To enable BitLocker with a PIN using PowerShell in Windows 11, follow these steps:
- Launch an elevated PowerShell console (Run as Administrator).
- To view the available BitLocker commands, run the following command:
If you don't see any output, it's likely because you're running it on a Windows Server OS. Note that BitLocker is installed by default on client operating systems like Windows 10 and Windows 11. However, if you want to use BitLocker on a Windows Server, you need to manually enable it using this PowerShell command:Get-Command -Module BitLocker
This command installs BitLocker (including all subfeatures and management tools) and then restarts the server to complete the installation.Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -Restart
- To get information about the volumes (or drives) that BitLocker can protect on your computer, use:
By default, this command displays useful properties for all volumes. You can specify a particular volume using theGet-BitLockerVolume
-MountPoint
parameter. For example, to view the status of only the C: drive, use:Get-BitLockerVolume -MountPoint "C:"
- To enable BitLocker with a PIN, use the following command (replace the PIN with your desired value):
Make sure to replace$Pin = ConvertTo-SecureString "YourPINHere" -AsPlainText -Force Enable-BitLocker -MountPoint "C:" -EncryptionMethod Aes256 -Pin $Pin -TPMandPinProtector -UsedSpaceOnly
"YourPINHere"
with your actual PIN. This command will enable BitLocker encryption on the C: drive using both TPM and a PIN for key protection.