Unlock-BitLocker
Restores access to data on a BitLocker volume.
Syntax
Unlock-BitLocker
[-MountPoint] <String[]>
-Password <SecureString>
[-WhatIf]
[-Confirm]
[<CommonParameters>] Unlock-BitLocker
[-MountPoint] <String[]>
-RecoveryPassword <String>
[-WhatIf]
[-Confirm]
[<CommonParameters>] Unlock-BitLocker
[-MountPoint] <String[]>
-RecoveryKeyPath <String>
[-WhatIf]
[-Confirm]
[<CommonParameters>] Unlock-BitLocker
[-MountPoint] <String[]>
[-AdAccountOrGroup]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Unlock-BitLocker cmdlet restores access to encrypted data on a volume that uses BitLocker Drive Encryption. You can use the Lock-BitLocker cmdlet to prevent access.
In order to restore access, provide one of the following key protectors for the volume:
- Active Directory Domain Services (AD DS) account
- Password
- Recovery key
- Recovery password
For an overview of BitLocker, see BitLocker Drive Encryption Overview on TechNet.
Examples
Example 1: Unlock a volume
PS C:\> $SecureString = ConvertTo-SecureString "fjuksAS1337" -AsPlainText -Force
PS C:\> Unlock-BitLocker -MountPoint "E:" -Password $SecureStringThis example unlocks a specified BitLocker volume by using a password.
The first command uses the ConvertTo-SecureString cmdlet to create a secure string that contains a password and saves it in the $SecureString variable.
For more information about the ConvertTo-SecureString cmdlet, type Get-Help ConvertTo-SecureString.
The second command unlocks the specified BitLocker volume by using the password saved in the $SecureString variable.
Parameters
-AdAccountOrGroup
Indicates that BitLocker requires account credentials to unlock the volume. In order to use this parameter, the account for the current user must be a key protector for the volume.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-MountPoint
Specifies an array of drive letters or BitLocker volume objects. The cmdlet unlocks the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.
| Type: | String[] |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Password
Specifies a secure string that contains a password. The password specified acts as a protector for the volume encryption key.
| Type: | SecureString |
| Aliases: | pw |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RecoveryKeyPath
Specifies the path to a folder where recovery keys are stored. The key stored in the specified path, if found, acts as a protector for the volume encryption.
| Type: | String |
| Aliases: | rk |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RecoveryPassword
Specifies a recovery password. The password specified acts as a protector for the volume encryption key.
| Type: | String |
| Aliases: | rp |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
BitLockerVolume[], String[]
Outputs
BitLockerVolume[]