Unlock bitlocked volume from command prompt?
I want to unlock my volume locked with BitLocker from command prompt, the command I searched on the internet is :
manage-bde -unlock E: -RecoveryPassword "mypassword"
But my password has space between its characters and it does not work. Even if I put it between quotes. How can I resolve it?
Solution 1:
As David mentions use
C:\Windows\System32>manage-bde -unlock D: -Password
Enter the password to unlock this volume:
This is an active prompt. You cannot enter your password in the same line, you have to wait for the prompt.
Therefore an alternative:
C:\Windows\System32>manage-bde -unlock D: -RecoveryKey "D:\path\keyfile.bek"
It is more easily to handle with the batch files you mention than the password. Protect access to the keyfile though.
Take note that the -RecoveryKey is a little confusing. It won't work with the .txt-recovery-file which is actually called RecoveryPassword; it works with a start-up key or recovery key which both are an external key file. (*.bek).
You can add such key with command, start with
manage-bde -protectors -add /?
This will display help and examples so you can choose a new type of key for your drive.
For your overview:
- Recovery Password: Numerical Password
- Password : Human defined password
- RecoveryKey : *.bek file containing a very long complicated key.
- StartupKey : the same as RecoveryKey, *.bek, for use during boot.
- Others types available, run the mentioned /? command.
Solution 2:
You can pass the password directly on the command line if you use PowerShell:
Unlock-Bitlocker d: -Password (ConvertTo-SecureString "YourPassword" -AsPlainText -Force)
As has already been said, manage-bde tries to force a human to type the password for good reason, avoiding embedding passwords in clear text within .bat/.ps1 files. However, there are valid reasons for doing this so long as care is taken in a trusted environment. The docs for the last two switches point out just one of the many ways this could be harmful:
-AsPlainText: Specifies a plain text string to convert to a secure string. The secure string cmdlets help protect confidential text. The text is encrypted for privacy and is deleted from computer memory after it is used. If you use this parameter to provide plain text as input, the system cannot protect that input in this manner. To use this parameter, you must also specify the Force parameter.
-Force: Confirms that you understand the implications of using the AsPlainText parameter and still want to use it.