如何啟用 BitLocker 定域機組平台系統 (CPS)

請注意--重要:本文是以 Microsoft 機器翻譯軟體翻譯而成,且可能由 Microsoft Community 利用 Community Translation Framework技術或人工進行事後編修。翻譯過程並無專業譯者參與。Microsoft 同時提供使用者人為翻譯、機器翻譯及社群編修後的機器翻譯三種版本的文章,讓使用者可以依其使用語言使用知識庫中的所有文章。但是,所有翻譯文章都可能不盡完美,內容都可能出現詞彙、語意或文法上的錯誤。就翻譯內容之不正確或錯誤,或客戶因使用翻譯內容所產生的任何損害,微軟不負擔任何責任。Microsoft將依合理的商業努力不斷地更新機器翻譯軟體和工具,以期能為使用者提供更好的服務。

按一下這裡查看此文章的英文版本:3078425
結論
本文說明如何啟用 BitLocker (),若要在其他加密在 Microsoft 定域機組平台系統 (CPS) 提供資料。
其他相關資訊
Microsoft 定域機組平台系統會運用 Windows Server 2012 能夠加密使用 BitLocker () 的叢集共用磁碟區 (CSV)。本文說明如何啟用 BitLocker。它也提供指令碼來自動化程序。

附註 應該儘早 CPS 生命週期中啟用 BitLocker,因為處理程序會產生嚴重停機的情形。也就是說,您必須先關閉 所有 承租人 Vm 和 所有 管理 Vm (除了 AD/DC Vm) 才能啟用 BitLocker。

小心執行這些步驟。若要這麼做的失敗可能會導致延伸的停機和資料損毀。
  1. 啟用儲存叢集的每個節點上的 [BitLocker 磁碟機加密] 功能

    1.1 複製下列程式碼,並將其儲存為 [啟用-BitLockerFeature.ps1 中myFolder> 主控台 VM 上:

     <#################################################### ## Copyright (c) Microsoft. All rights reserved. ## ###################################################><#.SYNOPSISInstall BitLocker Drive Encryption feature on each of the storage cluster nodes.DESCRIPTIONInstall BitLocker Drive Encryption feature on each node of the storage cluster. THIS CODE IS PROVIDED *AS IS* WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANYIMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.#> Param([Parameter (Mandatory = $true)] [string] $storageClusterName )$clusterNodes =Invoke-Command -ComputerName $storageClusterName {Get-ClusterNode}if($clusterNodes -eq $null){$errorMessageForUser = "Failed while retrieving the nodes of the storage cluster $storageClusterName"throw $errorMessageForUser }foreach ($node in $clusterNodes.Name){Write-Verbose "Installing BitLocker feature on node $node..."$BitlockerStatus = Invoke-Command -ComputerName $node {Add-WindowsFeature Bitlocker -Verbose}if(($BitlockerStatus -eq $null) -or (!$BitlockerStatus.Success)){$errorMessageForUser = "Add-WindowsFeature failed on node $node. Please try to install the feature on this node manually and then rerun this script to continue with the installation on the other nodes. "throw $errorMessageForUser}if($BitlockerStatus.RestartNeeded -eq "Yes"){Write-Verbose "Restarting Node $node..."Restart-Computer -ComputerName $BitlockerStatus.PSComputerName -waitWrite-Verbose "Node $node restarted."}}$installedCounter=0foreach ($node in $clusterNodes.Name){$featureState = Invoke-Command -ComputerName $node {Get-WindowsFeature "bitlocker"}if($featureState -eq $null){$errorMessageForUser = "Could not verify that BitLocker feature is correctly installed on storage node $node. Please connect to the node and run 'Get-WindowsFeature bitlocker' to verify the correct installation."Write-Warning $errorMessageForUser}if ($featureState.InstallState -eq "Installed"){$installedCounter++}}if($installedCounter -eq $clusterNodes.Count){Write-Verbose "BitLocker feature is now installed on all the nodes of the storage cluster"}else{Write-Error "BitLocker feature was not properly installed on all the nodes of the storage cluster"}

