Export (0) Print
Expand All

Unlock-BitLocker

Windows Server 2012 R2 and Windows 8.1

Updated: March 3, 2014

Applies To: Windows 8.1, Windows PowerShell 4.0, Windows Server 2012 R2

Unlock-BitLocker

Restores access to data on a BitLocker volume.

Syntax

Parameter Set: OnlyAdAccountOrGroupParameterSet
Unlock-BitLocker [-MountPoint] <String[]> -AdAccountOrGroup [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: OnlyPasswordParameterSet
Unlock-BitLocker [-MountPoint] <String[]> -Password <SecureString> [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: OnlyRecoveryKeyParameterSet
Unlock-BitLocker [-MountPoint] <String[]> -RecoveryKeyPath <String> [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: OnlyRecoveryPasswordParameterSet
Unlock-BitLocker [-MountPoint] <String[]> -RecoveryPassword <String> [-Confirm] [-WhatIf] [ <CommonParameters>]




Detailed Description

The Unlock-BitLocker cmdlet restores access to encrypted data on a volume that uses BitLocker Drive Encryption. You can use the Lock-BitLocker cmdlet to prevent access.

In order to restore access, provide one of the following key protectors for the volume:

-- Active Directory Domain Services (AD DS) account
-- Password
-- Recovery key
-- Recovery password

For an overview of BitLocker, see BitLocker Drive Encryption Overview (http://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet.

Parameters

-AdAccountOrGroup

Indicates that BitLocker requires account credentials to unlock the volume. In order to use this parameter, the account for the current user must be a key protector for the volume.


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-MountPoint<String[]>

Specifies an array of drive letters or BitLocker volume objects. The cmdlet unlocks the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.


Aliases

none

Required?

true

Position?

1

Default Value

none

Accept Pipeline Input?

True (ByValue, ByPropertyName)

Accept Wildcard Characters?

false

-Password<SecureString>

Specifes a secure string that contains a password. The password specified acts as a protector for the volume encryption key.


Aliases

pw

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-RecoveryKeyPath<String>

Specifies the path to a recovery key. The key stored in the specified path acts as a protector for the volume encryption.


Aliases

rk

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-RecoveryPassword<String>

Specifies a recovery password. The password specified acts as a protector for the volume encryption key.


Aliases

rp

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Confirm

Prompts you for confirmation before running the cmdlet.


Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.


Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters.

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

  • BitLockerVolume[], String[]

Outputs

The output type is the type of the objects that the cmdlet emits.

  • BitLockerVolume[]

Examples

Example 1: Unlock a volume

This example unlocks a specified BitLocker volume by using a password.

The first command uses the ConvertTo-SecureString cmdlet to create a secure string that contains a password and saves it in the $SecureString variable. For more information about the ConvertTo-SecureString cmdlet, type Get-Help ConvertTo-SecureString.

The second command unlocks the specified BitLocker volume by using the password saved in the $SecureString variable.


PS C:\> $SecureString = ConvertTo-SecureString "fjuksAS1337" -AsPlainText -Force
PS C:\> Unlock-BitLocker -MountPoint "E:" -Password $SecureString

Related topics

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft