manage-bde.exe | Cheatsheet
manage-bde is a command-line tool that can be used for scripting BitLocker operations. manage-bde offers additional options not displayed in the BitLocker control panel. For a complete list of the manage-bde.exe options, see the Manage-bde command-line reference.
manage-bde includes fewer default settings and requires greater customization for configuring BitLocker. For example, using just the manage-bde.exe -on command on a data volume will fully encrypt the volume without any authenticating protectors. A volume encrypted in this manner still requires user interaction to turn on BitLocker protection, even though the command successfully completed because an authentication method needs to be added to the volume for it to be fully protected. The following sections provide examples of common usage scenarios for manage-bde.
manage-bde.exe on a none encrypted device
manage-bde.exe -status
BitLocker Drive Encryption: Configuration Tool version 10.0.19041
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: []
[OS Volume]
Size: 139,45 GB
BitLocker Version: None
Conversion Status: Fully Decrypted
Percentage Encrypted: 0,0%
Encryption Method: None
Protection Status: Protection Off
Lock Status: Unlocked
Identification Field: None
Key Protectors: None Found
Get bitlocker volume
Get-BitLockerVolume
ComputerName: DESKTOP-61PUD2L
VolumeType Mount CapacityGB VolumeStatus Encryption KeyProtector AutoUnlock Protection Point Percentage Enabled Status ---------- ----- ---------- ------------ ---------- ------------ ---------- ---------- OperatingSystem C: 139.45 FullyDecrypted 0 {} Off ````
Commands
| Command | Description |
|---|---|
| manage-bde -status | Get the status of BitLocker encryption on all drives. |
| manage-bde -on C: -RecoveryPassword | Enable BitLocker encryption on drive C: and specify a recovery password. |
| manage-bde -off C: | Disable BitLocker encryption on drive C:. |
| manage-bde -pause C: | Pause the encryption or decryption process on drive C:. |
| manage-bde -resume C: | Resume the encryption or decryption process on drive C:. |
| manage-bde -update -status | Check for and install updates to BitLocker. |
| manage-bde -protectors -add C: -TPM | Add a TPM protector to drive C:. |
| manage-bde -protectors -add C: -TPMAndPIN | Add a TPM and PIN protector to drive C:. |
| manage-bde -protectors -add C: -TPMOrPIN | Add a TPM or PIN protector to drive C:. |
| manage-bde -protectors -add C: -RecoveryPassword | Add a recovery password protector to drive C:. |
| manage-bde -protectors -add C: -StartupKey | Add a startup key protector to drive C:. |
| manage-bde -protectors -delete C: -Type TPM | Delete the TPM protector from drive C:. |
| manage-bde -protectors -delete C: -Type PIN | Delete the PIN protector from drive C:. |
| manage-bde -protectors -delete C: -Type RecoveryPassword | Delete the recovery password protector from drive C:. |
| manage-bde -protectors -delete C: -Type StartupKey | Delete the startup key protector from drive C:. |
| manage-bde -protectors -disable C: | Disable all protectors on drive C:. |
| manage-bde -protectors -enable C: | Enable all protectors on drive C:. |
| manage-bde -protectors -get C: | Get the current protectors on drive C:. |
| manage-bde -protectors -adbackup C: -ID | Add a key protector to the TPM and save the recovery information to AD for drive C:. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -Pin | Add a key protector with a PIN to the TPM and save the recovery information to AD for drive C:. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -Password | Add a key protector with a password to the TPM and save the recovery information to AD for drive C:. |
| manage-bde -autounlock -enable C: | Enable automatic unlocking of drive C: on this computer. |
| manage-bde -autounlock -disable C: | Disable automatic unlocking of drive C: on this computer. |
| manage-bde -autounlock -status C: | Check the status of automatic unlocking for drive C:. |
| manage-bde -autounlock -remove C: | Remove the automatic unlocking key for drive C:. |
| manage-bde -changepassword C: | Change the password for drive C:. |
| manage-bde -changepin C: | Change the PIN for drive C:. |
| manage-bde -changekey C: | Change the recovery password for drive C:. |
