Why use the command 'manage bde protectors get c:' to only obtain one BitLocker key, not all BitLocker keys?

Question

Why use the command 'manage bde protectors get c:' to only obtain one BitLocker key, not all BitLocker keys?

Yang, Wen Chang (ext) 0

MTG 991 Reputation points

2023-05-12T07:41:33.83+00:00

Please rephrase your question as it is not clear what problem you see.

Your command will list all protectors that exist on the c: drive, like

TPM

TPMandPIN

RecoveryPassword

StartupKey

...

What do you mean by "all keys"?
Yang, Wen Chang (ext) 0 Reputation points

2023-05-16T08:06:22.82+00:00

I can obtain the RecoveryPassword for drive C using the following command, but there is only one. Is this normal? Or is it just one group

Command: manage-bde -protectors get c:
MTG 991 Reputation points

2023-05-16T08:24:56.35+00:00

Group? What are you talking about?

While you can set multiple recovery passwords, one would suffice, so if there's "only" one, this should be normal.
Yang, Wen Chang (ext) 0 Reputation points

2023-05-16T08:49:58.6633333+00:00

Thank you for your reply!

What I mean by group is the combination of a recover ID and a recover key

If I have set multiple recovery passwords and obtain a recover key through the above command, when I remove the corresponding hard drive and move it to another computer,can I use the command to obtain KEY to unlock the disk?
MTG 991 Reputation points

2023-05-16T08:58:13.8766667+00:00

Yes, that command will display the 48-digit numerical recovery password which can be used to mount the drive in other machines. If you don't see a 48-digit string there, you need to create a recovery key protector like this now:

manage-bde -protectors -add c: -rk
Yang, Wen Chang (ext) 0 Reputation points

2023-05-16T09:02:40.8066667+00:00

thank!

Can I check if the recover key has been uploaded to Microsoft account through the command?
MTG 991 Reputation points

2023-05-16T09:06:40.25+00:00

No you can't. You could re-upload it, but I would simply logon and check if I see it online together with the same key ID that you see with manage-bde -protectors -get c:
Yang, Wen Chang (ext) 0 Reputation points

2023-05-16T09:14:38.8066667+00:00

How can I upload it again?
MTG 991 Reputation points

2023-05-16T09:29:59.5233333+00:00
I am unsure whether the following command works for a Microsoft account, since it says Azure AD. Please try it:

manage-bde -protectors -aadbackup C: -id {84E151...}

Please exchange the {ID} with your ID.

If that does not succeed, please use the GUI like shown here:

Tap the Windows Start button and type BitLocker.

Select the Manage BitLocker Control Panel app from the list of search results.

In the BitLocker app select Back up your recovery key.

Select where you want the key backed up. ...

Select Finish.
Yang, Wen Chang (ext) 0 Reputation points

2023-05-18T03:14:44.4166667+00:00

Thank you for your reply,

Can I cancel the encryption/decryption action if BitLocker is currently encrypting/decrypting?
MTG 991 Reputation points

2023-05-22T08:04:58.8066667+00:00

Sure. Either using the GUI ("Turn off Bitlocker", found via the context menu option "manage bitlocker") or through manage-bde -off c:

MTG 991 Reputation points

2023-05-12T07:41:33.83+00:00

Please rephrase your question as it is not clear what problem you see.

Your command will list all protectors that exist on the c: drive, like

TPM

TPMandPIN

RecoveryPassword

StartupKey

...

What do you mean by "all keys"?
Yang, Wen Chang (ext) 0 Reputation points

2023-05-16T08:06:22.82+00:00

I can obtain the RecoveryPassword for drive C using the following command, but there is only one. Is this normal? Or is it just one group

Command: manage-bde -protectors get c:
MTG 991 Reputation points

2023-05-16T08:24:56.35+00:00

Group? What are you talking about?

While you can set multiple recovery passwords, one would suffice, so if there's "only" one, this should be normal.
Yang, Wen Chang (ext) 0 Reputation points

2023-05-16T08:49:58.6633333+00:00

Thank you for your reply!

What I mean by group is the combination of a recover ID and a recover key

If I have set multiple recovery passwords and obtain a recover key through the above command, when I remove the corresponding hard drive and move it to another computer,can I use the command to obtain KEY to unlock the disk?
MTG 991 Reputation points

2023-05-16T08:58:13.8766667+00:00

Yes, that command will display the 48-digit numerical recovery password which can be used to mount the drive in other machines. If you don't see a 48-digit string there, you need to create a recovery key protector like this now:

manage-bde -protectors -add c: -rk
Yang, Wen Chang (ext) 0 Reputation points

2023-05-16T09:02:40.8066667+00:00

thank!

Can I check if the recover key has been uploaded to Microsoft account through the command?
MTG 991 Reputation points

2023-05-16T09:06:40.25+00:00

No you can't. You could re-upload it, but I would simply logon and check if I see it online together with the same key ID that you see with manage-bde -protectors -get c:
Yang, Wen Chang (ext) 0 Reputation points

2023-05-16T09:14:38.8066667+00:00

How can I upload it again?
MTG 991 Reputation points

2023-05-16T09:29:59.5233333+00:00

I am unsure whether the following command works for a Microsoft account, since it says Azure AD. Please try it:

manage-bde -protectors -aadbackup C: -id {84E151...}

Please exchange the {ID} with your ID.

If that does not succeed, please use the GUI like shown here:

Tap the Windows Start button and type BitLocker.

Select the Manage BitLocker Control Panel app from the list of search results.

In the BitLocker app select Back up your recovery key.

Select where you want the key backed up. ...

Select Finish.
Yang, Wen Chang (ext) 0 Reputation points

2023-05-18T03:14:44.4166667+00:00

Thank you for your reply,

Can I cancel the encryption/decryption action if BitLocker is currently encrypting/decrypting?
MTG 991 Reputation points

2023-05-22T08:04:58.8066667+00:00

Sure. Either using the GUI ("Turn off Bitlocker", found via the context menu option "manage bitlocker") or through manage-bde -off c:

Why use the command 'manage bde protectors get c:' to only obtain one BitLocker key, not all BitLocker keys?

Activity