To enable BitLocker on a computer with a TPM without defining any protectors, enter the following command: manage-bde.exe -on C: On computers with a TPM, it's possible to encrypt the operating system volume without defining any protectors using manage-bde.exe. With the protectors enabled on the volume, BitLocker can then be turned on.
#User unlox exe password
The above command will require the password protector to be entered and confirmed before adding them to the volume.
To add the protectors, enter the following command: manage-bde.exe -protectors -add C: -pw -sid In this scenario, the protectors are added first. manage-bde.exe -protectors -add C: -startupkey E:Īfter the encryption is completed, the USB startup key must be inserted before the operating system can be started.Īn alternative to the startup key protector on non-TPM hardware is to use a password and an ADaccountorgroup protector to protect the operating system volume. Once the commands are run, it will prompt to reboot the computer to complete the encryption process. In this example, the drive letter E represents the USB drive. When BitLocker is enabled for the operating system volume, BitLocker will need to access the USB flash drive to obtain the encryption key. Before beginning the encryption process, the startup key needed for BitLocker must be created and saved to a USB drive. The following example illustrates enabling BitLocker on a computer without a TPM chip. This command returns the volumes on the target, current encryption status, encryption method, and volume type (operating system or data) for each volume: Use the following command to determine volume status: manage-bde.exe -status
#User unlox exe plus
It's recommended to add at least one primary protector plus a recovery protector to an operating system volume.Ī good practice when using manage-bde.exe is to determine the volume status on the target system. However, many environments require more secure protectors such as passwords or PIN and expect information recovery with a recovery key. In general, using only the manage-bde.exe -on command will encrypt the operating system volume with a TPM-only protector and no recovery key. Listed below are examples of basic valid commands for operating system volumes.
Using manage-bde with operating system volumes The following sections provide examples of common usage scenarios for manage-bde.
A volume encrypted in this manner still requires user interaction to turn on BitLocker protection, even though the command successfully completed because an authentication method needs to be added to the volume for it to be fully protected. For example, using just the manage-bde.exe -on command on a data volume will fully encrypt the volume without any authenticating protectors. Manage-bde includes fewer default settings and requires greater customization for configuring BitLocker. For a complete list of the manage-bde.exe options, see the Manage-bde command-line reference. Manage-bde offers additional options not displayed in the BitLocker control panel. Manage-bde is a command-line tool that can be used for scripting BitLocker operations.
#User unlox exe windows
#User unlox exe how to
This article for the IT professional describes how to use tools to manage BitLocker.īitLocker Drive Encryption Tools include the command-line tools manage-bde and repair-bde and the BitLocker cmdlets for Windows PowerShell.īoth manage-bde and the BitLocker cmdlets can be used to perform any task that can be accomplished through the BitLocker control panel and are appropriate to use for automated deployments and other scripting scenarios.
0 kommentar(er)
