encrypt02.ps1

1. <#
2. .SYNOPSIS
3. This script encrypt local disk and send encryption key to the specified mail address
4.  
5. .DESCRIPTION
6. Create a file containing timestamp, hostname, hostid and a random bitlocker password
7. Send this file to the user mail address and ISD sympa list then start encrypting the disk
8. Abort if necessary
9. #>
10.  
11. #Function to generate a Bitlocker key
12. Function recoveryKeyGen
13. {
14.     $recoveryKey = ""
15.     for($i=0; $i -lt 8; $i++)
16.     {
17.         $completed = $null
18.         DO
19.         {
20.             $recoveryKeyPart =  (Get-Random -Minimum 100000 -Maximum 720895)
21.             if($recoveryKeyPart %11 -eq 0)
22.             {
23.                 $recoveryKey = $recoveryKey + $recoveryKeyPart
24.                 $completed = $true
25.             }
26.         } While (-not $completed)
27.         if ($i -ne 7)
28.         {
29.             $recoveryKey = $recoveryKey + "-"
30.         }
31.     }
32.     $recoveryKey
33. }
34.  
35. #Prepare file path
36. if(-Not (Test-Path C:\Temp))
37. {
38.     New-Item -ItemType Directory -Force -Path C:\Temp
39. }
40. $recoveryKeyPath = "C:\Temp\" + $env:COMPUTERNAME + "_" + $env:USERNAME + "_recoveryKey.txt"
41. if(Test-Path $recoveryKeyPath)
42. {
43.     Remove-Item $recoveryKeyPath
44. }
45.  
46. #Get mail address
47. Add-Type -AssemblyName System.Windows.Forms
48. Add-Type -AssemblyName System.Drawing
49. $form = New-Object System.Windows.Forms.Form
50. $form.Text = 'Data Entry Form'
51. $form.Size = New-Object System.Drawing.Size(300,200)
52. $form.StartPosition = 'CenterScreen'
53. $okButton = New-Object System.Windows.Forms.Button
54. $okButton.Location = New-Object System.Drawing.Point(75,120)
55. $okButton.Size = New-Object System.Drawing.Size(75,23)
56. $okButton.Text = 'OK'
57. $okButton.DialogResult = [System.Windows.Forms.DialogResult]::OK
58. $form.AcceptButton = $okButton
59. $form.Controls.Add($okButton)
60. $cancelButton = New-Object System.Windows.Forms.Button
61. $cancelButton.Location = New-Object System.Drawing.Point(150,120)
62. $cancelButton.Size = New-Object System.Drawing.Size(75,23)
63. $cancelButton.Text = 'Cancel'
64. $cancelButton.DialogResult = [System.Windows.Forms.DialogResult]::Cancel
65. $form.CancelButton = $cancelButton
66. $form.Controls.Add($cancelButton)
67. $label = New-Object System.Windows.Forms.Label
68. $label.Location = New-Object System.Drawing.Point(10,20)
69. $label.Size = New-Object System.Drawing.Size(280,20)
70. $label.Text = 'Please enter your professional mail address :'
71. $form.Controls.Add($label)
72. $textBox = New-Object System.Windows.Forms.TextBox
73. $textBox.Location = New-Object System.Drawing.Point(10,40)
74. $textBox.Size = New-Object System.Drawing.Size(260,20)
75. $form.Controls.Add($textBox)
76. $form.Topmost = $true
77. $form.Add_Shown({$textBox.Select()})
78. $result = $form.ShowDialog()
79. if ($result -eq [System.Windows.Forms.DialogResult]::OK)
80. {
81.     $userMail = $textBox.Text
82.     $userMail
83. }
84. else
85. {
86.     Write-Host Mail address is mandatory save encryption key. Aborting.
87.     exit
88. }
89.  
90. $timeStamp = "[{0:dd/MM/yy} {0:HH:mm:ss}]" -f (Get-Date)
91. Add-Content $recoveryKeyPath $timeStamp
92.  
93. $computerName = "COMPUTERNAME : " + $env:COMPUTERNAME
94. Add-Content $recoveryKeyPath $computerName
95.  
96. #Get IP
97. $ipv4 = "IP           : "
98. $ipv4B = (Get-WmiObject -Class Win32_NetworkAdapterConfiguration | where {$_.DefaultIPGateway -ne $null}).IPAddress | select-object -first 1
99. $ipv4 = $ipv4 + $ipv4B
100. Add-Content $recoveryKeyPath $ipv4
101.  
102. #Get hostID
103. $macAddress = "HOSTID       : "
104. $computerSystem = (Get-WmiObject -Class:Win32_ComputerSystem)
105. if ( $computerSystem.Manufacturer -like "Hewlett*" )
106. {
107.     $macAddressB =  Get-WmiObject win32_networkadapterconfiguration | select description, macaddress | ? description -like "*Network Connection" | select macaddress -ExpandProperty macaddress
108. }
109. elseif( $computerSystem.Manufacturer -like "Dell*" )
110. {
111.     $macAddressB =  Get-WmiObject win32_networkadapterconfiguration | select description, macaddress | ? description -like "Realtek*" | select macaddress -ExpandProperty macaddress
112. }
113. $macAddress = $macAddress + $macAddressB
114. Add-Content $recoveryKeyPath $macAddress
115.  
116. #Create recovery key
117. $recoveryKey = "RECOVERYKEY  : "
118. $recoveryKeyB = recoveryKeyGen
119. $recoveryKey = $recoveryKey + $recoveryKeyB
120. Add-Content $recoveryKeyPath $recoveryKey
121.  
122. #Send encryption info via mail
123. $smtpServer = "smtp.domain.fr"
124. $smtpFromA = ($userMail | Out-String)
125. $smtpFromB = "windows-escrow@domain.fr"
126. $smtpToA = "windows-escrow@domain.fr"
127. $smtpToB = ($userMail | Out-String)
128. $messageSubject = "$env:COMPUTERNAME BitLocker Recovery Password"
129. $messageBody = $timeStamp + "`n" + $computerName + "`n" + $ipv4 + "`n" + $macAddress + "`n" + $recoveryKey + "`n"
130. $smtpA = New-Object Net.Mail.SmtpClient($smtpServer)
131. $smtpB = New-Object Net.Mail.SmtpClient($smtpServer)
132. $smtpA.Send($smtpFromA,$smtpToA,$messagesubject,$messagebody)
133. $smtpB.Send($smtpFromB,$smtpToB,$messagesubject,$messagebody)
134.  
135. Write-Host "`n" $timeStamp "`n" $computerName "`n" $ipv4 "`n" $macAddress "`n" $recoveryKey "`n`n"
136. Write-Host "Encryption informations has been sent to the specified addresse, starting the disk encryption"
137.  
138. #Start encryption
139. manage-bde -protectors -add c: -RecoveryPassword $recoveryKeyB
140. manage-bde -on c:
141. Restart-Computer -Force