Why use the command 'manage bde protectors get c:' to only obtain one BitLocker key, not all BitLocker keys?
Why use the command 'manage bde protectors get c:' to only obtain one BitLocker key, not all BitLocker keys?
Windows 10 Security
-
MTG 1,196 Reputation points
2023-05-12T07:41:33.83+00:00 Please rephrase your question as it is not clear what problem you see.
Your command will list all protectors that exist on the c: drive, like
TPM
TPMandPIN
RecoveryPassword
StartupKey
...
What do you mean by "all keys"?
-
Yang, Wen Chang (ext) 0 Reputation points
2023-05-16T08:06:22.82+00:00 I can obtain the RecoveryPassword for drive C using the following command, but there is only one. Is this normal? Or is it just one group
Command: manage-bde -protectors get c:
-
MTG 1,196 Reputation points
2023-05-16T08:24:56.35+00:00 Group? What are you talking about?
While you can set multiple recovery passwords, one would suffice, so if there's "only" one, this should be normal.
-
Yang, Wen Chang (ext) 0 Reputation points
2023-05-16T08:49:58.6633333+00:00 Thank you for your reply!
What I mean by group is the combination of a recover ID and a recover key
If I have set multiple recovery passwords and obtain a recover key through the above command, when I remove the corresponding hard drive and move it to another computer,can I use the command to obtain KEY to unlock the disk?
-
MTG 1,196 Reputation points
2023-05-16T08:58:13.8766667+00:00 Yes, that command will display the 48-digit numerical recovery password which can be used to mount the drive in other machines. If you don't see a 48-digit string there, you need to create a recovery key protector like this now:
manage-bde -protectors -add c: -rk
-
Yang, Wen Chang (ext) 0 Reputation points
2023-05-16T09:02:40.8066667+00:00 thank!
Can I check if the recover key has been uploaded to Microsoft account through the command?
-
MTG 1,196 Reputation points
2023-05-16T09:06:40.25+00:00 No you can't. You could re-upload it, but I would simply logon and check if I see it online together with the same key ID that you see with manage-bde -protectors -get c:
-
Yang, Wen Chang (ext) 0 Reputation points
2023-05-16T09:14:38.8066667+00:00 How can I upload it again?
-
MTG 1,196 Reputation points
2023-05-16T09:29:59.5233333+00:00 I am unsure whether the following command works for a Microsoft account, since it says Azure AD. Please try it:
manage-bde -protectors -aadbackup C: -id {84E151...}
Please exchange the {ID} with your ID.
If that does not succeed, please use the GUI like shown here:
- Tap the Windows Start button and type BitLocker.
- Select the Manage BitLocker Control Panel app from the list of search results.
- In the BitLocker app select Back up your recovery key.
- Select where you want the key backed up. ...
- Select Finish.
-
Yang, Wen Chang (ext) 0 Reputation points
2023-05-18T03:14:44.4166667+00:00 Thank you for your reply,
Can I cancel the encryption/decryption action if BitLocker is currently encrypting/decrypting?
-
MTG 1,196 Reputation points
2023-05-22T08:04:58.8066667+00:00 Sure. Either using the GUI ("Turn off Bitlocker", found via the context menu option "manage bitlocker") or through manage-bde -off c:
Sign in to comment