| manage-bde -keypackage -id {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -copy C:\ | Export a key package for the specified protector ID to the specified location. |
| manage-bde -keypackage -id {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -delete | Delete the key package for the specified protector ID. |
| manage-bde -cn | Change the computer name associated with the recovery information. |
| manage-bde -unlock C: -RecoveryPassword | Unlock drive C: using a recovery password. |
| manage-bde -unlock C: -Password | Unlock drive C: using a user password. |
| manage-bde -unlock C: -RecoveryKey D:\ | Unlock drive C: using a recovery key file located at D:. |
| manage-bde -lock C: | Lock drive C:. |
| manage-bde -ForceRecovery -Protectors C: | Force the computer into recovery mode for drive C:. |
| manage-bde -ForceRecovery -Reset -SkipHardwareTest | Force the computer into recovery mode and skip hardware test. |
| manage-bde -ForceRecovery -Disable | Disable the Force Recovery option. |
| manage-bde -ForceRecovery -Enable | Enable the Force Recovery option. |
| manage-bde -ForceRecovery -Status | Check the status of the Force Recovery option. |
| manage-bde -ForceRecovery -GetPolicy | Get the current Force Recovery policy settings. |
| manage-bde -ForceRecovery -SetPolicy 0 | Set the Force Recovery policy to allow recovery. |
| manage-bde -ForceRecovery -SetPolicy 1 | Set the Force Recovery policy to require recovery. |
| manage-bde -ForceRecovery -SetPolicy 2 | Set the Force Recovery policy to only audit recovery. |
| manage-bde -ForceRecovery -SetPolicy 3 | Set the Force Recovery policy to disable recovery. |
| manage-bde -ChangePassphrase C: | Change the passphrase for drive C:. |
| manage-bde -ChangePassphrase -Add C: | Add a new passphrase to drive C:. |
| manage-bde -ChangePassphrase -Delete C: -ID | Delete the specified passphrase from drive C:. |
| manage-bde -ChangePassphrase -Remove C: -ID | Remove the specified passphrase from drive C:. |
| manage-bde -protectors -get C: -Type RecoveryPassword | Get the recovery password protector for drive C:. |
| manage-bde -protectors -changeID C: -Type RecoveryPassword -ID | Change the ID for the recovery password protector on drive C:. |
| manage-bde -protectors -add C: -ExternalKey D:recovery.key Add an external key protector to drive C: | using the specified key file. |
| manage-bde -protectors -add C: -ExternalKey D:recovery.key -FriendlyName "My Recovery Key" | Add an external key protector to drive C: with a friendly name. |
| manage-bde -protectors -add C: -ExternalKey D:recovery.key -RecoveryPassword | Add an external key protector to drive C: and generate a recovery password. |
| manage-bde -protectors -delete C: -Type ExternalKey -ID | Delete the specified external key protector from drive C:. |
| manage-bde -protectors -changeID C: -Type ExternalKey -ID | Change the ID for the specified external key protector on drive C:. |
| manage-bde -protectors -enable C: -Type ExternalKey | Enable the external key protector on drive C:. |
| manage-bde -protectors -disable C: -Type ExternalKey | Disable the external key protector on drive C:. |
| manage-bde -autounlock -enable C: -Type ExternalKey | Enable automatic unlocking of drive C: using the external key protector. |
| manage-bde -autounlock -disable C: -Type ExternalKey | Disable automatic unlocking of drive C: using the external key protector. |
| manage-bde -autounlock -status C: -Type ExternalKey | Check the status of automatic unlocking for drive C: using the external key protector. |
| manage-bde -keypackage -id {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -export C:recovery.bek | Export the key package for the specified protector ID to the specified file. |
| manage-bde -keypackage -id {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -import C:recovery.bek | Import the key package from the specified file. |
| manage-bde -autounlock -add C: -KeyPackage C:recovery.bek | Add an automatic unlocking key package to drive C: using the specified file. |
