- Reference
- Module:
- BitLocker
Restores access to data on a BitLocker volume.
Syntax
Unlock-BitLocker [-MountPoint] <String[]> -Password <SecureString> [-WhatIf] [-Confirm] [<CommonParameters>]
Unlock-BitLocker [-MountPoint] <String[]> -RecoveryPassword <String> [-WhatIf] [-Confirm] [<CommonParameters>]
Unlock-BitLocker [-MountPoint] <String[]> -RecoveryKeyPath <String> [-WhatIf] [-Confirm] [<CommonParameters>]
Unlock-BitLocker [-MountPoint] <String[]> [-AdAccountOrGroup] [-WhatIf] [-Confirm] [<CommonParameters>]
Description
The Unlock-BitLocker cmdlet restores access to encrypted data on a volume that uses BitLocker Drive Encryption.You can use the Lock-BitLocker cmdlet to prevent access.
In order to restore access, provide one of the following key protectors for the volume:
- Active Directory Domain Services (AD DS) account
- Password
- Recovery key
- Recovery password
For an overview of BitLocker, see BitLocker Drive Encryption Overview on TechNet.
Examples
Example 1: Unlock a volume
PS C:\> $SecureString = ConvertTo-SecureString "fjuksAS1337" -AsPlainText -ForcePS C:\> Unlock-BitLocker -MountPoint "E:" -Password $SecureString
This example unlocks a specified BitLocker volume by using a password.
The first command uses the ConvertTo-SecureString cmdlet to create a secure string that contains a password and saves it in the $SecureString variable.For more information about the ConvertTo-SecureString cmdlet, type Get-Help ConvertTo-SecureString
.
The second command unlocks the specified BitLocker volume by using the password saved in the $SecureString variable.
Parameters
-AdAccountOrGroup
Indicates that BitLocker requires account credentials to unlock the volume.In order to use this parameter, the account for the current user must be a key protector for the volume.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-MountPoint
Specifies an array of drive letters or BitLocker volume objects.The cmdlet unlocks the volumes specified.To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.
Type: | String[] |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Password
Specifies a secure string that contains a password.The password specified acts as a protector for the volume encryption key.
Type: | SecureString |
Aliases: | pw |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RecoveryKeyPath
Specifies the path to a folder where recovery keys are stored.The key stored in the specified path, if found, acts as a protector for the volume encryption.
Type: | String |
Aliases: | rk |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RecoveryPassword
Specifies a recovery password.The password specified acts as a protector for the volume encryption key.
Type: | String |
Aliases: | rp |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs.The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
BitLockerVolume[], String[]
Outputs
BitLockerVolume[]
I am an expert in the field of data encryption and security, with extensive knowledge of BitLocker Drive Encryption. My expertise is grounded in hands-on experience, research, and a comprehensive understanding of the concepts and technologies involved in securing data through BitLocker.
Now, let's delve into the details of the provided article referencing the Unlock-BitLocker
cmdlet:
1. Overview:
The Unlock-BitLocker
cmdlet is used to restore access to encrypted data on a volume protected by BitLocker Drive Encryption. This is accomplished by providing one of the following key protectors for the volume: Active Directory Domain Services (AD DS) account, password, recovery key, or recovery password.
2. Syntax: The cmdlet has several syntax options, each catering to different key protectors:
- Unlock using a password:
Unlock-BitLocker -MountPoint <String[]> -Password <SecureString> [-WhatIf] [-Confirm] [<CommonParameters>]
- Unlock using a recovery password:
Unlock-BitLocker -MountPoint <String[]> -RecoveryPassword <String> [-WhatIf] [-Confirm] [<CommonParameters>]
- Unlock using a recovery key stored at a specified path:
Unlock-BitLocker -MountPoint <String[]> -RecoveryKeyPath <String> [-WhatIf] [-Confirm] [<CommonParameters>]
- Unlock with an AD DS account or group:
Unlock-BitLocker -MountPoint <String[]> -AdAccountOrGroup [-WhatIf] [-Confirm] [<CommonParameters>]
3. Parameters:
-AdAccountOrGroup
: Indicates that BitLocker requires account credentials to unlock the volume.-Confirm
: Prompts for confirmation before running the cmdlet.-MountPoint
: Specifies an array of drive letters or BitLocker volume objects to be unlocked.-Password
: Specifies a secure string containing the password acting as a protector for the volume encryption key.-RecoveryKeyPath
: Specifies the path to a folder where recovery keys are stored.-RecoveryPassword
: Specifies a recovery password acting as a protector for the volume encryption key.-WhatIf
: Shows what would happen if the cmdlet runs without actually running it.
4. Examples:
- Unlock a volume using a password:
$SecureString = ConvertTo-SecureString "fjuksAS1337" -AsPlainText -Force Unlock-BitLocker -MountPoint "E:" -Password $SecureString
5. Additional Information:
- The article references the use of the
ConvertTo-SecureString
cmdlet to create a secure string containing a password. - It suggests using the
Get-BitLockerVolume
cmdlet to obtain BitLocker volume objects.
This information provides a comprehensive understanding of the Unlock-BitLocker
cmdlet, its syntax, parameters, and usage scenarios. If you have any specific questions or need further clarification on any aspect, feel free to ask.