    1.2 從主控台 VM,以系統管理員權限開啟 PowerShell 主控台,請前往myFolder>,然後輸入下列:
    ./Enable-BitLockerFeature.ps1 -storageClusterName <yourStorageCluster> -verbose
    指令碼會逐一查看存放叢集的所有節點,並安裝 BitLocker。在程序期間將要重新開機的節點。

    1.3 之後在指令碼完成執行成功,請進行步驟 2。

  2. 建立 GPO 的 Active Directory 為基礎的 BitLocker 修復

    2.1 從主控台的 VM 中,開啟 [群組原則管理編輯器]。

    2.2 展開的樹系,CPS 網域中,按一下滑鼠右鍵,然後按一下在這個網域中建立 GPO 連結到

    2.3 提供的 GPO (比方說,BitLocker),您選擇的名稱,然後按一下[確定]

    2.4 一個新的 GPO,現在應該出現在 CPS 網域之下。按一下 [BitLocker GPO 中的 [設定] 索引標籤,以滑鼠右鍵按一下 [電腦設定],然後按一下 [編輯。這會開啟另一個 [群組原則管理編輯器] 視窗。

    2.5 在左窗格的 [群組原則管理編輯器 」 中,巡覽至-> 的電腦設定原則 ->系統管理範本 ->->固定資料磁碟機BitLocker 磁碟機加密Windows 元件,並用滑鼠右鍵按一下 [選擇如何受 BitLocker 保護的固定磁碟機可以復原

    2.6 在原則設定的 [快顯對話方塊] 方塊中,請啟用本原則,並設定下列選項:
    1. 允許資料修復代理
    2. 將 BitLocker 修復資訊儲存到 AD DS 的固定的資料磁碟機
    3. 不要啟用 BitLocker,直到修復資訊會儲存到 AD DS 的固定的資料磁碟機

    2.7 按一下[確定],然後關閉 [編輯器] 視窗。

    2.8 在 [安全性篩選框架中,按一下 [新增 新增所有存放節點電腦帳戶。CPS,有每一機架的四個節點。您將它們加入之後,所有的節點應該會列出安全性篩選器的框架中。您可以移除預設的 [授權的使用者] 群組。

    2.9 在左窗格中,BitLocker 原則中,按一下滑鼠右鍵,然後按一下強制。關閉 [群組原則管理編輯器]。

    2.10 此時,已套用原則,但它可能會花一小時就能傳播。
    1. 萬一您不想等待傳播原則,您可以手動強制執行登入每個存放節點,並執行 PS C:\Users\admin1\Desktop > gpupdate /force.
    2. 請確認,已成功套用原則藉由每個儲存區節點上執行下列指令程式:

      PS C:\Users\admin1\Desktop > gpresult /scope 電腦 /v
    3. 在輸出中,尋找 [套用群組原則] 物件。如果您的原則 (在這個範例中,我們會呼叫它 BitLocker) 列,套用原則時,並可以前往步驟 3。

  3. 重要 [勿略過這個步驟]: 如果您有承租人叢集中執行的工作量需要特定的順序,關閉的現在就立即動手。步驟 4 中的指令碼將會關閉所有使用中的 Vm 上戳記。請勿關閉 AD/DC Vm。磁碟區都有連線 (重新導向) ] 狀態後,可以安全地重新啟動承租人 Vm。
  4. 啟用所有存放磁碟區上的 BitLocker 加密

