在我的台式机上,我有自己的管理员帐户,并且正在为想要玩游戏的SO创建一个游戏帐户,用户名为Games。我的游戏硬盘驱动器上装有bitlocker,但是如果他们登录,我希望脚本可以自动安全地解锁驱动器,而无需我在那里。
我有一个脚本,已经提示了bitlocker密码,但是我该怎么说呢?“如果是Games,请输入此密码(最好是不使用硬编码的密码)并解锁驱动器。
$key = Read-Host 'Enter Bitlocker Password!' -AsSecureString
Unlock-Bitlocker -MountPoint "F:" -Password $key
您可以使用以下命令获取当前登录的用户名
PS> $env:USERNAME
Stephen
因此,要解锁该驱动器,您可以使用执行以下操作的脚本
$allowedUsers = 'Stephen','Lindsey'
If ($allowedUsers.Contains($env:USERNAME)){
#User is in allowed users group
Unlock-Bitlocker...
}
As for storing your password, I would normally suggest to store it as a SecureString but because this script will run against multiple users, we would have issues retrieving a value encrypted against your profile, so I think you should take a look at the PSSecret's Module, which should have work for your needs.
您也可以始终使用base64或其他“加密方式”来烘烤密码。
$sketchyPw = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes("'myQuoteGamesDrivePasswordUnquote'"))
#back to plain
[System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($sketchyPW))
因此,在您的情况下,您将获得base64密码,然后将其烘烤到脚本中,这对于您的用例来说可能已经足够安全了。
$key = convertto-securestring ([System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String('JwBIAGEAbABvAEkAcwBUAGgAZQBCAGUAcwB0ACcA'))) -AsPlainText -Force
$allowedUsers = 'Stephen','Lindsey'
If ($allowedUsers.Contains($env:USERNAME)){
#User is in allowed users group
Unlock-Bitlocker -MountPoint "F:" -Password $key
}