Unlock-Bitlocker/Lock-Bitlocker excessive confirmation queries

[AGDownie]

Prerequisites

• Write a descriptive title.
• Make sure you are able to repro it on the latest released version
• Search the existing issues.
• Refer to the FAQ.
• Refer to Differences between Windows PowerShell 5.1 and PowerShell.

Steps to reproduce

I am using the Unlock-Bitlocker and Lock-Bitlocker cmdlets to automate the unlocking/locking of multiple encrypted external drives.

According to the cmdlet help, the -Confirm option "Prompts you for confirmation before running the cmdlet.". However, when -Confirm is used on either of these cmdlets, an excessive number of confirmation queries are issued for obscure CIM-related actions internal to the cmdlet.

The following is a log of the messages received when unlocking a single drive:

PS> Unlock-BitLocker H: -Password $password -Confirm

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: GetLockStatus" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: GetEncryptionMethod" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: IsAutoUnlockEnabled" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: IsAutoUnlockKeyStored" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: GetVersion" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: GetProtectionStatus" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: GetKeyProtectors" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: GetKeyProtectorType" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: GetKeyProtectorType" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Unlock-BitLocker" on target "H:".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: UnlockWithPassphrase" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: GetLockStatus" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: GetEncryptionMethod" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: IsAutoUnlockEnabled" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: IsAutoUnlockKeyStored" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: GetVersion" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: GetConversionStatus" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: GetProtectionStatus" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: GetKeyProtectors" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: GetKeyProtectorType" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: GetKeyProtectorType" on target "Win32_EncryptableVolume (DeviceID =
"\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoke-CimMethod: GetKeyProtectorNumericalPassword" on target "Win32_EncryptableVolume
(DeviceID = "\\?\Volume{10380489-0000-0000-007e-0000...)".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

   ComputerName: DAN14

VolumeType      Mount CapacityGB VolumeStatus           Encryption KeyProtector              AutoUnlock Protection
                Point                                   Percentage                           Enabled    Status
----------      ----- ---------- ------------           ---------- ------------              ---------- ----------
Data            H:      1,863.01 FullyEncrypted         100        {Password, RecoveryPassw… False      On

Expected behavior

A single confirmation query to perform the intended unlock operation:

PS> Unlock-BitLocker H: -Password $password -Confirm

Confirm
Are you sure you want to perform this action?
Performing the operation "Unlock-Bitlocker" on target "H:".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):

Actual behavior

An excessive number of CIM-related confirmation requests, each of which has to be responded to separately (A for All doesn't work).  

See the issue description for details of the requests made.

Note that the confirmation query in the expected behavior IS included in the series of queries somewhere around the half-way point in the execution.

Error details

N/A

Environment data

Name                           Value
----                           -----
PSVersion                      7.5.2
PSEdition                      Core
GitCommitId                    7.5.2
OS                             Microsoft Windows 10.0.19045
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Visuals

No response

[iRon7]

Although I think it is good to have this bug noted, I fear that this cmdlet is not part of this repository but something that should be handled via Feedback to Microsoft which (in my experience) is a blackhole.
Btw, I did report a similar bug here before: #24434

[AGDownie]

Understood, @iRon7.
TBH I'm not particulary bothered if nothing gets done about this, but I thought it was worth noting. What the devs do with it is up to them.
I've simply worked around it with my own "SupportsShouldProcess" wrapper cmdlet.

[microsoft-github-policy-service]

This issue has been marked as external and has not had any activity for 1 day. It has been be closed for housekeeping purposes.

[microsoft-github-policy-service]

📣 Hey @@AGDownie, how did we do? We would love to hear your feedback with the link below! 🗣️

🔗 https://aka.ms/PSRepoFeedback

Microsoft Forms