    4.1 複製下列程式碼,並將其儲存為 [啟用-ClusterDiskBitlocker.ps1 中myFolder> 其中一個存放叢集節點上。現在我們要呼叫該節點myStorageNode>.
    <#################################################### ## Copyright (c) Microsoft. All rights reserved. ## ###################################################><#.SYNOPSISEnable Bitlocker on all the Cluster Shared Volumes in CPS..DESCRIPTIONEnable Bitlocker on all the Cluster Shared Volumes on the rack. The volumes will be fully encrypted. The encryption process may take long time (48-72h), depending on the amount of data stored. During that time, the volumes will be in a redirected state. The volumes will automatically go back to Online once the encryption process is complete. NOTE: Please put all the VMs, both management and tenants, into a save state. Failing to do so will result in the VMs crashing and possibly getting into an inconsistent state. Once the volumes are in Online (Redirected) status, the VMs can be safely restarted.THIS CODE IS PROVIDED *AS IS* WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANYIMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.#> Function Stop-ClusterVMs{#Stop all VMs passed as inputparam([string]$ClusterName,[Object[]]$TargetVMs)$proceed = Get-Confirmation -question "The script will now turn off ALL the virtual machines in the $ClusterName cluster"$TargetVMs | Out-File ".\$ClusterName.txt"if($proceed -eq $true){$counter=1foreach ($vm in $TargetVMs){$progress= [int] ($counter / $TargetVMs.Count * 100 )Write-Progress -Activity "Stopping $ClusterName Virtual Machines..." `-PercentComplete $progress `-CurrentOperation "$progress% complete" `-Status "Please wait."$counter++Write-Verbose "Now turning off $vm.Name on node $vm.OwnerNode"Stop-VM -Name $vm.Name -ComputerName $vm.OwnerNode -Force}Write-Progress -Activity "Stopping $ClusterName Virtual Machines..." `-Completed -Status "All VMs are shut down."}else{exit}}Function Start-ClusterVMs{#start all the VMs passed as inputparam([string]$ClusterName,[Object[]]$TargetVMs)$counter=1foreach ($vm in $TargetVMs){$progress= [int] ($counter / $TargetVMs.Count * 100 )Write-Progress -Activity "Starting $ClusterName Virtual Machines..." `-PercentComplete $progress `-CurrentOperation "$progress% complete" `-Status "Please wait."$counter++Write-Verbose "Now turning on $vm.Name..."Start-VM -Name $vm.Name -ComputerName $vm.OwnerNode }Write-Progress -Activity "Starting $ClusterName Virtual Machines..." `-Completed -Status "All VMs are running."}Function Get-ClusterVMs{#create a table with VM, OwnerNode for the given clusterparam([string]$Cluster)$resultTable = @{Expression={$_.Name};Label="Volume Name";width=80},`@{Expression={$_.OwnerNode};Label="Owner Node";width=50}$nodes = Get-ClusterNode -Cluster $Clusterforeach($node in $nodes){$targetVMs = Get-VM -ComputerName $node | Where{$_.State -like "Running"}foreach($vm in $targetVMs){[PSCustomObject] @{ "Name" = $vm.Name"OwnerNode" = $node} } }}Function Get-Confirmation {param([string]$Question, [string]$message="Do you want to proceed?")$optionYes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", "Yes"$optionNo = New-Object System.Management.Automation.Host.ChoiceDescription "&No", "No"$options = [System.Management.Automation.Host.ChoiceDescription[]]($optionYes, $optionNo)$result = $host.ui.PromptForChoice($Question, $message, $options, 0)switch ($result){0 {Return $true }1 {Return $false }}}Function Suspend-ClusterVMs{#stop the cluster and put all VMs in saved stateparam([string]$ClusterName)$proceed = Get-Confirmation -question "The script will now suspend ALL the virtual machines in the $ClusterName cluster"Get-ClusterNode -Cluster $ClusterName | Out-File ".