PowerShell is a scripting language and a command-line tool that allows you to perform various tasks on your devices. You can use PowerShell commands to manage device encryption and BitLocker settings on your Windows 10/11 devices, such as enabling or disabling encryption, changing the encryption method, backing up or restoring the recovery key, and unlocking or locking the drive.
Here are some examples of PowerShell commands that you can use to manage device encryption and BitLocker:
To enable BitLocker encryption on the C: drive with AES 256-bit encryption and a TPM protector, run the following command:
Enable-BitLocker -MountPoint C: -EncryptionMethod Aes256 -TpmProtector
To disable BitLocker encryption on the D: drive, run the following command:
Disable-BitLocker -MountPoint D:
To change the encryption method on the E: drive to XTS-AES 128-bit, run the following command:
Set-BitLockerVolume -MountPoint E: -EncryptionMethod XtsAes128
To backup the BitLocker recovery key for the F: drive to a file, run the following command:
Backup-BitLockerKeyProtector -MountPoint F: -KeyProtectorId (Get-BitLockerVolume -MountPoint F:).KeyProtector[1].KeyProtectorId -Path C:\RecoveryKey.txt
To restore the BitLocker recovery key for the G: drive from a file, run the following command:
Add-BitLockerKeyProtector -MountPoint G: -RecoveryKeyPath C:\RecoveryKey.txt
To unlock the H: drive with the BitLocker recovery key, run the following command:
Unlock-BitLocker -MountPoint H: -RecoveryKeyPath C:\RecoveryKey.txt
To lock the I: drive with BitLocker, run the following command:
Lock-BitLocker -MountPoint I:
You can find more PowerShell commands and parameters for device encryption and BitLocker on Microsoft Learn here: BitLocker Module | Microsoft Learn
One Reply to “How to use PowerShell commands to manage device encryption and BitLocker”
Comments are closed.