![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 63%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,853 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 50%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Hello,
Ideally, the drive should be locked (i.e. removed/reinserted or after a reboot) so that Windows applies the auto‐unlock setting. In your script you may be testing on a volume that is “already unlocked.”
So, to get auto‐unlock working using PowerShell you should do the following:
A. Confirm Your OS Drive Is Encrypted
• For auto‐unlock of removable drives to work, first ensure the system (boot) drive is encrypted by BitLocker (and ideally auto‐unlock is enabled on it).
• If you have not set up BitLocker on your OS drive, enable it and then try to enable removable auto‐unlock.
B. Ensure the Volume Is in the Correct (Locked) State
• Once your USB drive encryption reaches 100%, eject (or lock) the USB drive so that Windows “forgets” the current unlock state.
• Reinsert it to test whether it auto-unlocks.
C. Use the Command After OS and Volume Conditions Are Right
• Although your script uses:
Enable-BitLockerAutoUnlock -MountPoint "D:"
verify that this command is issued only after (a) the encryption is complete, (b) the OS drive is encrypted, and (c) any necessary waiting period has elapsed.
• You might even consider forcing a “lock” (using Lock-BitLocker –MountPoint "D:") and then issuing Enable-BitLockerAutoUnlock in your script.
An example “after the fact” script workflow might be:
# 1. Check that the OS drive (assumed C:) is encrypted
if (!(Get-BitLockerVolume -MountPoint "C:").VolumeStatus -eq 'FullyEncrypted') {
Write-Error "The OS drive must be encrypted with BitLocker first."
return
}
# 2. Wait/poll until the encryption on D: is 100%
while ((Get-BitLockerVolume -MountPoint "D:").EncryptionPercentage -lt 100) {
Start-Sleep -Seconds 5
}
# 3. (Optionally) Lock the drive so that autounlock can be proved
Lock-BitLocker -MountPoint "D:"
# 4. Enable auto-unlock
Enable-BitLockerAutoUnlock -MountPoint "D:"
After doing these steps, eject the USB drive and reinsert it (or reboot) and Windows should auto-unlock it. If you still have problems—and you note that the Control Panel shows the option “Turn on auto-unlock” instead of “Turn off auto-unlock”—double‑check that the OS drive’s BitLocker protection is active and that the key protectors have been written to disk. One way to verify this is to run:
manage-bde -autounlock -status
If it reports that auto‑unlock is enabled on your USB volume, then it’s likely a timing (or state) issue .
If the Answer is helpful, please click "Accept Answer" and upvote it.