Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Turns on or turns off BitLocker, specifies unlock mechanisms, updates recovery methods, and unlocks BitLocker-protected data drives.
Note
This command-line tool can be used in place of the BitLocker Drive Encryption Control Panel item.
Syntax
manage-bde [-status] [–on] [–off] [–pause] [–resume] [–lock] [–unlock] [–autounlock] [–protectors] [–tpm]
[–setidentifier] [-forcerecovery] [–changepassword] [–changepin] [–changekey] [-keypackage] [–upgrade] [-wipefreespace] [{-?|/?}] [{-help|-h}]
Parameters
| Parameter | Description |
|---|---|
| manage-bde status | Provides information about all drives on the computer, whether or not they are BitLocker-protected. |
| manage-bde on | Encrypts the drive and turns on BitLocker. |
| manage-bde off | Decrypts the drive and turns off BitLocker. All key protectors are removed when decryption is complete. |
| manage-bde pause | Pauses encryption or decryption. |
| manage-bde resume | Resumes encryption or decryption. |
| manage-bde lock | Prevents access to BitLocker-protected data. |
| manage-bde unlock | Allows access to BitLocker-protected data with a recovery password or a recovery key. |
| manage-bde autounlock | Manages automatic unlocking of data drives. |
| manage-bde protectors | Manages protection methods for the encryption key. |
| manage-bde tpm | Configures the computer's Trusted Platform Module (TPM). This command isn't supported on computers running Windows 8 or win8_server_2. To manage the TPM on these computers, use either the TPM Management MMC snap-in or the TPM Management cmdlets for Windows PowerShell. |
| manage-bde setidentifier | Sets the drive identifier field on the drive to the value specified in the Provide the unique identifiers for your organization Group Policy setting. |
| manage-bde ForceRecovery | Forces a BitLocker-protected drive into recovery mode on restart. This command deletes all TPM-related key protectors from the drive. When the computer restarts, only a recovery password or recovery key can be used to unlock the drive. |
| manage-bde changepassword | Modifies the password for a data drive. |
| manage-bde changepin | Modifies the PIN for an operating system drive. |
| manage-bde changekey | Modifies the startup key for an operating system drive. |
| manage-bde KeyPackage | Generates a key package for a drive. |
| manage-bde upgrade | Upgrades the BitLocker version. |
| manage-bde WipeFreeSpace | Wipes the free space on a drive. |
| -? or /? | Displays brief Help at the command prompt. |
| -help or -h | Displays complete Help at the command prompt. |