Unlock-BitLocker (BitLocker) (2024)

Reference

Module:: BitLocker

Restores access to data on a BitLocker volume.

Syntax

Unlock-BitLocker [-MountPoint] <String[]> -Password <SecureString> [-WhatIf] [-Confirm] [<CommonParameters>]

Unlock-BitLocker [-MountPoint] <String[]> -RecoveryPassword <String> [-WhatIf] [-Confirm] [<CommonParameters>]

Unlock-BitLocker [-MountPoint] <String[]> -RecoveryKeyPath <String> [-WhatIf] [-Confirm] [<CommonParameters>]

Unlock-BitLocker [-MountPoint] <String[]> [-AdAccountOrGroup] [-WhatIf] [-Confirm] [<CommonParameters>]

Description

The Unlock-BitLocker cmdlet restores access to encrypted data on a volume that uses BitLocker Drive Encryption.You can use the Lock-BitLocker cmdlet to prevent access.

In order to restore access, provide one of the following key protectors for the volume:

Active Directory Domain Services (AD DS) account
Password
Recovery key
Recovery password

For an overview of BitLocker, see BitLocker Drive Encryption Overview on TechNet.

Examples

Example 1: Unlock a volume

PS C:\> $SecureString = ConvertTo-SecureString "fjuksAS1337" -AsPlainText -ForcePS C:\> Unlock-BitLocker -MountPoint "E:" -Password $SecureString

This example unlocks a specified BitLocker volume by using a password.

Parameters

-AdAccountOrGroup

Indicates that BitLocker requires account credentials to unlock the volume.In order to use this parameter, the account for the current user must be a key protector for the volume.

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	False
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-MountPoint

Specifies an array of drive letters or BitLocker volume objects.The cmdlet unlocks the volumes specified.To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.

Type:	String[]
Position:	0
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-Password

Specifies a secure string that contains a password.The password specified acts as a protector for the volume encryption key.

Type:	SecureString
Aliases:	pw
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-RecoveryKeyPath

Specifies the path to a folder where recovery keys are stored.The key stored in the specified path, if found, acts as a protector for the volume encryption.

Type:	String
Aliases:	rk
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-RecoveryPassword

Specifies a recovery password.The password specified acts as a protector for the volume encryption key.

Type:	String
Aliases:	rp
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-WhatIf

Shows what would happen if the cmdlet runs.The cmdlet is not run.

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	False
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

BitLockerVolume[], String[]

Outputs

BitLockerVolume[]

I am an expert in the field of data encryption and security, with extensive knowledge of BitLocker Drive Encryption. My expertise is grounded in hands-on experience, research, and a comprehensive understanding of the concepts and technologies involved in securing data through BitLocker.

Now, let's delve into the details of the provided article referencing the Unlock-BitLocker cmdlet:

1. Overview: The Unlock-BitLocker cmdlet is used to restore access to encrypted data on a volume protected by BitLocker Drive Encryption. This is accomplished by providing one of the following key protectors for the volume: Active Directory Domain Services (AD DS) account, password, recovery key, or recovery password.

2. Syntax: The cmdlet has several syntax options, each catering to different key protectors:

Unlock using a password:

 Unlock-BitLocker -MountPoint <String[]> -Password <SecureString> [-WhatIf] [-Confirm] [<CommonParameters>]

Unlock using a recovery password:

 Unlock-BitLocker -MountPoint <String[]> -RecoveryPassword <String> [-WhatIf] [-Confirm] [<CommonParameters>]

Unlock using a recovery key stored at a specified path:

 Unlock-BitLocker -MountPoint <String[]> -RecoveryKeyPath <String> [-WhatIf] [-Confirm] [<CommonParameters>]

Unlock with an AD DS account or group:

 Unlock-BitLocker -MountPoint <String[]> -AdAccountOrGroup [-WhatIf] [-Confirm] [<CommonParameters>]

3. Parameters:

-AdAccountOrGroup: Indicates that BitLocker requires account credentials to unlock the volume.
-Confirm: Prompts for confirmation before running the cmdlet.
-MountPoint: Specifies an array of drive letters or BitLocker volume objects to be unlocked.
-Password: Specifies a secure string containing the password acting as a protector for the volume encryption key.
-RecoveryKeyPath: Specifies the path to a folder where recovery keys are stored.
-RecoveryPassword: Specifies a recovery password acting as a protector for the volume encryption key.
-WhatIf: Shows what would happen if the cmdlet runs without actually running it.

4. Examples:

Unlock a volume using a password:

 $SecureString = ConvertTo-SecureString "fjuksAS1337" -AsPlainText -Force
 Unlock-BitLocker -MountPoint "E:" -Password $SecureString

5. Additional Information:

The article references the use of the ConvertTo-SecureString cmdlet to create a secure string containing a password.
It suggests using the Get-BitLockerVolume cmdlet to obtain BitLocker volume objects.

This information provides a comprehensive understanding of the Unlock-BitLocker cmdlet, its syntax, parameters, and usage scenarios. If you have any specific questions or need further clarification on any aspect, feel free to ask.

