BitLocker command line interface

  • Article

Last week at TechEd Europe I showed the BitLocker command-line interface. At other TechEds I've mentioned it but didn't show it. The CLI provides full control over BitLocker, including enabling it on any NTFS volume on the system (the Control Panel UI displays only the volume containing the operating system).

To run it:

  1. Open an elevated command prompt
  2. Change to %WINDIR%\System32
  3. Enter cscript manage-bde.wsf

For the curious, "bde" expands to "BitLocker drive encryption."

With no parameters, the output is:

Description:
Configures BitLocker Drive Encryption on disk volumes.

Parameter List:
-status Provides information about BitLocker-capable volumes.
-on Encrypts the volume and turns BitLocker protection on.
-off Decrypts the volume and turns BitLocker protection off.
-pause Pauses encryption or decryption.
-resume Resumes encryption or decryption.
-lock Prevents access to BitLocker-encrypted data.
-unlock Allows access to BitLocker-encrypted data.
-autounlock Manages automatic unlocking of data volumes.
-protectors Manages protection methods for the encryption key.
-tpm Configures the computer's Trusted Platform Module (TPM).
-ForceRecovery or -fr
Forces a BitLocker-protected OS to recover on restarts.
-ComputerName or -cn
Runs on another computer. Examples: "ComputerX", "127.0.0.1"
-? or /? Displays brief help. Example: "-ParameterSet -?"
-Help or -h Displays complete help. Example: "-ParameterSet -h"

Examples:
manage-bde -status
manage-bde -on C: -RecoveryPassword -RecoveryKey F:\
manage-bde -unlock E: -RecoveryKey F:\84E151C1...7A62067A512.bek

Enjoy!

Comments

  • Anonymous
    January 01, 2003
    The other day we were disucssing Bitlocker on a listserve and it came out in the conversation that while

  • Anonymous
    January 01, 2003
    Steve Riley's blog is one that I follow and read faithfully. In his latest installment on the BitLocker

  • Anonymous
    January 01, 2003
    Had a chance this weekend to play around with the new BitLocker functionality in Windows Vista. For those

  • Anonymous
    January 01, 2003
    It is a business feature...so it should be present in the Business edition. Hope that'll change by Vista SP1.

  • Anonymous
    January 01, 2003
    Server Core installations can be specifically targeted at situations where single server roles are needed.

  • Anonymous
    January 01, 2003
    Are you aware of BitLocker and what it can do? If not, you can read a full lowdown here , however, in

  • Anonymous
    January 01, 2003
    ALEXTANSC -- Yes, you're right, BitLocker is quite useful, but comes with a certain amount of danger: if you lose your keys or there is some other (hard drive, motherboard) damage that prevents Windows from booting, only the recovery password can get you back to your data. Our experience shows that most home users don't even back up their hard drives, let alone keys. So therefore, BitLocker, which is really designed to be an enterprise feature so that recovery passwords can be automatically managed by the corporate IT department, is available only in the Enterprise and Ultimate editions. If a home user really wants to take advantage of the feature, then that person can use Ultimate edition. DAVID -- Not sure what to suggest other than you call PSS, who is better equipped than I am to help you troubleshoot what might be going on. I haven't seen this before.

  • Anonymous
    January 01, 2003
    I haven't tried this, Alun. Why don't you let us know the results of your experiment? :)

  • Anonymous
    December 01, 2006
    Hi Steve, do you know the reason behind the fact Bitlocker is only available to Enterprise and Ultimate edition of Vista? I was previously under the impression this would be a system tool for all version, since it is quite useful.

  • Anonymous
    December 13, 2006
    Hi Steve, I have installed and re-installed bitlocker over 5 times in order to encrypt my system drive. I've followed the official instructions from technech and created 2 partitions 1.5GB and remainder etc etc. Trouble is when I begin the encryption process it doesn't budge from 0%. I've left it 12+ hours at a time with not 1% increase. Any ideas? I would be eternally grateful if you could point me in the right direction. David.

  • Anonymous
    December 22, 2006
    Found the 0% problem to be related to my SATA disk. Exact same installation on IDE disk no issues. Error log suggests problem purging metadata.

  • Anonymous
    December 29, 2006
    Bitlocker status reports needs conversion, but the disk is already NTFS? I don't have a clue what this could be referring to.

  • Anonymous
    December 30, 2006
    So, can I use BitLocker to protect a removable drive?

  • Anonymous
    January 02, 2007
    The comment has been removed

  • Anonymous
    December 11, 2008
    The comment has been removed