Enabling Bit-Locker from command line

by Nirmal Sharma [Published on 5 Sept. 2013 / Last Updated on 5 Sept. 2013]

Tip explains how to enable Bit-Locker from command line.

Bit-Locker provides more security for the Operating Systems. You can quickly enable Bit-Locker using command line. There are two ways to enable and manage Bit-Locker feature; using “Manage-BDE” or using PowerShell "Enable-BitLocker” cmdlet.

Before enabling the Bit-Locker for a volume, you can get the status of the volumes by running the following command:

Manage-BDE –Status

There are two PowerShell examples mentioned in this tip. Open a PowerShell window to run below PowerShell commands:

  1. To enable Bit-Locker for all volumes:

Get-BitLockerVolume | Enable-BitLocker –EncryptionMethod Aes128 -RecoveryKeyPath "E:\MyRecovery\" –RecoveryKeyProtector

  1. Enabling Bit-Locker with a specified user account:

Enable-BitLocker -MountPoint "C:" -EncryptionMethod Aes128 -AdAccountOrGroup "MyDomain.COM\John" -AdAccountOrGroupProtector

The first command enables Bit-Locker on all the volumes with recovery key stored in the E:\MyRecovery folder. The second command enables Bit-Locker on C: volume (specified by –MountPoint switch) and for volume protection it uses user account (John) credentials before Bit-Locker allows access to any other user accessing this volume.

About Nirmal Sharma

Nirmal is a MCSEx3, MCITP and was awarded Microsoft MVP award in Directory Services. He is specialized in Directory Services, Microsoft Clustering, Hyper-V, SQL and Exchange and has been involved in Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles. Nirmal can be reached at nirmal_sharma@mvps.org.

 

Featured Links