programming4us
programming4us
SECURITY

Windows 8 : Managing BitLocker and other policy-based mobility tools (part 2) - Managing BitLocker at the command line

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
6/21/2014 9:34:07 PM

Managing BitLocker at the command line

Like many other features in Windows 8, BitLocker supports command-line operations. This section describes both the Windows PowerShell cmdlets and Manage-bde.exe, which is a BitLocker command-line tool.

Manage-bde uses parameters to perform actions on specified volumes. To enable BitLocker by using Manage-bde.exe, type manage-bde -on C:\ -recoverypassword -recoverykey F:\ in an elevated command prompt or PowerShell session. This command enables BitLocker on the C drive and encrypts the content. It also prompts for a recovery password and stores the recovery key on the F disk.

Using command-line tools to work with BitLocker enables scripting of the configuration on computers within an environment. Manage-bde.exe parameters are listed in Table 1.

Table 1. Parameters for Manage-bde.exe

Parameter

Explanation

-status

Displays information about BitLocker-capable volumes

-on

Encrypts the selected volume and enables BitLocker

-off

Decrypts the selected volume and disables BitLocker

-pause

Suspends BitLocker encryption, decryption, or free space wipe

-resume

Continues BitLocker encryption, decryption, or free space wipe

-lock

Prevents access to BitLocker-encrypted data

-unlock

Allows access to BitLocker-encrypted data

-autounlock

Manages the capability of the BitLocker-encrypted volume to unlock automatically

-protectors

Manages protection methods for a volume

-SetIdentifier or -si

Configures the identification field for a volume

-ForceRecovery or -fr

Forces a BitLocker-protected operating system to recover on restart

-changepassword

Modifies the password for a volume

-changepin

Modifies the PIN for a volume

-changekey

Modifies the startup key for a volume

-keypackage or -kp

Creates a key package for a volume

-upgrade

Updates the BitLocker version

-WipeFreeSpace or -w

Cleans the free space on a volume

-ComputerName or -cn

Runs the commands on a remote computer

-? or /?

Displays a brief help for a specified command

-Help or -h

Displays the full help for Manage-bde


Many parameters are available for the Manage-bde utility, which makes it quite scriptable and a great alternative to the GUI-based wizard, especially if an administrator needs to use the tool on multiple computers. For example, your manager will be getting a new computer running Windows 8 as part of a pilot program. He has heard about BitLocker and often travels between locations. He would like to have his computer encrypted with BitLocker as soon as possible because he is leaving on business and wants to take the computer with him. To facilitate the encryption of the hard disk, Manage-bde can enable BitLocker encryption on the computer by using the following command:

Manage-bde.exe -on c:\ -password -recoverykey U:

When this command executes, it prompts for a password and confirmation as part of the password switch. It saves the recovery key to the U drive. If this needed to be done remotely, the -computername parameter could also be specified to run the command from a remote computer, in which case the password would be specified on the system running the command.

In addition to Manage-bde.exe, some BitLocker functionality is available through Windows PowerShell cmdlets. The following cmdlets are included with Windows 8 for BitLocker:

  • Unlock-BitLocker Allows access to BitLocker-protected data volumes

  • Suspend-BitLocker Pauses BitLocker operations

  • Resume-BitLocker Continues BitLocker operations

  • Lock-BitLocker Prevents access to BitLocker-protected data volumes

  • Enable-BitLocker Turns BitLocker on and encrypts content

  • Disable-BitLocker Turns BitLocker off and decrypts content

These cmdlets perform the same functions against BitLocker as Manage-bde and can be used with Windows PowerShell to work on remote computers.

Important

WINDOWS POWERSHELL CAN BE QUITE HELPFUL

You can find help for any Windows PowerShell cmdlets by typing help <cmdlet>; for example, help unlock-BitLocker. In Windows PowerShell 3.0, only a shell of help is available on the computer. To load the complete help contents, open an administrative PowerShell session and type update-help to download fresh help contents.

Other  
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
REVIEW
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us
programming4us
 
 
programming4us