Manage-bde
Applies To: Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, Windows 8
Used to turn on or turn off BitLocker, specify unlock mechanisms, update recovery methods, and unlock BitLocker-protected data drives. This command-line tool can be used in place of the BitLocker Drive Encryption Control Panel item. For examples of how this command can be used, see Examples.
Syntax
manage-bde [-status] [–on] [–off] [–pause] [–resume] [–lock] [–unlock] [–autounlock] [–protectors] [–tpm]
[–SetIdentifier] [-ForceRecovery] [–changepassword] [–changepin] [–changekey] [-KeyPackage] [–upgrade] [-WipeFreeSpace] [{-?|/?}] [{-help|-h}]
Parameters
Parameter |
Description |
---|---|
Provides information about all drives on the computer, whether or not they are BitLocker-protected. |
|
Encrypts the drive and turns on BitLocker. |
|
Decrypts the drive and turns off BitLocker. All key protectors are removed when decryption is complete. |
|
Pauses encryption or decryption. |
|
Resumes encryption or decryption. |
|
Prevents access to BitLocker-protected data. |
|
Allows access to BitLocker-protected data with a recovery password or a recovery key. |
|
Manages automatic unlocking of data drives. |
|
Manages protection methods for the encryption key. |
|
Configures the computer's Trusted Platform Module (TPM). This command is not supported on computers running Windows 8 or win8_server_2. To manage the TPM on these computers, use either the TPM Management MMC snap-in or the TPM Management cmdlets for Windows PowerShell. |
|
Sets the drive identifier field on the drive to the value specified in the Provide the unique identifiers for your organization Group Policy setting. |
|
Forces a BitLocker-protected drive into recovery mode on restart. This command deletes all TPM-related key protectors from the drive. When the computer restarts, only a recovery password or recovery key can be used to unlock the drive. |
|
Modifies the password for a data drive. |
|
Modifies the PIN for an operating system drive. |
|
Modifies the startup key for an operating system drive. |
|
Generates a key package for a drive. |
|
Upgrades the BitLocker version. |
|
Wipes the free space on a drive. |
|
-? or /? |
Displays brief Help at the command prompt. |
-help or -h |
Displays complete Help at the command prompt. |
Examples
The following example displays the drives on the computer and identifies whether or not they are BitLocker-protected and the current encryption status.
manage-bde -status
The following example illustrates enabling BitLocker on drive C with the option of a recovery password. The recovery password will be generated by BitLocker and displayed on the screen so that you can record it.
manage-bde –on C: -recoverypassword
The following example illustrates unlocking a BitLocker-protected drive by using a recovery password.
manage-bde –unlock E: -recoverypassword 111111-222222-333333-444444-555555-666666-777777-888888