\$ClusterName.txt"if($proceed -eq $true){Stop-Cluster -Cluster $ClusterName -Verbose -Force}else{exit}}Function Enable-ClusterDiskBitlocker{Param([Parameter (Mandatory = $true)] [System.Security.SecureString] $bitlockerEncryptionKey, [Parameter (Mandatory = $true)] [String] $managementClusterName, [Parameter (Mandatory = $true)] [String] $computeClusterName, [Parameter (Mandatory = $true)] [String] $edgeClusterName)$ErrorActionPreference = "Stop"$creds = get-credential -Message "Please provide Admin credentials to enable BitLocker" #Verifying that cluster names are correctwhile ((Get-Cluster $managementClusterName) -eq $null){$managementClusterName = Read-Host "The name provided for the management cluster is not correct. Please provide name of the management cluster" }while ((Get-Cluster $computeClusterName) -eq $null){$computeClusterName = Read-Host "The name provided for the compute cluster is not correct. Please provide name of the compute cluster" }while ((Get-Cluster $edgeClusterName) -eq $null){$edgeClusterName = Read-Host "The name provided for the edge cluster is not correct. Please provide name of the edge cluster" }#enabling hyper-v-powershell feature on the storage nodeif(!(Get-WindowsFeature |?{$_.Name -match "Hyper-V-Powershell"} | select -ExpandProperty Installed)){Write-Verbose "Installing Hyper-V-Powershell feature..."Add-WindowsFeature "Hyper-V-Powershell" -Verbose}#data structures needed to restart the vms later$managementClusterNodes = Get-ClusterNode -Cluster $managementClusterNameif($managementClusterNodes -eq $null){Write-Warning "Could not retrieve the nodes of the management cluster"}$edgeClusterVMs = Get-ClusterVMs -Cluster $edgeClusterName if($edgeClusterVMs -eq $null){Write-Warning "Could not retrieve the virtual machines of the edge cluster"}$computeClusterVMs = Get-ClusterVMs -Cluster $computeClusterName if($computeClusterVMs -eq $null){Write-Warning "Could not retrieve the virtual machines of the compute cluster"}  #turning off all VMs to prevent them from crashing and risk of data corruption$proceed = Get-Confirmation -Question "Have you enabled RDP connectivity on a storage node?"if($proceed -eq $false){Write-Error "This script must be run from a storage node. Please enable RDP on a storage node, connect to it and restart the script."exit}$proceed = Get-Confirmation -Question "Are you running this script from a storage node?"if($proceed -eq $false){Write-Error "This script must be run from a storage node. Please RDP into a storage node and restart the script."exit}Stop-ClusterVMs -ClusterName $computeClusterName -targetVMs $computeClusterVMsStop-ClusterVMs -ClusterName $edgeClusterName -targetVMs $edgeClusterVMsSuspend-ClusterVMs -ClusterName $managementClusterName $storageClusterName = (Get-Cluster).namewhile ($storageClusterName -eq $null){$storageClusterName = Read-Host "Please provide name of the storage cluster" }$clusterNodes = (Get-ClusterNode -Cluster $storageClusterName).Nameif($clusterNodes -eq $null){Write-Error "Could not retrieve the nodes of the storage cluster"}$ClusterSharedVolumes = Get-ClusterSharedVolume -Cluster $storageClusterNameif($ClusterSharedVolumes -eq $null){Write-Error "'Get-ClusterSharedVolume -Cluster' $storageClusterName failed. Could not retrieve the list of volumes of the storage cluster"}#temporarily enable CredSSP on the SOFS nodesforeach($clusterNode in $clusterNodes){Write-Verbose "Enabling CredSSP Client role for $clusterNode..."Enable-WSManCredSSP -role Client -DelegateComputer * -ForceWrite-Verbose "Enabling CredSSP Server role on $clusterNode..."Invoke-Command -ComputerName $clusterNode {Enable-WSManCredSSP -Role Server -Force}} $counter = 1foreach ($clusterSharedVolumeObject in $ClusterSharedVolumes) {$progress= [int] ($counter / $ClusterSharedVolumes.Count * 100 )Write-Progress -Activity "Enabling BitLocker on the volumes..." `-PercentComplete $progress `-CurrentOperation "$progress% complete" `-Status "Please wait."$counter++$clusterSharedVolume = $clusterSharedVolumeObject.Name $CSVPhysicalOwner = $clusterSharedVolumeObject.OwnerNode#Verifying the status of the volume before starting the encryption process. only fullydecrypted is acceptable.$clusterSharedVolumeStatus = (Invoke-Command -Authentication Credssp -Credential $creds -ComputerName $CSVPhysicalOwner -ArgumentList $clusterSharedVolumeObject {param($clusterSharedVolumeObject) Get-BitlockerVolume -MountPoint $clusterSharedVolumeObject.SharedVolumeInfo.FriendlyVolumeName}).VolumeStatusswitch ($clusterSharedVolumeStatus) {"FullyDecrypted" {"Starting encryption process for $clusterSharedVolume..."; $continueWithEncryption = $true}"FullyEncrypted" {"$clusterSharedVolume is already encrypted. Moving to the next volume."; $continueWithEncryption = $false}"EncryptionInProgress" {"$clusterSharedVolume is currently being encrypted. Moving to the next volume"; $continueWithEncryption = $false}default {"$clusterSharedVolume status is unknown. Moving to the next volume"; $continueWithEncryption = $false}} if (!$continueWithEncryption){continue}try{#Put ClusterSharedVolume in Maintenance ModeWrite-Verbose "Putting the $clusterSharedVolume in maintenance mode..."Invoke-Command -ComputerName $CSVPhysicalOwner -ArgumentList $clusterSharedVolume {param($clusterSharedVolume) Get-ClusterSharedVolume $clusterSharedVolume | Suspend-ClusterResource -Force}#Configure BitLocker on the volume $CSVMountPoint = Invoke-Command -ComputerName $CSVPhysicalOwner -Authentication Credssp -Credential $creds -ArgumentList $clusterSharedVolume {param($clusterSharedVolume) (Get-ClusterSharedVolume $clusterSharedVolume).SharedVolumeInfo.FriendlyVolumeName}if($CSVMountPoint -eq $null){$errorMessageForUser = "Failed while retrieving the MountPoint associated with $clusterSharedVolume on server node $CSVPhysicalOwner"throw $errorMessageForUser }Write-Verbose "Invoking Enable-Bitlocker on $clusterSharedVolume..."Invoke-Command -ComputerName $CSVPhysicalOwner -Authentication Credssp -Credential $creds -ArgumentList $CSVMountPoint {param($CSVMountPoint) Enable-BitLocker $CSVMountPoint -RecoveryPasswordProtector}Invoke-Command -ComputerName $CSVPhysicalOwner -Authentication Credssp -Credential $creds -ArgumentList $CSVMountPoint,$bitlockerEncryptionKey {param($CSVMountPoint, $bitlockerEncryptionKey) Add-BitLockerKeyProtector $CSVMountPoint -PasswordProtector –Password $bitlockerEncryptionKey}#enable using a recovery password protector and backup the protector to Active Directorywrite-verbose "Backup BitLocker Key Protector on AD for $clusterSharedVolume..." $protectorId = Invoke-Command -ComputerName $CSVPhysicalOwner -Authentication Credssp -Credential $creds -ArgumentList $CSVMountPoint {param($CSVMountPoint) (Get-BitLockerVolume $CSVMountPoint).Keyprotector | Where-Object {$_.KeyProtectorType -eq "RecoveryPassword”}}if($protectorId -eq $null){$errorMessageForUser = "Failed while retrieving the protector Id associated with $CSVMountPoint on server node $CSVPhysicalOwner"throw $errorMessageForUser } Invoke-Command -ComputerName $CSVPhysicalOwner -Authentication Credssp -Credential $creds -ArgumentList $CSVMountPoint,$protectorId {param($CSVMountPoint, $protectorId) Backup-BitLockerKeyProtector $CSVMountPoint -KeyProtectorId $protectorId.KeyProtectorId}#Determine the Cluster Name Object for your cluster: $cno = $storageClusterName + "$"#Add an Active Directory Security Identifier (SID) to the CSV disk using the Cluster Name Object (CNO)Write-Verbose "Enabling ADProtector on $clusterSharedVolume..."Invoke-Command -ComputerName $CSVPhysicalOwner -Authentication Credssp -Credential $creds -ArgumentList $CSVMountPoint,$cno {param($CSVMountPoint, $cno) Add-BitLockerKeyProtector $CSVMountPoint -ADAccountOrGroupProtector –ADAccountOrGroup $cno}#Put the ClusterSharedVolume back onlineWrite-Verbose "Putting $clusterSharedVolume back online..."Invoke-Command -ComputerName $CSVPhysicalOwner -Authentication Credssp -Credential $creds -ArgumentList $clusterSharedVolume {param($clusterSharedVolume) Get-ClusterSharedVolume $clusterSharedVolume | Resume-ClusterResource}}catch{Invoke-Command -ComputerName $CSVPhysicalOwner -Authentication Credssp -Credential $creds -ArgumentList $CSVMountPoint{param($CSVMountPoint) manage-bde -off $CSVMountPoint}Write-Host "The encryption process of $CSVMountPoint encountered a problem. Execution stopped. Disabling BitLocker and decrypting volume $CSVMountPoint" -ForegroundColor RedWrite-Host "Exception Message: $($_.Exception.Message)" -ForegroundColor Redexit}} #restart all VMs that were previously shut down or suspendedWrite-Verbose "Encryption enabled on all the CSVs. Restarting now all the VMs that were previously shut down or suspended"#restarting management cluster $tempCounter = 0$sizeManagementCluster = $managementClusterNodes.length - 1$managmentClusterObject = Start-Cluster $managementClusterNodes[$tempCounter] while (($managementClusterObject -eq $null ) -and ($tempCounter -lt $sizeManagementCluster)){Write-Verbose "Management Cluster did not start on node $managementClusterNodes[$tempCounter]" $tempCounter++Write-Verbose "Trying now to start the management cluster on node $managementClusterNodes[$tempCounter]"$managmentClusterObject = Start-Cluster $managementClusterNodes[$tempCounter]}if ($managementClusterObject -eq $null){Write-Host "Management cluster could not be started. Please restart it manually" -ForegroundColor Red} Start-ClusterVMs -ClusterName $edgeClusterName -TargetVMs $edgeClusterVMs Start-ClusterVMs -ClusterName $computeClusterName -TargetVMs $computeClusterVMs  #disable credSSP on the SOFS nodesforeach($clusterNode in $listOfNodes){write-verbose "Disabling CredSSP on $clusterNode..."Invoke-Command -ComputerName $clusterNode {Disable-WSManCredSSP -Role Server}}write-verbose "Disabling CredSSP on local machine..."Disable-WSManCredSSP -role Client Write-Progress -Activity "Enabling BitLocker on the volumes..." `-Completed -Status "All done."}Enable-ClusterDiskBitlocker -Verbose

