt"if($proceed -eq $true){Stop-Cluster -Cluster $ClusterName -Verbose -Force}else{exit}}Function Enable-ClusterDiskBitlocker{Param([Parameter (Mandatory = $true)] [System.Security.SecureString] $bitlockerEncryptionKey, [Parameter (Mandatory = $true)] [String] $managementClusterName, [Parameter (Mandatory = $true)] [String] $computeClusterName, [Parameter (Mandatory = $true)] [String] $edgeClusterName)$ErrorActionPreference = "Stop"$creds = get-credential -Message "Please provide Admin credentials to enable BitLocker" #Verifying that cluster names are correctwhile ((Get-Cluster $managementClusterName) -eq $null){$managementClusterName = Read-Host "The name provided for the management cluster is not correct. Please provide name of the management cluster" }while ((Get-Cluster $computeClusterName) -eq $null){$computeClusterName = Read-Host "The name provided for the compute cluster is not correct. Please provide name of the compute cluster" }while ((Get-Cluster $edgeClusterName) -eq $null){$edgeClusterName = Read-Host "The name provided for the edge cluster is not correct. Please provide name of the edge cluster" }#enabling hyper-v-powershell feature on the storage nodeif(!(Get-WindowsFeature |?{$_.Name -match "Hyper-V-Powershell"} | select -ExpandProperty Installed)){Write-Verbose "Installing Hyper-V-Powershell feature..."Add-WindowsFeature "Hyper-V-Powershell" -Verbose}#data structures needed to restart the vms later$managementClusterNodes = Get-ClusterNode -Cluster $managementClusterNameif($managementClusterNodes -eq $null){Write-Warning "Could not retrieve the nodes of the management cluster"}$edgeClusterVMs = Get-ClusterVMs -Cluster $edgeClusterName if($edgeClusterVMs -eq $null){Write-Warning "Could not retrieve the virtual machines of the edge cluster"}$computeClusterVMs = Get-ClusterVMs -Cluster $computeClusterName if($computeClusterVMs -eq $null){Write-Warning "Could not retrieve the virtual machines of the compute cluster"}  #turning off all VMs to prevent them from crashing and risk of data corruption$proceed = Get-Confirmation -Question "Have you enabled RDP connectivity on a storage node?"if($proceed -eq $false){Write-Error "This script must be run from a storage node. Please enable RDP on a storage node, connect to it and restart the script."exit}$proceed = Get-Confirmation -Question "Are you running this script from a storage node?"if($proceed -eq $false){Write-Error "This script must be run from a storage node. Please RDP into a storage node and restart the script."exit}Stop-ClusterVMs -ClusterName $computeClusterName -targetVMs $computeClusterVMsStop-ClusterVMs -ClusterName $edgeClusterName -targetVMs $edgeClusterVMsSuspend-ClusterVMs -ClusterName $managementClusterName $storageClusterName = (Get-Cluster).namewhile ($storageClusterName -eq $null){$storageClusterName = Read-Host "Please provide name of the storage cluster" }$clusterNodes = (Get-ClusterNode -Cluster $storageClusterName).Nameif($clusterNodes -eq $null){Write-Error "Could not retrieve the nodes of the storage cluster"}$ClusterSharedVolumes = Get-ClusterSharedVolume -Cluster $storageClusterNameif($ClusterSharedVolumes -eq $null){Write-Error "'Get-ClusterSharedVolume -Cluster' $storageClusterName failed. Could not retrieve the list of volumes of the storage cluster"}#temporarily enable CredSSP on