fix: Replace syntax with langauge code 2

2025-06-21 13:23:36 +00:00 · 2019-07-18 01:24:10 -04:00
parent b9b4d2a15b
commit 4af3d5650c
50 changed files with 290 additions and 292 deletions
--- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
@ -206,7 +206,7 @@ This command returns the volumes on the target, current encryption status and vo

 For example, suppose that you want to enable BitLocker on a computer without a TPM chip. To properly enable BitLocker for the operating system volume, you will need to use a USB flash drive as a startup key to boot (in this example, the drive letter E). You would first create the startup key needed for BitLocker using the –protectors option and save it to the USB drive on E: and then begin the encryption process. You will need to reboot the computer when prompted to complete the encryption process.

-``` syntax
+```powershell
 manage-bde –protectors -add C: -startupkey E:
 manage-bde -on C:
 ```
@ -237,7 +237,7 @@ Data volumes use the same syntax for encryption as operating system volumes but

 A common protector for a data volume is the password protector. In the example below, we add a password protector to the volume and turn BitLocker on.

-``` syntax
+```powershell
 manage-bde -protectors -add -pw C:
 manage-bde -on C:
 ```
@ -382,13 +382,13 @@ Occasionally, all protectors may not be shown when using <strong>Get-BitLockerVo

 If you wanted to remove the existing protectors prior to provisioning BitLocker on the volume, you can utilize the `Remove-BitLockerKeyProtector` cmdlet. Accomplishing this requires the GUID associated with the protector to be removed.
 A simple script can pipe the values of each **Get-BitLockerVolume** return out to another variable as seen below:
-``` syntax
+```powershell
 $vol = Get-BitLockerVolume
 $keyprotectors = $vol.KeyProtector
 ```
 Using this, we can display the information in the **$keyprotectors** variable to determine the GUID for each protector.
 Using this information, we can then remove the key protector for a specific volume using the command:
-``` syntax
+```powershell
 Remove-BitLockerKeyProtector <volume>: -KeyProtectorID "{GUID}"
 ```
 > **Note:**  The BitLocker cmdlet requires the key protector GUID enclosed in quotation marks to execute. Ensure the entire GUID, with braces, is included in the command.
@ -398,19 +398,19 @@ Remove-BitLockerKeyProtector <volume>: -KeyProtectorID "{GUID}"
 Using the BitLocker Windows PowerShell cmdlets is similar to working with the manage-bde tool for encrypting operating system volumes. Windows PowerShell offers users a lot of flexibility. For example, users can add the desired protector as part command for encrypting the volume. Below are examples of common user scenarios and steps to accomplish them using the BitLocker cmdlets for Windows PowerShell.
 To enable BitLocker with just the TPM protector. This can be done using the command:

-``` syntax
+```powershell
 Enable-BitLocker C:
 ```
 The example below adds one additional protector, the StartupKey protectors, and chooses to skip the BitLocker hardware test. In this example, encryption starts immediately without the need for a reboot.

-``` syntax
+```powershell
 Enable-BitLocker C: -StartupKeyProtector -StartupKeyPath <path> -SkipHardwareTest
 ```
 ### Data volume

 Data volume encryption using Windows PowerShell is the same as for operating system volumes. You should add the desired protectors prior to encrypting the volume. The following example adds a password protector to the E: volume using the variable $pw as the password. The $pw variable is held as a SecureString value to store the user defined password. Last, encryption begins.

-``` syntax
+```powershell
 $pw = Read-Host -AsSecureString
 <user inputs password>
 Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw
@ -423,12 +423,12 @@ The ADAccountOrGroup protector is an Active Directory SID-based protector. This
 
 To add an ADAccountOrGroup protector to a volume requires either the actual domain SID or the group name preceded by the domain and a backslash. In the example below, the CONTOSO\\Administrator account is added as a protector to the data volume G.

-``` syntax
+```powershell
 Enable-BitLocker G: -AdAccountOrGroupProtector -AdAccountOrGroup CONTOSO\Administrator
 ```
 For users who wish to use the SID for the account or group, the first step is to determine the SID associated with the account. To get the specific SID for a user account in Windows PowerShell, use the following command:

-``` syntax
+```powershell
 get-aduser -filter {samaccountname -eq "administrator"}
 ```
 > **Note:**  Use of this command requires the RSAT-AD-PowerShell feature.
@ -437,7 +437,7 @@ get-aduser -filter {samaccountname -eq "administrator"}
 
 In the example below, the user wishes to add a domain SID based protector to the previously encrypted operating system volume. The user knows the SID for the user account or group they wish to add and uses the following command:

