- #Enable bitlocker powershell how to
- #Enable bitlocker powershell password
- #Enable bitlocker powershell windows
#Enable bitlocker powershell password
manage-bde –protectors -add C: -startupkey E:Īfter the encryption is completed, the USB startup key must be inserted before the operating system can be started.Īn alternative to the startup key protector on non-TPM hardware is to use a password and an ADaccountorgroup protector to protect the operating system volume. You will be prompted to reboot to complete the encryption process. When BitLocker is enabled for the operating system volume, the BitLocker will need to access the USB flash drive to obtain the encryption key (in this example, the drive letter E represents the USB drive). Before beginning the encryption process, you must create the startup key needed for BitLocker and save it to the USB drive. The following example illustrates enabling BitLocker on a computer without a TPM chip. This command returns the volumes on the target, current encryption status, encryption method, and volume type (operating system or data) for each volume: Use the following command to determine volume status: manage-bde -status We recommend that you add at least one primary protector and a recovery protector to an operating system volume.Ī good practice when using manage-bde is to determine the volume status on the target system.
However, many environments require more secure protectors such as passwords or PIN and expect to be able to recover information with a recovery key. In general, using only the manage-bde -on command will encrypt the operating system volume with a TPM-only protector and no recovery key. Listed below are examples of basic valid commands for operating system volumes. Using manage-bde with operating system volumes The following sections provide examples of common usage scenarios for manage-bde. A volume encrypted in this manner still requires user interaction to turn on BitLocker protection, even though the command successfully completed because an authentication method needs to be added to the volume for it to be fully protected. For example, using just the manage-bde -on command on a data volume will fully encrypt the volume without any authenticating protectors. Manage-bde includes fewer default settings and requires greater customization for configuring BitLocker. For a complete list of the manage-bde options, see the Manage-bde command-line reference. Manage-bde offers additional options not displayed in the BitLocker control panel. Manage-bde is a command-line tool that can be used for scripting BitLocker operations.
#Enable bitlocker powershell windows
BitLocker cmdlets for Windows PowerShell.
Repair-bde is a special circumstance tool that is provided for disaster recovery scenarios in which a BitLocker protected drive cannot be unlocked normally or using the recovery console.
#Enable bitlocker powershell how to
This article for the IT professional describes how to use tools to manage BitLocker.īitLocker Drive Encryption Tools include the command-line tools manage-bde and repair-bde and the BitLocker cmdlets for Windows PowerShell.īoth manage-bde and the BitLocker cmdlets can be used to perform any task that can be accomplished through the BitLocker control panel and are appropriate to use for automated deployments and other scripting scenarios.