New-CMUseOsEnforcePolicy
Create a policy to configure the number of days that users can delay complying with BitLocker policies for their OS drive.
Syntax
Default (Default)
New-CMUseOsEnforcePolicy
[-PolicyState <State>]
[-GracePeriodDays <Int32>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>]
Description
Create a policy to configure the number of days that users can delay complying with BitLocker policies for their OS drive. After the grace period expires, users can't postpone the required action or request an exemption. The grace period begins when BitLocker first detects that the OS drive is noncompliant. This grace period is the same for all users of the computer, regardless of when each user signs in.
Examples
Example 1: New enabled policy with a grace period of seven days
This example creates a policy that's enabled and a grace period of one week (five days).
New-CMUseOsEnforcePolicy -PolicyState Enabled -GracePeriodDays 7
Parameters
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-GracePeriodDays
Specify the number of days that the OS drive can be not protected by BitLocker. After this number of days, BitLocker protects the drive and encrypts it.
Specify a value of 0 to immediately enforce this OS drive policy.
Parameter properties
| Type: | Int32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-PolicyState
Use this parameter to configure the policy.
Enabled: If you enable this policy, BitLocker enforces the policy on the OS drive, and provides users with grace period that you specify in the -GracePeriodDays parameter.Disabled,NotConfigured: If you disable or don't configure this setting, Configuration Manager doesn't require users to comply with BitLocker policies.
Parameter properties
| Type: | State |
| Default value: | None |
| Accepted values: | Enabled, Disabled, NotConfigured |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.