Tips to Enable BitLocker with Command Line, using CMD in Windows 10/11:
In this post, we are going to discuss on How to Enable BitLocker with Command Line, Enable BitLocker using CMD in Windows 10/11. You will be guided with easy steps/methods to resolve the issue. Let’s starts the discussion.
‘Enable BitLocker with Command Line’ in Windows 10/11:
‘BitLocker’: BitLocker is full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. By default, BitLocker uses AES encryption algorithm in cipher block chaining (CBC) or XTC mode with 128-bit or 256-bit key. Bit Locker versions in Windows 7 and Windows serer 2008 R2 adds the ability to encrypt removable drives.
Starting with Windows Server 2012 and Windows 8, Microsoft has complemented BitLocker with Microsoft Encrypted Hard Drive specification, which enables the cryptographic operations of BitLocker encryption to be offloaded to storage device’s hardware. Now, it is quite simple and easy to enable and manage BitLocker through Windows PowerShell or Command Prompt (CMD).
If you are looking for ways to enable/disable BitLocker in Windows 10/11 computer using Command Prompt (CMD), then you are in right-place for this. If you are not aware, it is also possible to enable and manage BitLocker in Windows PC/laptop using GUI (Graphical User Interface) like using Control Panel utility, but you can also perform this operation using command line/CMD in Windows computer.
Command Lines offer more options to manage BitLocker in Windows PC while BitLocker Drive Encryption Manager (in Control Panel) doesn’t offer. Here, you are provided with easy ways to enable/disable BitLocker on Operating System boot drives, and fixed drives as well, set passwords, and create a USB Recovery Key for unlocking. This operation will be done using manage-bde.exe command-line tool designed to manage BitLocker on local machine. Let’s go for the steps.
How to Check BitLocker Encryption Status using Command Line?
Before performing BitLocker encryption process, you should check at first the status of BitLocker on the drive/volume.
Step 1: Type ‘cmd’ in Windows Search Box and press ‘SHIFT + ENTER’ keys on keyboard to open ‘Command Prompt as Administrator’
Step 2: Type the following command and hit ‘Enter’ key to execute to know the current encryption status of all volumes/drives on the device.
manage-bde –status
Step 3: You will see the list of volumes with encryption status. Now, you can apply next method to enable and manage BitLocker using CMD.
How to Enable BitLocker using CMD, with Command Line?
There are two types of volume partition in computer including boot drive that contains Operating System files, and non-boot drives/volumes. When configuring BitLocker on boot drive, you don’t need to enable auto-unlocking feature as it locks automatically using either Recovery key or pre-boot password. On other hand, the auto-unlocking feature on non-boot drive can be enabled so you don’t have to unlock it separately after logged into computer.
Method 1: Enable BitLocker with Only Recovery Key
For this, you need a secondary partition where you can store the Recovery Key having .bek file extension.
Step 1: Open ‘Command Prompt as Administrator’ using above method
Step 2: Type the following command and hit ‘Enter’ key to execute.
manage-bde -on c:
Step 3: This command enabled BitLocker on C: Drive volume. This can be combined with certain parameters that will generate a random 48-digit Recovery Key and store it of your choice. This, command enable BitLocker on C:, create a random Recovery key and save it to D: Drive.
manage-bde -on c: -recoverykey d: -recoverypassword
Step 4: You will not be able to see it recovery key using default File Explorer settings because it is hidden. The system needs to run a hardware test to start encryption process. Restart computer using following command.
shutdown /r /t 1
Step 5: After restart, keep the USB/Volume connected to your computer to unlock your OS drive. When you are logged in, you can see your OS drive is being encrypted.
Method 2: How to Enable BitLocker with PIN Authentication and Recovery Key?
You can also try to set a PIN or password on drive to unlock it with Recovery Key. In case you lose or forgot your PIN/password and don’t create a recovery key, accessing/recovering the encrypted data would be very difficult. You need to enable pre-boot password and personal identification number (PIn) support for BitLocker, before proceeding with configuring BitLocker with PIN or password.
Step 1: Download the compressed file by ‘https://www.itechtics.com/?dl_id=149’ opening page on your browser to get Enable PIN for BitLocker (Registry)
Step 2: Once downloaded, right-click on download file and extract it, double-click on EnablePinForBitLocker file to run it, and confirm it to run
Step 3: Once done, restart your computer to see the changes. After restart, you may proceed with configure BitLocker with only a PIN or password Authentication by executing following command. Replace ‘C’ with letter of drive that you want to encrypt.
manage-bde -protectors -add C: -pw
Step 4: You will need to enter the password that you want to set and confirm it, and press ‘Enter’ key after entering password.
Step 5: Now, use the following command to enable BitLocker on drive while saving the Recovery Key in another volume.
manage-bde -on c: -recoverykey d: -recoverypassword
Step 6: Once done, execute the ‘shutdown /r /t 1‘ command to restart your computer. After restart, you will be asked to enter PIN/password, enter your credentials to unlock the drive and boot in. Once you are logged-in, you can see the reminder of volume is being encrypted.
Method 3: How to Enable BitLocker Auto-Unlock with feature Command Line?
If you have enabled BitLocker on non-boot volume/drive, then those will need to be unlocked manually after you have logged into your system, unless auto-check feature is enabled, if not, you can enable it. Auto-Check feature will only unlock Non-OS drives/volumes automatically if OS drive is initially unlocked using BitLocker PIN/password or a Recovery key.
Step 1: Download .reg file by opening ‘https://www.itechtics.com/?dl_id=149’ page in browser, extract it and run it.
Step 2: Open ‘Command Prompt as Administrator’ and use the following command to configure a PIN or a password. Replace ‘D’ with the drive letter of volume that you want to encrypt
manage-bde -protectors -add D: pw
Step 3: Enter your password and re-confirm it and hit ‘Enter’ key each time.
Step 4: Now, enter the following command to enable auto-unlock feature while replacing ‘D’ with same drive letter.
manage-bde -autounock -enable D:
Step 5: Now, enable BitLocker on same drive by executing following command.
manage-bde -on D:
Step 6: The volume will now begin encryption.
How to Disable BitLocker drive using Command Line?
Step 1: Open ‘Command Prompt as Admisntrator’ and execute the following command to unlock the drive you want to. Replace ‘D’ with the drive letter you want to unlock.
manage-bde -unlock D: -pw
Step 2: Enter your PIN/Password for the drive and hit ‘Enter’ key
How to disable BitLocker Auto-Unlock using Command Line?
Step 1: Open Command Prompt as Administrator, type the following command and hit ‘Enter’ key to execute. Replace the ‘D’ with the drive letter you want to disable the feature on.
manage-bde -autounlock -disable D:
Step 2: Automatic unlocking of drive will now be disabled.
How to Disable BitLocker with Command Line?
Step 1: Open ‘Command Prompt as Administrator’
Step 2: Type the following command and hit ‘Enter’ key to execute. Replace ‘D’ with your respective drive letter.
manage-bde -off D:
Step 3: Once executed, its’ done.
Fix Windows PC issues with ‘PC Repair Tool’:
‘PC Repair Tool’ is easy & quick way to find and fix BSOD errors, DLL errors, EXE errors, problems with programs/applications, malware or viruses infections in computer, system files or registry issues, and other system issues with just few clicks.
Conclusion
I am sure this post helped you on How to Enable BitLocker with Command Line, Enable BitLocker using CMD with easy ways. You can read & follow our instructions to do so. That‘s all. For any suggestions or queries, please write on comment box below.