    4.2 使用遠端桌面連線到myStorageNode> 使用您的系統管理認證,然後開啟 [以系統管理員權限的 [PowerShell 主控台。如果您無法連線,請在存放節點上啟用遠端桌面。

    4.3 移至myFolder>,然後輸入下列命令列:
    PS C:\Users\admin1\Desktop> .\Enable-ClusterDiskBitlocker.ps1 –bitlockerEncryptionKey <myEncryptionKey> -Verbose
    加密金鑰是您想要使用的 BitLocker 的索引鍵。指令碼會提示您的系統管理認證,以及管理叢集、 電腦叢集中,以及邊緣叢集的名稱。

    4.5 指令碼會先關閉的戳記 (除了 AD/DC Vm 中) 中的所有 Vm 因此,您將連線到主控台 VM。指令碼會檢查每個叢集磁碟,啟用 BitLocker 加密。每個叢集磁碟上已啟用 BitLocker 之後,指令碼會顯示所有 Vm 線上程序期間關閉。

    如果您想要進一步瞭解在罩下運作時,指令碼依循下列的部落格文章中的步驟執行:

    如何設定 Windows Server 2012 BitLocker 加密的叢集的磁碟

    此程序花了大約 30 分鐘每個儲存區的叢集。

    4.6 指令碼執行之後,請開啟 [容錯移轉叢集管理員]。所有的叢集磁碟應該有連線 (重新導向)] 狀態。您現在可以開啟您先前已關閉的所有 Vm,並照常運作 CPS 架。加密程序可能要花好幾天才能完成,取決於磁碟上的寫入的資料量。叢集磁碟完全加密後,其狀態會自動回復為 [線上
  5. 檢查戳記的加密狀態

    若要取得加密程序的狀態更新,或列印文件的加密狀態取得相容性的理由,執行下列取得 VolumeEncryptionStatus 指令程式。

    <#################################################### ## Copyright (c) Microsoft. All rights reserved. ## ###################################################><#.SYNOPSISCollect encryption status for each of the volumes in the storage cluster..DESCRIPTIONCollect encryption status for each of the volumes in the storage cluster. For each volume, this script returns Volume Name, Owner Node, Encryption Status and Encryption Percentage.The script requires the Bitlocker Feature installed on every node of the cluster and credssp enabled.THIS CODE IS PROVIDED *AS IS* WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANYIMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.#>Param([Parameter (Mandatory = $true)] [string] $storageClusterName)$ClusterSharedVolumes = Get-ClusterSharedVolume -Cluster $storageClusterNameif($ClusterSharedVolumes -eq $null){Write-Error "'Get-ClusterSharedVolume -Cluster' $storageClusterName failed. Could not retrieve the list of volumes of the storage cluster"}try{$resultTable = @{Expression={$_.Name};Label="Volume Name";width=45},`@{Expression={$_.OwnerNode};Label="Owner Node";width=15}, `@{Expression={$_.VolumeStatus};Label="Encryption Status";width=25}, `@{Expression={$_.EncryptionPercentage};Label="Encryption Percentage";width=15}  $counter = 1$temp = foreach($clusterSharedVolumeObject in $ClusterSharedVolumes){$progress= [int] ($counter / $ClusterSharedVolumes.Count * 100 )Write-Progress -Activity "Collecting data..." `-PercentComplete $progress `-CurrentOperation "$progress% complete" `-Status "Please wait."$bitlockerVolume = Invoke-Command -ComputerName $clusterSharedVolumeObject.OwnerNode.Name -ArgumentList $clusterSharedVolumeObject {param($clusterSharedVolumeObject) Get-BitlockerVolume -MountPoint $clusterSharedVolumeObject.SharedVolumeInfo.FriendlyVolumeName}[PSCustomObject] @{ "Name" = $clusterSharedVolumeObject.Name"OwnerNode" = $clusterSharedVolumeObject.OwnerNode.Name"VolumeStatus" = $bitlockerVolume.VolumeStatus"EncryptionPercentage" = $bitlockerVolume.EncryptionPercentage} $counter++}  $temp | Format-Table $resultTable Write-Progress -Activity "Collecting data..." `-Completed -Status "All done."}catch{Write-Host "The cmdlet encountered a problem. Execution stopped." -ForegroundColor Redwrite-host "Exception Message: $($_.Exception.Message)" -ForegroundColor Red}

    5.1 複製這段程式碼,並將它存成 Get-VolumeEncryptionStatus.ps1 中myFolder> VM 的主控台上。

    5.2 以系統管理員權限開啟 Powershell 主控台,並執行下列的指令程式,來傳遞存放叢集的名稱:
    PS C:\Users\admin1\Desktop> .\Get-VolumeEncryptionStatus.ps1 -storageClusterName
BitLocker靜止資料加密;儲存叢集;叢集共用磁碟區

警告:本文為自動翻譯

內容

文章識別碼:3078425 - 最後檢閱時間:09/17/2015 01:07:00 - 修訂: 1.0

Cloud Platform System, Windows Server 2012 R2 Datacenter

  • kbmt KB3078425 KbMtzh
意見反應