Unlock-BitLocker
Restores access to data on a BitLocker volume.
Syntax
OnlyPasswordParameterSet
Unlock-BitLocker
[-MountPoint] <String[]>
-Password <SecureString>
[-WhatIf]
[-Confirm]
[<CommonParameters>]
OnlyRecoveryPasswordParameterSet
Unlock-BitLocker
[-MountPoint] <String[]>
-RecoveryPassword <String>
[-WhatIf]
[-Confirm]
[<CommonParameters>]
OnlyRecoveryKeyParameterSet
Unlock-BitLocker
[-MountPoint] <String[]>
-RecoveryKeyPath <String>
[-WhatIf]
[-Confirm]
[<CommonParameters>]
OnlyAdAccountOrGroupParameterSet
Unlock-BitLocker
[-MountPoint] <String[]>
[-AdAccountOrGroup]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Unlock-BitLocker cmdlet restores access to encrypted data on a volume that uses BitLocker Drive Encryption. You can use the Lock-BitLocker cmdlet to prevent access.
In order to restore access, provide one of the following key protectors for the volume:
- Active Directory Domain Services (AD DS) account
- Password
- Recovery key
- Recovery password
For an overview of BitLocker, see BitLocker Drive Encryption Overview on TechNet.
Examples
Example 1: Unlock a volume
PS C:\> $SecureString = ConvertTo-SecureString "fjuksAS1337" -AsPlainText -Force
PS C:\> Unlock-BitLocker -MountPoint "E:" -Password $SecureString
This example unlocks a specified BitLocker volume by using a password.
The first command uses the ConvertTo-SecureString cmdlet to create a secure string that contains a password and saves it in the $SecureString variable.
For more information about the ConvertTo-SecureString cmdlet, type Get-Help ConvertTo-SecureString.
The second command unlocks the specified BitLocker volume by using the password saved in the $SecureString variable.
Parameters
-AdAccountOrGroup
Indicates that BitLocker requires account credentials to unlock the volume. In order to use this parameter, the account for the current user must be a key protector for the volume.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
OnlyAdAccountOrGroupParameterSet
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-MountPoint
Specifies an array of drive letters or BitLocker volume objects. The cmdlet unlocks the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | 0 |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Password
Specifies a secure string that contains a password. The password specified acts as a protector for the volume encryption key.
Parameter properties
| Type: | SecureString |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | pw |
Parameter sets
OnlyPasswordParameterSet
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-RecoveryKeyPath
Specifies the path to a folder where recovery keys are stored. The key stored in the specified path, if found, acts as a protector for the volume encryption.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | rk |
Parameter sets
OnlyRecoveryKeyParameterSet
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-RecoveryPassword
Specifies a recovery password. The password specified acts as a protector for the volume encryption key.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | rp |
Parameter sets
OnlyRecoveryPasswordParameterSet
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.