Share via

Manage-bde: unlock


Applies To: Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, Windows 8

Unlocks a BitLocker-protected drive by using a recovery password or a recovery key. For examples of how this command can be used, see Examples.


manage-bde -unlock {-recoverypassword <Password>|-recoverykey <PathToExternalKeyFile>} <Drive> [-certificate {-cf PathToCertificateFile | -ct CertificateThumbprint} {-pin}] [-password] [-computername <Name>] [{-?|/?}] [{-help|-h}]






Specifies that a recovery password will be used to unlock the drive.Abbreviation: -rp


Represents the recovery password that can be used to unlock the drive.


Specifies that an external recovery key file will be used to unlock the drive. Abbreviation: -rk


Represents the external recovery key file that can be used to unlock the drive.


Represents a drive letter followed by a colon.


The local user certificate for a BitLocker certificate to unclock the volume is located in the locat user certificate store. Abbreviation: -cert

<-cf PathToCertificateFile>

Path to the cerficate file

<-ct CertificateThumbprint>

Certificate thumbprint which may optionally include the PIN (-pin).


Presents a prompt for the password to unlock the volume. Abbreviation: -pw


Specifies that Manage-bde.exe will be used to modify BitLocker protection on a different computer. Abbreviation: -cn


Represents the name of the computer on which to modify BitLocker protection. Accepted values include the computer's NetBIOS name and the computer's IP address.

-? or /?

Displays brief Help at the command prompt.

-help or -h

Displays complete Help at the command prompt.


The following example illustrates using the -unlock command to unlock drive E with a recovery key file that has been saved to a backup folder on another drive.

manage-bde –unlock E: -recoverykey "F:\Backupkeys\recoverykey.bek"

Additional references