| manage-bde -autounlock -delete C: -KeyPackage C:recovery.bek | Delete the automatic unlocking key package from drive C: using the specified file. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -KeyPackage C:recovery.bek | Add a key protector and save the recovery information to AD using the specified key package file for drive C:. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -ExternalKey D:recovery.key | Add a key protector and save the recovery information to AD using the specified external key file for drive C:. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -RecoveryPassword | Add a key protector and save the recovery information to AD with a generated recovery password for drive C:. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -FriendlyName "My Key" | Add a key protector and save the recovery information to AD with a friendly name for drive C:. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -NumericalPassword | Add a key protector and save the recovery information to AD with a numerical password for drive C:. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -TPMAndPIN | Add a key protector and save the recovery information to AD with TPM and PIN for drive C:. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -TPMOrPIN | Add a key protector and save the recovery information to AD with TPM or PIN for drive C:. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -TPM | Add a key protector and save the recovery information to AD with TPM for drive C:. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -Password | Add a key protector and save the recovery information to AD with a password for drive C:. |
| manage-bde -protectors -delete C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -KeyPackage C:recovery.bek | Delete the specified key protector from drive C: and remove the recovery information from AD using the specified key package file. |
| manage-bde -protectors -delete C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -ExternalKey D:recovery.key | Delete the specified key protector from drive C: and remove the recovery information from AD using the specified external key file. |
| manage-bde -protectors -changeID C: -Type Password -ID | Change the ID for the specified password protector on drive C:. |
| manage-bde -protectors -changeID C: -Type NumericalPassword -ID | Change the ID for the specified numerical password protector on drive C:. |
| manage-bde -protectors -changeID C: -Type TPM -ID | Change the ID for the specified TPM protector on drive C:. |
| manage-bde -protectors -changeID C: -Type TPMOrPIN -ID | Change the ID for the specified TPM or PIN protector on drive C:. |
| manage-bde -protectors -changeID C: -Type TPMAndPIN -ID | Change the ID for the specified TPM and PIN protector on drive C:. |
| manage-bde -protectors -changeID C: -Type RecoveryKey -ID | Change the ID for the specified recovery key protector on drive C:. |
| manage-bde -protectors -changeID C: -Type ExternalKey -ID | Change the ID for the specified external key protector on drive C:. |
| manage-bde -protectors -changeID C: -Type Password -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -NewID {yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy} | Change the ID for the specified password protector on drive C: to the specified new ID. |
| manage-bde -protectors -changeID C: -Type NumericalPassword -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -NewID {yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy} | Change the ID for the specified numerical password protector on drive C: to the specified new ID. |
| manage-bde -protectors -changeID C: -Type TPMAndPIN -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -NewID {yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy} | Change the ID for the specified TPM and PIN protector on drive C: to the specified new ID. |
| manage-bde -protectors -changeID C: -Type TPMOrPIN -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -NewID {yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy} | Change the ID for the specified TPM or PIN protector on drive C: to the specified new ID. |
| manage-bde -protectors -changeID C: -Type TPM -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -NewID {yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy} | Change the ID for the specified TPM protector on drive C: to the specified new ID. |
| manage-bde -protectors -changeID C: -Type RecoveryKey -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -NewID {yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy} | Change the ID for the specified recovery key protector on drive C: to the specified new ID. |