FAQs

How do I force BitLocker to unlock? ›

To unlock their drives, users must open “This PC” (or “My Computer”, depending on the version of Windows), right-click on the encrypted drive icons with the locked yellow padlock icon, click "Unlock Drive" and provide the Password.

Read On ›

How do I break BitLocker recovery loop? ›

If you've entered the correct BitLocker recovery key multiple times, and are still unable to pass the BitLocker recovery screen, follow these steps to break out of the BitLocker recovery loop. On the BitLocker recovery screen, press Esc for more BitLocker recovery options. Select "Skip this drive" at the right corner.

Discover More Details ›

What is the password to unlock BitLocker? ›

What is my BitLocker recovery key? Your BitLocker recovery key is a unique 48-digit numerical password that can be used to unlock your system if BitLocker is otherwise unable to confirm for certain that the attempt to access the system drive is authorized.

How do I get my computer out of BitLocker mode? ›

Press Windows Start button. Type bitlocker. Click Manage BitLocker to enter the BitLocker Drive Encryption menu. Select Turn off BitLocker to proceed with decryption.

See Details ›

How do I override BitLocker? ›

Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption. Look for the drive on which you want BitLocker Drive Encryption turned off, and click Turn Off BitLocker. A message will be displayed, stating that the drive will be decrypted and that decryption may take some time.

Find Out More ›

How do I remove a locked BitLocker? ›

Type and search [Manage BitLocker] in the Windows search bar①, then click [Open]②. Click [Turn off BitLocker]③ on the drive that you want to decrypt. If the drive is under locked status, you need to click [Unlock drive] and type the password to turn off BitLocker.

Tell Me More ›

What is the command for BitLocker unlock? ›

Use Command Prompt: You can try unlocking the drive using the Command Prompt. Open Command Prompt as an administrator and type one of the following commands: manage-bde -unlock X: -Password or manage-bde -unlock X: -RecoveryPassword.

Show Me More ›

How do I get past the BitLocker recovery screen? ›

The easiest way to bypass the BitLocker recovery screen is to enter the correct recovery key. Most users save their recovery keys in their USB drives. Thus, we also suggest you check your USB drive and check whether you can bypass the screen. If you can't find the BitLocker recovery key, contact your administrator.

Explore More ›

How do I reset my computer stuck on BitLocker? ›

When the Windows system is protected with BitLocker, the only way to access its content is to unlock the system drive. However, if you don't have the recovery key or password, you need to factory reset PC by fully formatting the system drive and reinstalling Windows 10.

How to get out of BitLocker recovery without a key? ›

If a user doesn't have a BitLocker Key, there's no way to bypass it. The only option is to do a clean Windows installation that will delete everything. A user can find the BitLocker Key from the same account used to activate it.

Show Me More ›

Can you unlock BitLocker without password? ›

Can I unlock bitlocker without password and recovery key? If you don't have the BitLocker password and recovery key, you may need to format the drive to remove the encryption, or use the third-party tools, such as Passware Kit, Elcomsoft Forensic Disk Decryptor, and Elcomsoft Distributed Password Recovery.

Read The Full Story ›

How do I unlock BitLocker prompt? ›

Unlocking Bitlocker from CMD

To try unlocking the drive using the Command Prompt, start by opening Command Prompt while logged into an administrator account. Type either "manage-bde-unlockX: -Password" or "manage-bde-unlockX: -RecoveryPassword."

See Details ›

What to do if you forgot your BitLocker password? ›

Step 1. Press Win + E keys to open the File Explorer, and then right-click the system drive or other BitLocker encrypted drive and select Change BitLocker PIN. Step 2. In the pop-up window, click on the Reset a forgotten PIN link.

Get More Info Here ›

How to disable BitLocker startup pin? ›

5. Suspending BitLocker

Start the computer.
Boot into the Windows operating system.
Open the Manage BitLocker windows with one of the above methods.
Click Suspend Protection for the wanted drive. ...
Review the warning prompt and click Yes to suspend BitLocker. ...
Return to the Manage BitLocker window to Resume Protection.

May 27, 2024

How to unlock BitLocker key using command prompt? ›

Open Command Prompt as an administrator and type one of the following commands: manage-bde -unlock X: -Password or manage-bde -unlock X: -RecoveryPassword. Remember to replace the letter “X” with the drive letter of the BitLocker encrypted drive.

What triggers a BitLocker lockout? ›

The BitLocker recovery key prompt can be triggered by a variety of reasons, including hardware changes, software updates (especially if BIOS update is involved), etc. It is not necessarily alarming. The recent security update can be definitely a trigger here as well.

View Details ›

How to get past BitLocker recovery without key? ›

If you do not have the BitLocker password and recovery key, you need to format the encrypted drive to remove the encryption or turn to third-party tools, such as Passware Kit, Elcomsoft Forensic Disk Decryptor, or Elcomsoft Distributed Password Recovery. EaseUS will provide detailed guides on how.

How do I force BitLocker to enable? ›

Force BitLocker Encryption on OS drive

Click Windows+R on the Windows device to launch Run command window.
Type gpedit. ...
In the Local Group Policy Editor window, navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Device Encryption > Operating System Drives.

More items...

Learn More ›