-``` syntax
+```powershell
 Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup "<SID>"
 ```
 > **Note:**  Active Directory-based protectors are normally used to unlock Failover Cluster enabled volumes.
@ -469,7 +469,7 @@ Administrators who prefer a command line interface can utilize manage-bde to che

 To check the status of a volume using manage-bde, use the following command:

-``` syntax
+```powershell
 manage-bde -status <volume>
 ```
 > **Note:**  If no volume letter is associated with the -status command, all volumes on the computer display their status.
@ -480,7 +480,7 @@ Windows PowerShell commands offer another way to query BitLocker status for volu

 Using the Get-BitLockerVolume cmdlet, each volume on the system will display its current BitLocker status. To get information that is more detailed on a specific volume, use the following command:

-``` syntax
+```powershell
 Get-BitLockerVolume <volume> -Verbose | fl
 ```
 This command will display information about the encryption method, volume type, key protectors, etc.
@ -506,12 +506,12 @@ Once decryption is complete, the drive will update its status in the control pan

 Decrypting volumes using manage-bde is very straightforward. Decryption with manage-bde offers the advantage of not requiring user confirmation to start the process. Manage-bde uses the -off command to start the decryption process. A sample command for decryption is:

-``` syntax
+```powershell
 manage-bde -off C:
 ```
 This command disables protectors while it decrypts the volume and removes all protectors when decryption is complete. If a user wishes to check the status of the decryption, they can use the following command:

-``` syntax
+```powershell
 manage-bde -status C:
 ```
 ### Decrypting volumes using the BitLocker Windows PowerShell cmdlets
@ -520,12 +520,12 @@ Decryption with Windows PowerShell cmdlets is straightforward, similar to manage

 Using the Disable-BitLocker command, they can remove all protectors and encryption at the same time without the need for additional commands. An example of this command is:

-``` syntax
+```powershell
 Disable-BitLocker
 ```
 If a user did not want to input each mount point individually, using the `-MountPoint` parameter in an array can sequence the same command into one line without requiring additional user input. An example command is:

-``` syntax
+```powershell
 Disable-BitLocker -MountPoint E:,F:,G:
 ```
 ## See also
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
@ -52,14 +52,14 @@ The `servermanager` Windows PowerShell module can use either the `Install-Window

 By default, installation of features in Windows PowerShell does not include optional sub-features or management tools as part of the install process. This can be seen using the `-WhatIf` option in Windows PowerShell.

-``` syntax
+```powershell
 Install-WindowsFeature BitLocker -WhatIf
 ```
 The results of this command show that only the BitLocker Drive Encryption feature installs using this command.

 To see what would be installed with the BitLocker feature including all available management tools and sub-features, use the following command:

-``` syntax
+```powershell
 Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -WhatIf | fl
 ```

@ -75,7 +75,7 @@ The result of this command displays the following list of all the administration

 The command to complete a full installation of the BitLocker feature with all available features and then rebooting the server at completion is:

-``` syntax
+```powershell
 Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -Restart
 ```

@ -85,7 +85,7 @@ Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -

 The `dism` Windows PowerShell module uses the `Enable-WindowsOptionalFeature` cmdlet to install features. The BitLocker feature name for BitLocker is `BitLocker`. The `dism` module does not support wildcards when searching for feature names. To list feature names for the `dism` module, use the `Get-WindowsOptionalFeatures` cmdlet. The following command will list all of the optional features in an online (running) operating system.

-``` syntax
+```powershell
 Get-WindowsOptionalFeature -Online | ft
 ```

@ -93,13 +93,13 @@ From this output, we can see that there are three BitLocker related optional fea

 To install BitLocker using the `dism` module, use the following command:

-``` syntax
+```powershell
 Enable-WindowsOptionalFeature -Online -FeatureName BitLocker -All
 ```

 This command will prompt the user for a reboot. The Enable-WindowsOptionalFeature cmdlet does not offer support for forcing a reboot of the computer. This command does not include installation of the management tools for BitLocker. For a complete installation of BitLocker and all available management tools, use the following command:

-``` syntax
+```powershell
 Enable-WindowsOptionalFeature -Online -FeatureName BitLocker, BitLocker-Utilities -All
 ```
 ## More information
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
@ -313,7 +313,7 @@ Troubleshooting Network Unlock issues begins by verifying the environment. Many
 - Verify the clients were rebooted after applying the policy.
 - Verify the **Network (Certificate Based)** protector is listed on the client. This can be done using either manage-bde or Windows PowerShell cmdlets. For example the following command will list the key protectors currently configured on the C: drive of the lcoal computer:

-  ``` syntax
+  ```powershell
  manage-bde –protectors –get C:
  ```
  >**Note:**  Use the output of manage-bde along with the WDS debug log to determine if the proper certificate thumbprint is being used for Network Unlock
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
@ -278,26 +278,25 @@ You can reset the recovery password in two ways:

 1.  Remove the previous recovery password

-    ``` syntax
+    ```powershell
    Manage-bde –protectors –delete C: –type RecoveryPassword
    ```

 2.  Add the new recovery password

-    ``` syntax
+    ```powershell
    Manage-bde –protectors –add C: -RecoveryPassword
-
    ```

 3.  Get the ID of the new recovery password. From the screen copy the ID of the recovery password.