| manage-bde -protectors -changeID C: -Type ExternalKey -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -NewID {yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy} | Change the ID for the specified external key protector on drive C: to the specified new ID. |
| manage-bde -protectors -disable C: -Type Password -ID | Disable the specified password protector on drive C:. |
| manage-bde -protectors -disable C: -Type NumericalPassword -ID | Disable the specified numerical password protector on drive C:. |
| manage-bde -protectors -disable C: -Type TPMAndPIN -ID | Disable the specified TPM and PIN protector on drive C:. |
| manage-bde -protectors -disable C: -Type TPMOrPIN -ID | Disable the specified TPM or PIN protector on drive C:. |
| manage-bde -protectors -disable C: -Type TPM -ID | Disable the specified TPM protector on drive C:. |
| manage-bde -protectors -disable C: -Type RecoveryKey -ID | Disable the specified recovery key protector on drive C:. |
| manage-bde -protectors -disable C: -Type ExternalKey -ID | Disable the specified external key protector on drive C:. |
| manage-bde -protectors -enable C: -Type Password -ID | Enable the specified password protector on drive C:. |
| manage-bde -protectors -enable C: -Type NumericalPassword -ID | Enable the specified numerical password protector on drive C:. |
| manage-bde -protectors -enable C: -Type TPMAndPIN -ID | Enable the specified TPM and PIN protector on drive C:. |
| manage-bde -protectors -enable C: -Type TPMOrPIN -ID | Enable the specified TPM or PIN protector on drive C:. |
| manage-bde -protectors -enable C: -Type TPM -ID | Enable the specified TPM protector on drive C:. |
| manage-bde -protectors -enable C: -Type RecoveryKey -ID | Enable the specified recovery key protector on drive C:. |
| manage-bde -protectors -enable C: -Type ExternalKey -ID | Enable the specified external key protector on drive C:. |
| manage-bde -autounlock -enable C: -Type Password -ID | Enable automatic unlocking of drive C: using the specified password protector. |
| manage-bde -autounlock -enable C: -Type NumericalPassword -ID | Enable automatic unlocking of drive C: using the specified numerical password protector. |
| manage-bde -autounlock -enable C: -Type TPMAndPIN -ID | Enable automatic unlocking of drive C: using the specified TPM and PIN protector. |
| manage-bde -autounlock -enable C: -Type TPMOrPIN -ID | Enable automatic unlocking of drive C: using the specified TPM or PIN protector. |
| manage-bde -autounlock -enable C: -Type TPM -ID | Enable automatic unlocking of drive C: using the specified TPM protector. |
| manage-bde -autounlock -enable C: -Type RecoveryKey -ID | Enable automatic unlocking of drive C: using the specified recovery key protector. |
| manage-bde -autounlock -enable C: -Type ExternalKey -ID | Enable automatic unlocking of drive C: using the specified external key protector. |
| manage-bde -autounlock -disable C: -Type Password -ID | Disable automatic unlocking of drive C: using the specified password protector. |
| manage-bde -autounlock -disable C: -Type NumericalPassword -ID | Disable automatic unlocking of drive C: using the specified numerical password protector. |
| manage-bde -autounlock -disable C: -Type TPMAndPIN -ID | Disable automatic unlocking of drive C: using the specified TPM and PIN protector. |
| manage-bde -autounlock -disable C: -Type TPMOrPIN -ID | Disable automatic unlocking of drive C: using the specified TPM or PIN protector. |
| manage-bde -autounlock -disable C: -Type TPM -ID | Disable automatic unlocking of drive C: using the specified TPM protector. |
| manage-bde -autounlock -disable C: -Type RecoveryKey -ID | Disable automatic unlocking of drive C: using the specified recovery key protector. |
| manage-bde -autounlock -disable C: -Type ExternalKey -ID | Disable automatic unlocking of drive C: using the specified external key protector. |
| manage-bde -autounlock -status C: -Type Password -ID | Check the status of automatic unlocking for drive C: using the specified password protector. |
| manage-bde -autounlock -status C: -Type NumericalPassword -ID | Check the status of automatic unlocking for drive C: using the specified numerical password protector. |