the SOFS nodesforeach($clusterNode in $clusterNodes){Write-Verbose "Enabling CredSSP Client role for $clusterNode..."Enable-WSManCredSSP -role Client -DelegateComputer * -ForceWrite-Verbose "Enabling CredSSP Server role on $clusterNode..."Invoke-Command -ComputerName $clusterNode {Enable-WSManCredSSP -Role Server -Force}} $counter = 1foreach ($clusterSharedVolumeObject in $ClusterSharedVolumes) {$progress= [int] ($counter / $ClusterSharedVolumes.Count * 100 )Write-Progress -Activity "Enabling BitLocker on the volumes..." `-PercentComplete $progress `-CurrentOperation "$progress% complete" `-Status "Please wait."$counter++$clusterSharedVolume = $clusterSharedVolumeObject.Name $CSVPhysicalOwner = $clusterSharedVolumeObject.OwnerNode#Verifying the status of the volume before starting the encryption process. only fullydecrypted is acceptable.$clusterSharedVolumeStatus = (Invoke-Command -Authentication Credssp -Credential $creds -ComputerName $CSVPhysicalOwner -ArgumentList $clusterSharedVolumeObject {param($clusterSharedVolumeObject) Get-BitlockerVolume -MountPoint $clusterSharedVolumeObject.SharedVolumeInfo.FriendlyVolumeName}).VolumeStatusswitch ($clusterSharedVolumeStatus) {"FullyDecrypted" {"Starting encryption process for $clusterSharedVolume..."; $continueWithEncryption = $true}"FullyEncrypted" {"$clusterSharedVolume is already encrypted. Moving to the next volume."; $continueWithEncryption = $false}"EncryptionInProgress" {"$clusterSharedVolume is currently being encrypted. Moving to the next volume"; $continueWithEncryption = $false}default {"$clusterSharedVolume status is unknown. Moving to the next volume"; $continueWithEncryption = $false}} if (!$continueWithEncryption){continue}try{#Put ClusterSharedVolume in Maintenance ModeWrite-Verbose "Putting the $clusterSharedVolume in maintenance mode..."Invoke-Command -ComputerName $CSVPhysicalOwner -ArgumentList $clusterSharedVolume {param($clusterSharedVolume) Get-ClusterSharedVolume $clusterSharedVolume | Suspend-ClusterResource -Force}#Configure BitLocker on the volume $CSVMountPoint = Invoke-Command -ComputerName $CSVPhysicalOwner -Authentication Credssp -Credential $creds -ArgumentList $clusterSharedVolume {param($clusterSharedVolume) (Get-ClusterSharedVolume $clusterSharedVolume).SharedVolumeInfo.FriendlyVolumeName}if($CSVMountPoint -eq $null){$errorMessageForUser = "Failed while retrieving the MountPoint associated with $clusterSharedVolume on server node $CSVPhysicalOwner"throw $errorMessageForUser }Write-Verbose "Invoking Enable-Bitlocker on $clusterSharedVolume..."Invoke-Command -ComputerName $CSVPhysicalOwner -Authentication Credssp -Credential $creds -ArgumentList $CSVMountPoint {param($CSVMountPoint) Enable-BitLocker $CSVMountPoint -RecoveryPasswordProtector}Invoke-Command -ComputerName $CSVPhysicalOwner -Authentication Credssp -Credential $creds -ArgumentList $CSVMountPoint,$bitlockerEncryptionKey {param($CSVMountPoint, $bitlockerEncryptionKey) Add-BitLockerKeyProtector $CSVMountPoint -PasswordProtector –Password $bitlockerEncryptionKey}#enable using a recovery password protector and backup the protector to Active Directorywrite-verbose "Backup BitLocker Key Protector on AD for $clusterSharedVolume..." $protectorId = Invoke-Command -ComputerName $CSVPhysicalOwner -Authentication Credssp -Credential $creds -ArgumentList $CSVMountPoint {param($CSVMountPoint) (Get-BitLockerVolume $CSVMountPoint).Keyprotector | Where-Object {$_.KeyProtectorType -eq "RecoveryPassword”}}if($protectorId -eq $null){$errorMessageForUser = "Failed while retrieving the protector Id associated with $CSVMountPoint on server node $CSVPhysicalOwner"throw $errorMessageForUser } Invoke-Command -ComputerName $CSVPhysicalOwner -Authentication Credssp -Credential $creds -ArgumentList $CSVMountPoint,$protectorId {param($CSVMountPoint, $protectorId) Backup-BitLockerKeyProtector $CSVMountPoint -KeyProtectorId $protectorId.KeyProtectorId}#Determine the Cluster Name Object for your cluster: $cno = $storageClusterName + "$"#Add an Active Directory Security Identifier (SID) to the CSV disk using the Cluster Name Object (CNO)Write-Verbose "Enabling ADProtector on $clusterSharedVolume..."Invoke-Command -ComputerName $CSVPhysicalOwner -Authentication Credssp -Credential $creds -ArgumentList $CSVMountPoint,$cno {param($CSVMountPoint, $cno) Add-BitLockerKeyProtector $CSVMountPoint -ADAccountOrGroupProtector –ADAccountOrGroup $cno}#Put the ClusterSharedVolume back onlineWrite-Verbose "Putting $clusterSharedVolume back online..."Invoke-Command -ComputerName $CSVPhysicalOwner -Authentication Credssp -Credential $creds -ArgumentList $clusterSharedVolume {param($clusterSharedVolume) Get-ClusterSharedVolume $clusterSharedVolume | Resume-ClusterResource}}catch{Invoke-Command -ComputerName $CSVPhysicalOwner -Authentication Credssp -Credential $creds -ArgumentList $CSVMountPoint{param($CSVMountPoint) manage-bde -off $CSVMountPoint}Write-Host "The encryption process of $CSVMountPoint encountered a problem. Execution stopped. Disabling BitLocker and decrypting volume $CSVMountPoint" -ForegroundColor RedWrite-Host "Exception Message: $($_.Exception.Message)" -ForegroundColor Redexit}} #restart all VMs that were previously shut down or suspendedWrite-Verbose "Encryption enabled on all the CSVs. Restarting now all the VMs that were previously shut down or suspended"#restarting management cluster $tempCounter = 0$sizeManagementCluster = $managementClusterNodes.length - 1$managmentClusterObject = Start-Cluster $managementClusterNodes[$tempCounter] while (($managementClusterObject -eq $null ) -and ($tempCounter -lt $sizeManagementCluster)){Write-Verbose "Management Cluster did not start on node $managementClusterNodes[$tempCounter]" $tempCounter++Write-Verbose "Trying now to start the management cluster on node $managementClusterNodes[$tempCounter]"$managmentClusterObject = Start-Cluster $managementClusterNodes[$tempCounter]}if ($managementClusterObject -eq $null){Write-Host "Management cluster could not be started. Please restart it manually" -ForegroundColor Red} Start-ClusterVMs -ClusterName $edgeClusterName -TargetVMs $edgeClusterVMs Start-ClusterVMs -ClusterName $computeClusterName -TargetVMs $computeClusterVMs  #disable credSSP on the SOFS nodesforeach($clusterNode in $listOfNodes){write-verbose "Disabling CredSSP on $clusterNode..."Invoke-Command -ComputerName $clusterNode {Disable-WSManCredSSP -Role Server}}write-verbose "Disabling CredSSP on local machine..."Disable-WSManCredSSP -role Client Write-Progress -Activity "Enabling BitLocker on the volumes..." `-Completed -Status "All done."}Enable-ClusterDiskBitlocker -Verbose

