New-CMBLEncryptionMethodWithXts
Create a policy to configure the algorithm and cipher strength used by BitLocker Drive Encryption on Windows 10 devices.
Syntax
Default (Default)
New-CMBLEncryptionMethodWithXts
[-PolicyState <State>]
[-OSDriveEncryptionMethod <WindowsTenEncryptionMethod>]
[-FixedDriveEncryptionMethod <WindowsTenEncryptionMethod>]
[-RemovableDriveEncryptionMethod <WindowsTenEncryptionMethod>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>]
Description
Create a policy to configure the algorithm and cipher strength used by BitLocker Drive Encryption on Windows 10 devices. This policy is applied when you turn on BitLocker. If the drive is already encrypted, or if encryption is in progress, changing the encryption method has no effect.
For Windows 8.1 devices, use the New-CMBLEncryptionMethodPolicy cmdlet.
Examples
Example 1: New disabled policy
This example creates a Windows 10 policy that's disabled. Since the general policy specified with the New-CMBLEncryptionMethodPolicy cmdlet specifies AES-256, BitLocker uses that same encryption method on all devices.
New-CMBLEncryptionMethodPolicy -PolicyState Enabled -EncryptionMethod AES256
New-CMBLEncryptionMethodWithXts -PolicyState Disabled
Example 2: New enabled policy with XTS-CBC 128-bit encryption
This example creates a policy that's enabled and specifies XTS-CBC 128-bit encryption on all drive types.
New-CMBLEncryptionMethodWithXts -PolicyState Enabled -OSDriveEncryptionMethod AesCbc128 -FixedDriveEncryptionMethod AesCbc128 -RemovableDriveEncryptionMethod AesCbc128
Parameters
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-FixedDriveEncryptionMethod
Specify an encryption method for fixed data drives.
Parameter properties
| Type: | WindowsTenEncryptionMethod |
| Default value: | None |
| Accepted values: | AesXts128, AesXts256, AesCbc128, AesCbc256 |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-OSDriveEncryptionMethod
Specify an encryption method for the OS drive.
Parameter properties
| Type: | WindowsTenEncryptionMethod |
| Default value: | None |
| Accepted values: | AesXts128, AesXts256, AesCbc128, AesCbc256 |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-PolicyState
Use this parameter to configure the policy.
Enabled: If you enable this policy, separately configure an encryption algorithm and key cipher strength for fixed data drives, OS drives, and removable data drives. For fixed and OS drives, the XTS-AES algorithm is recommended. If you'll use a removable drive in a Windows 8.1 device, use AES-CBC 128-bit or AES-CBC 256-bit.DisabledorNotConfigured: If you disable or don't configure this policy, BitLocker uses AES with the same bit strength as a policy that you specify with the New-CMBLEncryptionMethodPolicy cmdlet. If you don't enable that policy, BitLocker uses the default encryption method of XTS-AES 128-bit.
Parameter properties
| Type: | State |
| Default value: | None |
| Accepted values: | Enabled, Disabled, NotConfigured |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-RemovableDriveEncryptionMethod
Specify an encryption method for removable drives.
Parameter properties
| Type: | WindowsTenEncryptionMethod |
| Default value: | None |
| Accepted values: | AesXts128, AesXts256, AesCbc128, AesCbc256 |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.