| manage-bde -autounlock -status C: -Type TPMAndPIN -ID | Check the status of automatic unlocking for drive C: using the specified TPM and PIN protector. |
| manage-bde -autounlock -status C: -Type TPMOrPIN -ID | Check the status of automatic unlocking for drive C: using the specified TPM or PIN protector. |
| manage-bde -autounlock -status C: -Type TPM -ID | Check the status of automatic unlocking for drive C: using the specified TPM protector. |
| manage-bde -autounlock -status C: -Type RecoveryKey -ID | Check the status of automatic unlocking for drive C: using the specified recovery key protector. |
| manage-bde -autounlock -status C: -Type ExternalKey -ID | Check the status of automatic unlocking for drive C: using the specified external key protector. |
| manage-bde -keypackage -id {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -copy C:recovery.key | Export a key package for the specified protector ID to the specified location. |
| manage-bde -keypackage -id {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -delete | Delete the key package for the specified protector ID. |
| manage-bde -cn | Change the computer name associated with the recovery information. |
| manage-bde -unlock C: -RecoveryPassword | Unlock drive C: using a recovery password. |
| manage-bde -unlock C: -Password | Unlock drive C: using a user password. |
| manage-bde -unlock C: -RecoveryKey D:\ | Unlock drive C: using a recovery key file located at D:. |
| manage-bde -lock C: | Lock drive C:. |
| manage-bde -ForceRecovery -Protectors C: | Force the computer into recovery mode for drive C:. |
| manage-bde -ForceRecovery -Reset -SkipHardwareTest | Force the computer into recovery mode and skip hardware test. |
| manage-bde -ForceRecovery -Disable | Disable the Force Recovery option. |
| manage-bde -ForceRecovery -Enable | Enable the Force Recovery option. |
| manage-bde -ForceRecovery -Status | Check the status of the Force Recovery option. |
| manage-bde -ForceRecovery -GetPolicy | Get the current Force Recovery policy settings. |
| manage-bde -ForceRecovery -SetPolicy 0 | et the Force Recovery policy to allow recovery. |
| manage-bde -ForceRecovery -SetPolicy 1 | Set the Force Recovery policy to require recovery. |
| manage-bde -ForceRecovery -SetPolicy 2 | Set the Force Recovery policy to only audit recovery. |
| manage-bde -ForceRecovery -SetPolicy 3 | Set the Force Recovery policy to disable recovery. |
| manage-bde -ChangePassphrase C: | Change the passphrase for drive C:. |
| manage-bde -ChangePassphrase -Add C: | Add a new passphrase to drive C:. |
| manage-bde -ChangePassphrase -Delete C: -ID | Delete the specified passphrase from drive C:. |
| manage-bde -ChangePassphrase -Remove C: -ID | Remove the specified passphrase from drive C:. |
| manage-bde -protectors -get C: -Type RecoveryPassword | Get the recovery password protector for drive C:. |
| manage-bde -protectors -changeID C: -Type RecoveryPassword -ID | Change the ID for the recovery password protector on drive C:. |
| manage-bde -protectors -add C: -ExternalKey D:recovery.key | Add an external key protector to drive C: using the specified key file. |
| manage-bde -protectors -add C: -ExternalKey D:recovery.key -FriendlyName "My Recovery Key" | Add an external key protector to drive C: with a friendly name. |
| manage-bde -protectors -add C: -ExternalKey D:recovery.key -RecoveryPassword | Add an external key protector to drive C: and generate a recovery password. |
| manage-bde -protectors -delete C: -Type ExternalKey -ID | Delete the specified external key protector from drive C:. |
| manage-bde -protectors -changeID C: -Type ExternalKey -ID | Change the ID for the specified external key protector on drive C:. |
| manage-bde -protectors -enable C: -Type ExternalKey | Enable the external key protector on drive C:. |
| manage-bde -protectors -disable C: -Type ExternalKey | Disable the external key protector on drive C:. |
| manage-bde -autounlock -enable C: -Type ExternalKey | Enable automatic unlocking of drive C: using the external key protector. |
| manage-bde -autounlock -disable C: -Type ExternalKey | Disable automatic unlocking of drive C: using the external key protector. |
| manage-bde -autounlock -status C: -Type ExternalKey | Check the status of automatic unlocking for drive C: using the external key protector. |
