manage-bde
Turns on or turns off BitLocker, specifies unlock mechanisms, updates recovery methods, and unlocks BitLocker-protected data drives.
Note
This command-line tool can be used in place of the BitLocker Drive Encryption Control Panel item.
Syntax
manage-bde [-status] [–on] [–off] [–pause] [–resume] [–lock] [–unlock] [–autounlock] [–protectors] [–tpm]
[–setidentifier] [-forcerecovery] [–changepassword] [–changepin] [–changekey] [-keypackage] [–upgrade] [-wipefreespace] [{-?|/?}] [{-help|-h}]
Parameters
| Parameter | Description |
|---|---|
| manage-bde status | Provides information about all drives on the computer, whether or not they are BitLocker-protected. |
| manage-bde on | Encrypts the drive and turns on BitLocker. |
| manage-bde off | Decrypts the drive and turns off BitLocker. All key protectors are removed when decryption is complete. |
| manage-bde pause | Pauses encryption or decryption. |
| manage-bde resume | Resumes encryption or decryption. |
| manage-bde lock | Prevents access to BitLocker-protected data. |
| manage-bde unlock | Allows access to BitLocker-protected data with a recovery password or a recovery key. |
| manage-bde autounlock | Manages automatic unlocking of data drives. |
| manage-bde protectors | Manages protection methods for the encryption key. |
| manage-bde tpm | Configures the computer's Trusted Platform Module (TPM). This command isn't supported on computers running Windows 8 or win8_server_2. To manage the TPM on these computers, use either the TPM Management MMC snap-in or the TPM Management cmdlets for Windows PowerShell. |
| manage-bde setidentifier | Sets the drive identifier field on the drive to the value specified in the Provide the unique identifiers for your organization Group Policy setting. |
| manage-bde ForceRecovery | Forces a BitLocker-protected drive into recovery mode on restart. This command deletes all TPM-related key protectors from the drive. When the computer restarts, only a recovery password or recovery key can be used to unlock the drive. |
| manage-bde changepassword | Modifies the password for a data drive. |
| manage-bde changepin | Modifies the PIN for an operating system drive. |
| manage-bde changekey | Modifies the startup key for an operating system drive. |
| manage-bde KeyPackage | Generates a key package for a drive. |
| manage-bde upgrade | Upgrades the BitLocker version. |
| manage-bde WipeFreeSpace | Wipes the free space on a drive. |
| -? or /? | Displays brief Help at the command prompt. |
| -help or -h | Displays complete Help at the command prompt. |