Delen via

Bitlocker on Vista - More than one partition!

  • Artikel

On several occasions I stated the I expect that the Commandline-Interface of Bitlocker allows for encryption on more than one partition even on Windows Vista. We knew that it was coming for on Windows Server codename Longhorn. But on Windows Vista.

Now, check for yourself. The command is cscript manage-bde.wsf it is located in the system32 directory and needs Administrator privileges. If you use it with /? it shows the parameter:

manage-bde[.wsf] -parameter [arguments]

Description:
Configures BitLocker Drive Encryption on disk volumes.

Parameter List:
-status Provides information about BitLocker-capable volumes.
-on Encrypts the volume and turns BitLocker protection on.
-off Decrypts the volume and turns BitLocker protection off.
-pause Pauses encryption or decryption.
-resume Resumes encryption or decryption.
-lock Prevents access to BitLocker-encrypted data.
-unlock Allows access to BitLocker-encrypted data.
-autounlock Manages automatic unlocking of data volumes.
-protectors Manages protection methods for the encryption key.
-tpm Configures the computer's Trusted Platform Module (TPM).
-ForceRecovery or -fr
Forces a BitLocker-protected OS to recover on restarts.
-ComputerName or -cn
Runs on another computer. Examples: "ComputerX", "127.0.0.1"
-? or /? Displays brief help. Example: "-ParameterSet -?"
-Help or -h Displays complete help. Example: "-ParameterSet -h"

Examples:
manage-bde -status
manage-bde -on C: -RecoveryPassword -RecoveryKey F:\
manage-bde -unlock E: -RecoveryKey F:\84E151C1...7A62067A512.bek

Got it? there is an option called -on to configure the disk :-)

If you run the help for the -on option you get:

manage-bde -on Volume
[{-RecoveryPassword|-rp} [NumericalPassword] ]
[{-RecoveryKey|-rk} PathToExternalKeyDirectory]
[{-StartupKey|-sk} PathToExternalKeyDirectory]
[{-TPMAndPIN|-tp} PIN]
[{-TPMAndStartupKey|-tsk} PathToExternalKeyDirectory]
[{-EncryptionMethod|-em}
{aes128_diffuser|
aes256_diffuser|
aes128|
aes256}]
[{-ComputerName|-cn} ComputerName]
[{-?|/?}] [{-Help|-h}]

Description:
Encrypts the volume and turns BitLocker protection on.

Parameter List:
Volume A drive letter followed by a colon. Example: "C:"
-RecoveryPassword or -rp
Adds a Numerical Password protector.
-RecoveryKey or -rk
Adds an External Key protector for recovery.
-StartupKey or -sk
Adds an External Key protector for startup.
-TPMAndPIN or -tp
Adds a TPM And PIN protector for the OS volume.
-TPMAndStartupKey or -tsk
Adds a TPM And Startup Key protector for the OS volume.
-EncryptionMethod or -em
Configures the encryption algorithm and key size.
-SkipHardwareTest or -s
Begins encryption without a hardware test.
-ComputerName or -cn
Runs on another computer. Examples: "ComputerX", "127.0.0.1"
-? or /? Displays brief help. Example: "-ParameterSet -?"
-Help or -h Displays complete help. Example: "-ParameterSet -h"

Examples:
manage-bde -on C: -RecoveryPassword
manage-bde -on C: -RecoveryKey e:\ -RecoveryPassword
manage-bde -on C: -rp -rk "f:\Folder" -SkipHardwareTest

Go out there and use it

Roger

Comments