| manage-bde -keypackage -id {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -export C:recovery.bek | Export the key package for the specified protector ID to the specified file. |
| manage-bde -keypackage -id {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -import C:recovery.bek | Import the key package from the specified file. |
| manage-bde -autounlock -add C: -KeyPackage C:recovery.bek | Add an automatic unlocking key package to drive C: using the specified file. |
| manage-bde -autounlock -delete C: -KeyPackage C:recovery.bek | Delete the automatic unlocking key package from drive C: using the specified file. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -KeyPackage C:recovery.bek | Add a key protector and save the recovery information to AD using the specified key package file for drive C:. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -ExternalKey D:recovery.key | Add a key protector and save the recovery information to AD using the specified external key file for drive C:. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -RecoveryPassword | Add a key protector and save the recovery information to AD with a generated recovery password for drive C:. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -FriendlyName "My Key" | Add a key protector and save the recovery information to AD with a friendly name for drive C:. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -NumericalPassword | Add a key protector and save the recovery information to AD with a numerical password for drive C:. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -TPMAndPIN | Add a key protector and save the recovery information to AD with TPM and PIN for drive C:. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -TPMOrPIN | Add a key protector and save the recovery information to AD with TPM or PIN for drive C:. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -TPM | Add a key protector and save the recovery information to AD with TPM for drive C:. |
| manage-bde -protectors -adbackup C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -Password | Add a key protector and save the recovery information to AD with a password for drive C:. |
| manage-bde -protectors -delete C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -KeyPackage C:recovery.bek | Delete the specified key protector from drive C: and remove the recovery information from AD using the specified key package file. |
| manage-bde -protectors -delete C: -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -ExternalKey D:recovery.key | Delete the specified key protector from drive C: and remove the recovery information from AD using the specified external key file. |
| manage-bde -protectors -changeID C: -Type Password -ID | Change the ID for the specified password protector on drive C:. |
| manage-bde -protectors -changeID C: -Type NumericalPassword -ID | Change the ID for the specified numerical password protector on drive C:. |
| manage-bde -protectors -changeID C: -Type TPMAndPIN -ID | Change the ID for the specified TPM and PIN protector on drive C:. |
| manage-bde -protectors -changeID C: -Type TPMOrPIN -ID | Change the ID for the specified TPM or PIN protector on drive C:. |
| manage-bde -protectors -changeID C: -Type TPM -ID | Change the ID for the specified TPM protector on drive C:. |
| manage-bde -protectors -changeID C: -Type RecoveryKey -ID | Change the ID for the specified recovery key protector on drive C:. |
| manage-bde -protectors -changeID C: -Type ExternalKey -ID | Change the ID for the specified external key protector on drive C:. |
| manage-bde -protectors -changeID C: -Type Password -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -NewID {yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy} | Change the ID for the specified password protector on drive C: to the specified new ID. |
| manage-bde -protectors -changeID C: -Type NumericalPassword -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -NewID {yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy} | Change the ID for the specified numerical password protector on drive C: to the specified new ID. |
| manage-bde -protectors -changeID C: -Type TPMAndPIN -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -NewID {yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy} | Change the ID for the specified TPM and PIN protector on drive C: to the specified new ID. |