    4.2 使用远程桌面连接到myStorageNode> 通过使用您的管理员凭据,然后再用管理员权限中打开 PowerShell 控制台。如果您无法连接,请在存储节点上启用远程桌面。

    4.3 转到myfolder 文件夹>,然后输入下面的命令行:
    PS C:\Users\admin1\Desktop> .\Enable-ClusterDiskBitlocker.ps1 –bitlockerEncryptionKey <myEncryptionKey> -Verbose
    加密密钥是您想要使用 BitLocker 密钥。脚本将提示输入管理员凭据和管理群、 计算群集和边缘群集的名称。

    4.5 脚本首先关闭所有 Vm 上的图章 (除了 AD/DC Vm),因此您将丢失连接到 VM 控制台。该脚本将遍历每个群集磁盘,并启用 BitLocker 加密。群集中的每个磁盘上已经启用 BitLocker 之后,脚本将所有虚拟机联机,在过程中被关闭。

    如果您有兴趣了解这怎么回事在汽车发动机罩下,该脚本将完全遵循以下博客文章中的步骤操作:

    如何在 Windows Server 2012 中配置 BitLocker 加密群集的磁盘

    此过程需要大约 30 分钟,每个存储群集。

    4.6 脚本结束运行后,请打开故障转移群集管理器。所有的群集磁盘应具有联机 (指示)状态。您现在可以打开以前关闭的所有 Vm 并照常运行 CPS 机架。加密过程可能需要几天才能完成,具体取决于磁盘上写入的数据量。群集磁盘完全加密后,其状态自动返回联机
  5. 验证标记的加密状态

    加密过程,获取状态更新或者出于法规遵从性考虑获取打印样式的加密状态,运行下面命令获得 VolumeEncryptionStatus cmdlet。

    <#################################################### ## Copyright (c) Microsoft. All rights reserved. ## ###################################################><#.SYNOPSISCollect encryption status for each of the volumes in the storage cluster..DESCRIPTIONCollect encryption status for each of the volumes in the storage cluster. For each volume, this script returns Volume Name, Owner Node, Encryption Status and Encryption Percentage.The script requires the Bitlocker Feature installed on every node of the cluster and credssp enabled.THIS CODE IS PROVIDED *AS IS* WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANYIMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.#>Param([Parameter (Mandatory = $true)] [string] $storageClusterName)$ClusterSharedVolumes = Get-ClusterSharedVolume -Cluster $storageClusterNameif($ClusterSharedVolumes -eq $null){Write-Error "'Get-ClusterSharedVolume -Cluster' $storageClusterName failed. Could not retrieve the list of volumes of the storage cluster"}try{$resultTable = @{Expression={$_.Name};Label="Volume Name";width=45},`@{Expression={$_.OwnerNode};Label="Owner Node";width=15}, `@{Expression={$_.VolumeStatus};Label="Encryption Status";width=25}, `@{Expression={$_.EncryptionPercentage};Label="Encryption Percentage";width=15}  $counter = 1$temp = foreach($clusterSharedVolumeObject in $ClusterSharedVolumes){$progress= [int] ($counter / $ClusterSharedVolumes.Count * 100 )Write-Progress -Activity "Collecting data..." `-PercentComplete $progress `-CurrentOperation "$progress% complete" `-Status "Please wait."$bitlockerVolume = Invoke-Command -ComputerName $clusterSharedVolumeObject.OwnerNode.Name -ArgumentList $clusterSharedVolumeObject {param($clusterSharedVolumeObject) Get-BitlockerVolume -MountPoint $clusterSharedVolumeObject.SharedVolumeInfo.FriendlyVolumeName}[PSCustomObject] @{ "Name" = $clusterSharedVolumeObject.Name"OwnerNode" = $clusterSharedVolumeObject.OwnerNode.Name"VolumeStatus" = $bitlockerVolume.VolumeStatus"EncryptionPercentage" = $bitlockerVolume.EncryptionPercentage} $counter++}  $temp | Format-Table $resultTable Write-Progress -Activity "Collecting data..." `-Completed -Status "All done."}catch{Write-Host "The cmdlet encountered a problem. Execution stopped." -ForegroundColor Redwrite-host "Exception Message: $($_.Exception.Message)" -ForegroundColor Red}

    5.1 复制该代码并将其保存为 Get-VolumeEncryptionStatus.ps1 中myfolder 文件夹> VM 控制台上。

    5.2 使用管理员权限打开 Powershell 控制台并运行以下 命令 传递存储群集的名称:
    PS C:\Users\admin1\Desktop> .\Get-VolumeEncryptionStatus.ps1 -storageClusterName
BitLocker在静态数据加密;存储群集;群集共享卷

属性

文章 ID:3078425 - 上次审阅时间:09/17/2015 01:07:00 - 修订版本: 1.0

Cloud Platform System, Windows Server 2012 R2 Datacenter

  • kbmt KB3078425 KbMtzh
反馈