New-CMUseOsEnforcePolicy
Create a policy to configure the number of days that users can delay complying with BitLocker policies for their OS drive.
Syntax
New-CMUseOsEnforcePolicy
[-PolicyState <State>]
[-GracePeriodDays <Int32>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>] Description
Create a policy to configure the number of days that users can delay complying with BitLocker policies for their OS drive. After the grace period expires, users can't postpone the required action or request an exemption. The grace period begins when BitLocker first detects that the OS drive is noncompliant. This grace period is the same for all users of the computer, regardless of when each user signs in.
Examples
Example 1: New enabled policy with a grace period of seven days
This example creates a policy that's enabled and a grace period of one week (five days).
New-CMUseOsEnforcePolicy -PolicyState Enabled -GracePeriodDays 7Parameters
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-GracePeriodDays
Specify the number of days that the OS drive can be not protected by BitLocker. After this number of days, BitLocker protects the drive and encrypts it.
Specify a value of 0 to immediately enforce this OS drive policy.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PolicyState
Use this parameter to configure the policy.
Enabled: If you enable this policy, BitLocker enforces the policy on the OS drive, and provides users with grace period that you specify in the -GracePeriodDays parameter.Disabled,NotConfigured: If you disable or don't configure this setting, Configuration Manager doesn't require users to comply with BitLocker policies.
| Type: | State |
| Accepted values: | Enabled, Disabled, NotConfigured |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None
Outputs
Microsoft.ConfigurationManagement.AdminConsole.BitlockerManagement.PolicyObject