| manage-bde -protectors -changeID C: -Type TPMOrPIN -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -NewID {yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy} | Change the ID for the specified TPM or PIN protector on drive C: to the specified new ID. |
| manage-bde -protectors -changeID C: -Type TPM -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -NewID {yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy} | Change the ID for the specified TPM protector on drive C: to the specified new ID. |
| manage-bde -protectors -changeID C: -Type RecoveryKey -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -NewID {yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy} | Change the ID for the specified recovery key protector on drive C: to the specified new ID. |
| manage-bde -protectors -changeID C: -Type ExternalKey -ID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -NewID {yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy} | Change the ID for the specified external key protector on drive C: to the specified new ID. |
| manage-bde -protectors -disable C: -Type Password -ID | Disable the specified password protector on drive C:. |
| manage-bde -protectors -disable C: -Type NumericalPassword -ID | Disable the specified numerical password protector on drive C:. |
| manage-bde -protectors -disable C: -Type TPMAndPIN -ID | Disable the specified TPM and PIN protector on drive C:. |
| manage-bde -protectors -disable C: -Type TPMOrPIN -ID | Disable the specified TPM or PIN protector on drive C:. |
| manage-bde -protectors -disable C: -Type TPM -ID | Disable the specified TPM protector on drive C:. |
| manage-bde -protectors -disable C: -Type RecoveryKey -ID | Disable the specified recovery key protector on drive C:. |
| manage-bde -protectors -disable C: -Type ExternalKey -ID | Disable the specified external key protector on drive C:. |
| manage-bde -protectors -enable C: -Type Password -ID | Enable the specified password protector on drive C:. |
| manage-bde -protectors -enable C: -Type NumericalPassword -ID | Enable the specified numerical password protector on drive C:. |
| manage-bde -protectors -enable C: -Type TPMAndPIN -ID | Enable the specified TPM and PIN protector on drive C:. |
| manage-bde -protectors -enable C: -Type TPMOrPIN -ID | Enable the specified TPM or PIN protector on drive C:. |
| manage-bde -protectors -enable C: -Type TPM -ID | Enable the specified TPM protector on drive C:. |
| manage-bde -protectors -enable C: -Type RecoveryKey -ID | Enable the specified recovery key protector on drive C:. |
| manage-bde -protectors -enable C: -Type ExternalKey -ID | Enable the specified external key protector on drive C:. |
| manage-bde -autounlock -enable C: -Type Password -ID | Enable automatic unlocking of drive C: using the specified password protector. |
| manage-bde -autounlock -enable C: -Type NumericalPassword -ID | Enable automatic unlocking of drive C: using the specified numerical password protector. |
| manage-bde -autounlock -enable C: -Type TPMAndPIN -ID | Enable automatic unlocking of drive C: using the specified TPM and PIN protector. |
| manage-bde -autounlock -enable C: -Type TPMOrPIN -ID | Enable automatic unlocking of drive C: using the specified TPM or PIN protector. |
| manage-bde -autounlock -enable C: -Type TPM -ID | Enable automatic unlocking of drive C: using the specified TPM protector. |
| manage-bde -autounlock -enable C: -Type RecoveryKey -ID | Enable automatic unlocking of drive C: using the specified recovery key protector. |
| manage-bde -autounlock -enable C: -Type ExternalKey -ID | Enable automatic unlocking of drive C: using the specified external key protector. |
| manage-bde -autounlock -disable C: -Type Password -ID | Disable automatic unlocking of drive C: using the specified password protector. |
| manage-bde -autounlock -disable C: -Type NumericalPassword -ID | Disable automatic unlocking of drive C: using the specified numerical password protector. |
| manage-bde -autounlock -disable C: -Type TPMAndPIN -ID | Disable automatic unlocking of drive C: using the specified TPM and PIN protector. |
