Unlock-BitLocker
Unlock-BitLocker
Restores access to data on a BitLocker volume.
Syntax
Parameter Set: __AllParameterSets
Unlock-BitLocker [-MountPoint] <String[]> [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: OnlyAdAccountOrGroupParameterSet
Unlock-BitLocker -AdAccountOrGroup [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: OnlyPasswordParameterSet
Unlock-BitLocker -Password <SecureString> [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: OnlyRecoveryKeyParameterSet
Unlock-BitLocker -RecoveryKeyPath <String> [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: OnlyRecoveryPasswordParameterSet
Unlock-BitLocker -RecoveryPassword <String> [-Confirm] [-WhatIf] [ <CommonParameters>]
Detailed Description
The Unlock-BitLocker cmdlet restores access to encrypted data on a volume that uses BitLocker Drive Encryption. You can use the Lock-BitLocker cmdlet to prevent access.
In order to restore access, provide one of the following key protectors for the volume:
-- Active Directory Domain Services (AD DS) account
-- Password
-- Recovery key
-- Recovery password
For an overview of BitLocker, see BitLocker Drive Encryption Overview (https://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet.
Parameters
-AdAccountOrGroup
Indicates that BitLocker requires account credentials to unlock the volume. In order to use this parameter, the account for the current user must be a key protector for the volume.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-MountPoint<String[]>
Specifies an array of drive letters or BitLocker volume objects. The cmdlet unlocks the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.
Aliases |
none |
Required? |
true |
Position? |
1 |
Default Value |
none |
Accept Pipeline Input? |
True (ByValue, ByPropertyName) |
Accept Wildcard Characters? |
false |
-Password<SecureString>
Specifes a secure string that contains a password. The password specified acts as a protector for the volume encryption key.
Aliases |
pw |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-RecoveryKeyPath<String>
Specifies the path to a recovery key. The key stored in the specified path acts as a protector for the volume encryption.
Aliases |
rk |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-RecoveryPassword<String>
Specifies a recovery password. The password specified acts as a protector for the volume encryption key.
Aliases |
rp |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Confirm
Prompts you for confirmation before running the cmdlet.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
- BitLockerVolume[], String[]
Outputs
The output type is the type of the objects that the cmdlet emits.
- BitLockerVolume[]
Examples
Example 1: Unlock a volume
This example unlocks a specified BitLocker volume by using a password.
The first command uses the ConvertTo-SecureString cmdlet to create a secure string that contains a password and saves it in the $SecureString variable. For more information about the ConvertTo-SecureString cmdlet, type Get-Help ConvertTo-SecureString.
The second command unlocks the specified BitLocker volume by using the password saved in the $SecureString variable.
PS C:\> $SecureString = ConvertTo-SecureString "fjuksAS1337" -AsPlainText -Force
PS C:\> Unlock-BitLocker -MountPoint "E:" -Password $SecureString