Freigeben über


Unlock-BitLocker

Unlock-BitLocker

Restores access to data on a BitLocker volume.

Syntax

Parameter Set: __AllParameterSets
Unlock-BitLocker [-MountPoint] <String[]> [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: OnlyAdAccountOrGroupParameterSet
Unlock-BitLocker -AdAccountOrGroup [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: OnlyPasswordParameterSet
Unlock-BitLocker -Password <SecureString> [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: OnlyRecoveryKeyParameterSet
Unlock-BitLocker -RecoveryKeyPath <String> [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: OnlyRecoveryPasswordParameterSet
Unlock-BitLocker -RecoveryPassword <String> [-Confirm] [-WhatIf] [ <CommonParameters>]

Detailed Description

The Unlock-BitLocker cmdlet restores access to encrypted data on a volume that uses BitLocker Drive Encryption. You can use the Lock-BitLocker cmdlet to prevent access.

In order to restore access, provide one of the following key protectors for the volume:

-- Active Directory Domain Services (AD DS) account
-- Password
-- Recovery key
-- Recovery password

For an overview of BitLocker, see BitLocker Drive Encryption Overview (https://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet.

Parameters

-AdAccountOrGroup

Indicates that BitLocker requires account credentials to unlock the volume. In order to use this parameter, the account for the current user must be a key protector for the volume.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-MountPoint<String[]>

Specifies an array of drive letters or BitLocker volume objects. The cmdlet unlocks the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.

Aliases

none

Required?

true

Position?

1

Default Value

none

Accept Pipeline Input?

True (ByValue, ByPropertyName)

Accept Wildcard Characters?

false

-Password<SecureString>

Specifes a secure string that contains a password. The password specified acts as a protector for the volume encryption key.

Aliases

pw

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-RecoveryKeyPath<String>

Specifies the path to a recovery key. The key stored in the specified path acts as a protector for the volume encryption.

Aliases

rk

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-RecoveryPassword<String>

Specifies a recovery password. The password specified acts as a protector for the volume encryption key.

Aliases

rp

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Confirm

Prompts you for confirmation before running the cmdlet.

Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

  • BitLockerVolume[], String[]

Outputs

The output type is the type of the objects that the cmdlet emits.

  • BitLockerVolume[]

Examples

Example 1: Unlock a volume

This example unlocks a specified BitLocker volume by using a password.

The first command uses the ConvertTo-SecureString cmdlet to create a secure string that contains a password and saves it in the $SecureString variable. For more information about the ConvertTo-SecureString cmdlet, type Get-Help ConvertTo-SecureString.

The second command unlocks the specified BitLocker volume by using the password saved in the $SecureString variable.

PS C:\> $SecureString = ConvertTo-SecureString "fjuksAS1337" -AsPlainText -Force 
PS C:\> Unlock-BitLocker -MountPoint "E:" -Password $SecureString

Disable-BitLocker

Enable-BitLocker

Lock-BitLocker

Resume-BitLocker

Suspend-BitLocker

Get-BitLockerVolume