| manage-bde -autounlock -disable C: -Type TPMOrPIN -ID | Disable automatic unlocking of drive C: using the specified TPM or PIN protector. |
| manage-bde -autounlock -disable C: -Type TPM -ID | Disable automatic unlocking of drive C: using the specified TPM protector. |
| manage-bde -autounlock -disable C: -Type RecoveryKey -ID | Disable automatic unlocking of drive C: using the specified recovery key protector. |
| manage-bde -autounlock -disable C: -Type ExternalKey -ID | Disable automatic unlocking of drive C: using the specified external key protector. |
| manage-bde -autounlock -status C: -Type Password -ID | Check the status of automatic unlocking for drive C: using the specified password protector. |
| manage-bde -autounlock -status C: -Type NumericalPassword -ID | Check the status of automatic unlocking for drive C: using the specified numerical password protector. |
| manage-bde -autounlock -status C: -Type TPMAndPIN -ID | Check the status of automatic unlocking for drive C: using the specified TPM and PIN protector. |
| manage-bde -autounlock -status C: -Type TPMOrPIN -ID | Check the status of automatic unlocking for drive C: using the specified TPM or PIN protector. |
| manage-bde -autounlock -status C: -Type TPM -ID | Check the status of automatic unlocking for drive C: using the specified TPM protector. |
| manage-bde -autounlock -status C: -Type RecoveryKey -ID | Check the status of automatic unlocking for drive C: using the specified recovery key protector. |
| manage-bde -autounlock -status C: -Type ExternalKey -ID | Check the status of automatic unlocking for drive C: using the specified external key protector. |
| manage-bde -keypackage -id {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -copy C:recovery.key | Export a key package for the specified protector ID to the specified location. |
| manage-bde -keypackage -id {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -delete | Delete the key package for the specified protector ID. |
| manage-bde -cn | Change the computer name associated with the recovery information. |
| manage-bde -unlock C: -RecoveryPassword | Unlock drive C: using a recovery password. |
| manage-bde -unlock C: -Password | Unlock drive C: using a user password. |
| manage-bde -unlock C: -RecoveryKey D:\ | Unlock drive C: using a recovery key file located at D:. |
| manage-bde -lock C: | Lock drive C:. |
| manage-bde -ForceRecovery -Protectors C: | Force the computer into recovery mode for drive C:. |
| manage-bde -ForceRecovery -Reset -SkipHardwareTest | Force the computer into recovery mode and skip hardware test. |
| manage-bde -ForceRecovery -Disable | Disable the Force Recovery option. |
| manage-bde -ForceRecovery -Enable | Enable the Force Recovery option. |
| manage-bde -ForceRecovery -Status | Check the status of the Force Recovery option. |
| manage-bde -ForceRecovery -GetPolicy | Get the current Force Recovery policy settings. |
| manage-bde -ForceRecovery -SetPolicy 0 | Set the Force Recovery policy to allow recovery. |
| manage-bde -ForceRecovery -SetPolicy 1 | Set the Force Recovery policy to require recovery. |
| manage-bde -ForceRecovery -SetPolicy 2 | Set the Force Recovery policy to only audit recovery. |
| manage-bde -ForceRecovery -SetPolicy 3 | Set the Force Recovery policy to disable recovery. |
| manage-bde -ChangePassphrase C: | Change the passphrase for drive C:. |
| manage-bde -ChangePassphrase -Add C: | Add a new passphrase to drive C:. |
| manage-bde -ChangePassphrase -Delete C: -ID | Delete the specified passphrase from drive C:. |
| manage-bde -ChangePassphrase -Remove C: -ID | Remove the specified passphrase from drive C:. |
| manage-bde -protectors -get C: -Type RecoveryPassword | Get the recovery password protector for drive C:. |
| manage-bde -protectors -changeID C: -Type RecoveryPassword -ID | Change the ID for the recovery password protector on drive C:. |
| manage-bde -protectors -add C: -ExternalKey D:recovery.key | Add an external key protector to drive C: using the specified key file. |
| manage-bde -protectors -add C: -ExternalKey D:recovery.key -FriendlyName "My Recovery Key" | Add an external key protector to drive C: with a friendly name. |
| manage-bde -protectors -add C: -ExternalKey D:recovery.key -RecoveryPassword | Add an external key protector to drive C: and generate a recovery password. |