-    ``` syntax
+    ```powershell
    Manage-bde –protectors –get C: -Type RecoveryPassword
-
    ```
+
 4.  Backup the new recovery password to AD DS

-    ``` syntax
+    ```powershell
    Manage-bde –protectors –adbackup C: -id {EXAMPLE6-5507-4924-AA9E-AFB2EB003692}
    ```
    >**Warning:**  You must include the braces in the ID string.
@ -315,7 +314,7 @@ You can reset the recovery password in two ways:
 
 You can use the following sample script to create a VBScript file to reset the recovery passwords.

-``` syntax
+```vb
 ' Target drive letter
 strDriveLetter = "c:"
 ' Target computer name
@ -404,7 +403,7 @@ The following sample script exports all previously-saved key packages from AD D

 You can use the following sample script to create a VBScript file to retrieve the BitLocker key package from AD DS.

-``` syntax
+```vb
 ' --------------------------------------------------------------------------------
 ' Usage
 ' --------------------------------------------------------------------------------
@ -551,7 +550,7 @@ The following sample script exports a new key package from an unlocked, encrypte

    **cscript GetBitLockerKeyPackage.vbs  -?**

-``` syntax
+```vb
 ' --------------------------------------------------------------------------------
 ' Usage
 ' --------------------------------------------------------------------------------
--- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
@ -46,7 +46,7 @@ Listed below are examples of basic valid commands for operating system volumes.

 A good practice when using manage-bde is to determine the volume status on the target system. Use the following command to determine volume status:

-``` syntax
+```powershell
 manage-bde -status
 ```
 This command returns the volumes on the target, current encryption status, encryption method, and volume type (operating system or data) for each volume:
@ -55,7 +55,7 @@ This command returns the volumes on the target, current encryption status, encry

 The following example illustrates enabling BitLocker on a computer without a TPM chip. Before beginning the encryption process you must create the startup key needed for BitLocker and save it to the USB drive. When BitLocker is enabled for the operating system volume, the BitLocker will need to access the USB flash drive to obtain the encryption key (in this example, the drive letter E represents the USB drive). You will be prompted to reboot to complete the encryption process.

-``` syntax
+```powershell
 manage-bde –protectors -add C: -startupkey E:
 manage-bde -on C:
 ```
@ -64,7 +64,7 @@ manage-bde -on C:
 
 An alternative to the startup key protector on non-TPM hardware is to use a password and an **ADaccountorgroup** protector to protect the operating system volume. In this scenario, you would add the protectors first. This is done with the command:

-``` syntax
+```powershell
 manage-bde -protectors -add C: -pw -sid <user or group>
 ```

@ -72,13 +72,13 @@ This command will require you to enter and then confirm the password protector b

 On computers with a TPM it is possible to encrypt the operating system volume without any defined protectors using manage-bde. The command to do this is:

-``` syntax
+```powershell
 manage-bde -on C:
 ```

 This will encrypt the drive using the TPM as the default protector. If you are not sure if a TPM protector is available, to list the protectors available for a volume, run the following command:

-``` syntax
+```powershell
 manage-bde -protectors -get <volume>
 ```
 ### Using manage-bde with data volumes
@ -87,7 +87,7 @@ Data volumes use the same syntax for encryption as operating system volumes but

 A common protector for a data volume is the password protector. In the example below, we add a password protector to the volume and turn BitLocker on.

-``` syntax
+```powershell
 manage-bde -protectors -add -pw C:
 manage-bde -on C:
 ```
@ -257,7 +257,7 @@ If you want to remove the existing protectors prior to provisioning BitLocker on

 A simple script can pipe the values of each Get-BitLockerVolume return out to another variable as seen below:

-``` syntax
+```powershell
 $vol = Get-BitLockerVolume
 $keyprotectors = $vol.KeyProtector
 ```
@ -266,7 +266,7 @@ Using this, you can display the information in the $keyprotectors variable to de

 Using this information, you can then remove the key protector for a specific volume using the command:

-``` syntax
+```powershell
 Remove-BitLockerKeyProtector <volume>: -KeyProtectorID "{GUID}"
 ```

@ -278,13 +278,13 @@ Using the BitLocker Windows PowerShell cmdlets is similar to working with the ma

 The following example shows how to enable BitLocker on an operating system drive using only the TPM protector:

-``` syntax
+```powershell
 Enable-BitLocker C:
-
 ```
+
 In the example below, adds one additional protector, the StartupKey protector and chooses to skip the BitLocker hardware test. In this example, encryption starts immediately without the need for a reboot.

-``` syntax
+```powershell
 Enable-BitLocker C: -StartupKeyProtector -StartupKeyPath <path> -SkipHardwareTest
 ```

@ -293,7 +293,7 @@ Enable-BitLocker C: -StartupKeyProtector -StartupKeyPath <path> -SkipHardwareTes
 Data volume encryption using Windows PowerShell is the same as for operating system volumes. You should add the desired protectors prior to encrypting the volume. The following example adds a password protector to the E: volume using the variable $pw as the password. The $pw variable is held as a
 SecureString value to store the user defined password.

-``` syntax
+```powershell
 $pw = Read-Host -AsSecureString
 <user inputs password>
 Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw
@ -306,7 +306,7 @@ The **ADAccountOrGroup** protector, introduced in Windows 8 and Windows Server 2
 
 To add an **ADAccountOrGroup** protector to a volume requires either the actual domain SID or the group name preceded by the domain and a backslash. In the example below, the CONTOSO\\Administrator account is added as a protector to the data volume G.

-``` syntax
+```powershell
 Enable-BitLocker G: -AdAccountOrGroupProtector -AdAccountOrGroup CONTOSO\Administrator
 ```

@ -314,7 +314,7 @@ For users who wish to use the SID for the account or group, the first step is to

 >**Note:**  Use of this command requires the RSAT-AD-PowerShell feature.
 
-``` syntax
+```powershell
 get-aduser -filter {samaccountname -eq "administrator"}
 ```

@ -322,7 +322,7 @@ get-aduser -filter {samaccountname -eq "administrator"}
 
 The following example adds an **ADAccountOrGroup** protector to the previously encrypted operating system volume using the SID of the account:

-``` syntax
+```powershell
 Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup S-1-5-21-3651336348-8937238915-291003330-500
 ```

--- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
@ -66,13 +66,13 @@ BitLocker encryption is available for disks before or after addition to a cluste
 2.  Ensure the disk is formatted NTFS and has a drive letter assigned to it.
 3.  Identify the name of the cluster with Windows PowerShell.

-    ``` syntax
+    ```powershell
    Get-Cluster
-
    ```
+
 4.  Enable BitLocker on the volume of your choice with an **ADAccountOrGroup** protector, using the cluster name. For example, use a command such as:

-    ``` syntax
+    ```powershell
    Enable-BitLocker E: -ADAccountOrGroupProtector -ADAccountOrGroup CLUSTER$
    ```

@ -88,32 +88,32 @@ When the cluster service owns a disk resource already, it needs to be set into m
 1.  Install the BitLocker Drive Encryption feature if it is not already installed.
 2.  Check the status of the cluster disk using Windows PowerShell.

-    ``` syntax
+    ```powershell
    Get-ClusterResource "Cluster Disk 1"
    ```

 3.  Put the physical disk resource into maintenance mode using Windows PowerShell.

-    ``` syntax
+    ```powershell
    Get-ClusterResource "Cluster Disk 1" | Suspend-ClusterResource
    ```

 4.  Identify the name of the cluster with Windows PowerShell.

-    ``` syntax
+    ```powershell
    Get-Cluster
    ```

 5.  Enable BitLocker on the volume of your choice with an **ADAccountOrGroup** protector, using the cluster name. For example, use a command such as:

-    ``` syntax
+    ```powershell
    Enable-BitLocker E: -ADAccountOrGroupProtector -ADAccountOrGroup CLUSTER$
    ```
    >**Warning:**  You must configure an **ADAccountOrGroup** protector using the cluster CNO for a BitLocker enabled volume to either be shared in a Cluster Shared Volume or to fail over properly in a traditional failover cluster.
     
 6.  Use **Resume-ClusterResource** to take the physical disk resource back out of maintenance mode:

-    ``` syntax
+    ```powershell
    Get-ClusterResource "Cluster Disk 1" | Resume-ClusterResource
    ```

@ -146,7 +146,7 @@ You can also use manage-bde to enable BitLocker on clustered volumes. The steps
 6.  Once the disk is online in the storage pool, it can be added to a CSV by right clicking on the disk resource and choosing "**Add to cluster shared volumes**".
 CSVs can include both encrypted and unencrypted volumes. To check the status of a particular volume for BitLocker encryption, administrators can utilize the manage-bde -status command with a path to the volume inside the CSV namespace as seen in the example command line below.

-``` syntax
+```powershell
 manage-bde -status "C:\ClusterStorage\volume1"
 ```