Hi,
I have already set up bitlocker via Task Sequence setting up default PIN. My requirement is to prompt user to change the PIN via PS Script ( preferably want to use Intune).
Also I have script as below which is prompting for the PIN Change.
$Drive = "C:"
$EncryptableVolume = Get-WmiObject -Namespace "Root\CIMV2\Security\MicrosoftVolumeEncryption" -class Win32_EncryptableVolume -Filter "ProtectionStatus=1 AND DriveLetter='$Drive'"
if ($EncryptableVolume)
{
$OS = Get-WmiObject -Class Win32_OperatingSystem | Select-Object OSArchitecture
$cmd = @("$ENV:windir\system32\bitlockerwizardelev.exe",'$($EncryptableVolume.DeviceID)',"U") -join " "
Invoke-Expression -Command $cmd
}
But, In case User cancels that prompt than what? how can I check if user have changed password or not?
Regards,
Kanika