manage-bde

Turns on or turns off BitLocker, specifies unlock mechanisms, updates recovery methods, and unlocks BitLocker-protected data drives.

Note

This command-line tool can be used in place of the BitLocker Drive Encryption Control Panel item.

Syntax

manage-bde [-status] [–on] [–off] [–pause] [–resume] [–lock] [–unlock] [–autounlock] [–protectors] [–tpm]
[–setidentifier] [-forcerecovery] [–changepassword] [–changepin] [–changekey] [-keypackage] [–upgrade] [-wipefreespace] [{-?|/?}] [{-help|-h}]

Parameters

Parameter Description
manage-bde status Provides information about all drives on the computer, whether or not they are BitLocker-protected.
manage-bde on Encrypts the drive and turns on BitLocker.
manage-bde off Decrypts the drive and turns off BitLocker. All key protectors are removed when decryption is complete.
manage-bde pause Pauses encryption or decryption.
manage-bde resume Resumes encryption or decryption.
manage-bde lock Prevents access to BitLocker-protected data.
manage-bde unlock Allows access to BitLocker-protected data with a recovery password or a recovery key.
manage-bde autounlock Manages automatic unlocking of data drives.
manage-bde protectors Manages protection methods for the encryption key.
manage-bde tpm Configures the computer's Trusted Platform Module (TPM). This command isn't supported on computers running Windows 8 or win8_server_2. To manage the TPM on these computers, use either the TPM Management MMC snap-in or the TPM Management cmdlets for Windows PowerShell.
manage-bde setidentifier Sets the drive identifier field on the drive to the value specified in the Provide the unique identifiers for your organization Group Policy setting.
manage-bde ForceRecovery Forces a BitLocker-protected drive into recovery mode on restart. This command deletes all TPM-related key protectors from the drive. When the computer restarts, only a recovery password or recovery key can be used to unlock the drive.
manage-bde changepassword Modifies the password for a data drive.
manage-bde changepin Modifies the PIN for an operating system drive.
manage-bde changekey Modifies the startup key for an operating system drive.
manage-bde KeyPackage Generates a key package for a drive.
manage-bde upgrade Upgrades the BitLocker version.
manage-bde WipeFreeSpace Wipes the free space on a drive.
-? or /? Displays brief Help at the command prompt.
-help or -h Displays complete Help at the command prompt.