Bitlocker Generate Recovery Key Powershell
Used to turn on or turn off BitLocker, specify unlock mechanisms, update recovery methods, and unlock BitLocker-protected data drives. This command-line tool can be used in place of the BitLocker Drive Encryption Control Panel item. For examples of how this command can be used, see Examples.
Syntax
Parameters
Jan 05, 2020 The recovery key is useful to decrypt and recover data if you forgot or lost the BitLocker password. Even after you encrypt drives with BitLocker, you can still create additional recovery key backups as long as you have the BitLocker password. So, in this quick post let me show how you can backup BitLocker recovery key in Windows. Note: Before. Long time lurker first time posting. I've been dabbling in PowerShell again after not using it for quite a while. I'm currently trying to make a script that enables Bitlocker, and backs up the recovery key to the desktop. I'm finding that it enables Bitlocker fine, but the recovery key on the desktop doesn't show the recovery key?
| Parameter | Description |
|---|---|
| Manage-bde: status | Provides information about all drives on the computer, whether or not they are BitLocker-protected. |
| Manage-bde: on | Encrypts the drive and turns on BitLocker. |
| Manage-bde: off | Decrypts the drive and turns off BitLocker. All key protectors are removed when decryption is complete. |
| Manage-bde: pause | Pauses encryption or decryption. |
| Manage-bde: resume | Resumes encryption or decryption. |
| Manage-bde: lock | Prevents access to BitLocker-protected data. |
| Manage-bde: unlock | Allows access to BitLocker-protected data with a recovery password or a recovery key. |
| Manage-bde: autounlock | Manages automatic unlocking of data drives. |
| Manage-bde: protectors | Manages protection methods for the encryption key. |
| Manage-bde: tpm | Configures the computer's Trusted Platform Module (TPM). This command is not supported on computers running Windows 8 or win8_server_2. To manage the TPM on these computers, use either the TPM Management MMC snap-in or the TPM Management cmdlets for Windows PowerShell. |
| Manage-bde: setidentifier | Sets the drive identifier field on the drive to the value specified in the Provide the unique identifiers for your organization Group Policy setting. |
| Manage-bde: ForceRecovery | Forces a BitLocker-protected drive into recovery mode on restart. This command deletes all TPM-related key protectors from the drive. When the computer restarts, only a recovery password or recovery key can be used to unlock the drive. |
| Manage-bde: changepassword | Modifies the password for a data drive. |
| Manage-bde: changepin | Modifies the PIN for an operating system drive. |
| Manage-bde: changekey | Modifies the startup key for an operating system drive. |
| Manage-bde: KeyPackage | Generates a key package for a drive. |
| Manage-bde: upgrade | Upgrades the BitLocker version. |
| Manage-bde: WipeFreeSpace | Wipes the free space on a drive. |
| -? or /? | Displays brief Help at the command prompt. |
| -help or -h | Displays complete Help at the command prompt. |
- Oct 16, 2017 Forces a BitLocker-protected drive into recovery mode on restart. This command deletes all TPM-related key protectors from the drive. When the computer restarts, only a recovery password or recovery key can be used to unlock the drive.
- Manually Backup BitLocker Password to AD with PowerShell. If you have enabled BitLocker prior to configuring the above GPO policy, you can use PowerShell cmdlets to manually upload the BitLocker recovery key to Active Directory. Follow these steps: When your BitLocker-protected drive is unlocked, open PowerShell as administrator and type this.
- Retrieving BitLocker keys from Azure AD with PowerShell. Wrote a function to retrieve BitLocker keys from Azure AD with PowerShell, I hope some here might find it useful:-) Check out my blog post about it, or jump straight to the code over at GitHub! H/t to /u/liebensraum for pointing me to the 'hidden' API.
Examples
The following example displays the drives on the computer and identifies whether or not they are BitLocker-protected and the current encryption status.
The following example illustrates enabling BitLocker on drive C with the option of a recovery password. The recovery password will be generated by BitLocker and displayed on the screen so that you can record it.
Bitlocker Generate Recovery Key Powershell File
Nero 7 premium key generator. The following example illustrates unlocking a BitLocker-protected drive by using a recovery password.