By Carl T
This post assumes you are already managing bitlocker in some capacity (feel free to read through my guide on how I am managing bitlocker with Pulseway custom fields here.).
The use cases for this script are a bit niche. This script will remove the tpm as a valid key protector for the c:\ drive of a workstation.
Two common use cases for when you may wish to do this:
1. In the event a laptop is stolen. - We have it setup where we can add stolen devices to a scope.. Devices that come online in this scope will kick off a workflow which includes the blow script. While in theory you shouldn't need to do this if the attacker doesn't know the password to the device, there are a number of instances out there where tpms are exploited with physical access to a device to then use the tpm to decrypt a drive. Such as this: https://pulsesecurity.co.nz/articles/TPM-sniffing
2. When terminating a remote employee's access to their computer. If an employee is out in the field or working from home, simply resetting their password might not be enough to lock them out of their device depending on your setup.
The script is fairly simple and is below:
$TpmProtectorID = ((Get-BitLockerVolume -MountPoint c).KeyProtector | Where-Object KeyProtectorType -EQ 'Tpm').KeyProtectorID Remove-BitLockerKeyProtector -MountPoint c -KeyProtectorId $TpmProtectorID Restart-Computer -Force Hope this is handy for some folks out there
If you recover the device and wish to re-enable the tpm you can do this from the management console, or simply run this script to put things back to "normal"
Add-BitLockerKeyProtector -MountPoint c -TpmProtector Restart-Computer -Force
By Jamie Taylor
We have redesigned the Group Policies page to make it easier for you to exploit the full power of Pulseway policies. With a clean simplified navigation design and the addition of an integrated search functionality, you can find any group policy setting with just a few clicks.
I have just noticed that I get a success event and email sent when the backup only partially works.
I am using Windows server backup and backup 2 vitual servers from the host. If the backup manages to backup just one of the VMs but the other fails I am still sent success info.
I do get failed if the entire backup fails but getting a success when it has not properly backed up is a bit of a problem tbh.
Any fixes or workarounds?
By Jamie Taylor
Pulseway Client Portal now includes a built-in chat function that allows the end user to communicate directly with a technician. This can be started automatically as a step in a troubleshooter, or you can give users the option to start it directly themselves. A summary of the chat is recorded and can be sent to the technician. Automation Workflows: Run assigned patch policy
Start patching systems as they get added to Pulseway using the new Run Assigned Patch Policy action, now available for the System Registered workflow trigger.
Remote Desktop Improvements
Introducing Adaptive FPS to deliver the optimum resolution for the current network connection, resulting in an enhanced user experience.