HelpCache/BitLocker.psm1-help.xml
|
<?xml version = "1.0" encoding = "utf-8" ?>
<helpItems schema="maml"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Add-BitLockerKeyProtector</command:name><maml:description><maml:para>Adds a key protector for a BitLocker volume. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>BitLockerKeyProtector</command:noun><dev:version /></command:details><maml:description><maml:para>The Add-BitLockerKeyProtector cmdlet adds a protector for the volume key of the volume protected with BitLocker Drive Encryption. </maml:para><maml:para>When a user accesses a drive protected by BitLocker, such as when starting a computer, BitLocker requests the relevant key protector. For example, the user can enter a PIN or provide a USB drive that contains a key. BitLocker retrieves the encryption key and uses it to read data from the drive. </maml:para><maml:para>You can use one of the following methods or combinations of methods for a key protector: -- Trusted Platform Module (TPM). BitLocker uses the computer's TPM to protect the encryption key. If you specify this protector, users can access the encrypted drive as long as it is connected to the system board that hosts the TPM and the system boot integrity is intact. In general, TPM-based protectors can only be associated to an operating system volume. -- TPM and Personal Identification Number (PIN). BitLocker uses a combination of the TPM and a user-supplied PIN. A PIN is four to twenty digits or, if you allow enhanced PINs, four to twenty letters, symbols, spaces, or numbers. -- TPM, PIN, and startup key. BitLocker uses a combination of the TPM, a user-supplied PIN, and input from of a USB memory device that contains an external key. -- TPM and startup key. BitLocker uses a combination of the TPM and input from of a USB memory device. -- Startup key. BitLocker uses input from of a USB memory device that contains the external key. -- Password. BitLocker uses a password. -- Recovery key. BitLocker uses a recovery key stored as a specified file in a USB memory device. -- Recovery password. BitLocker uses a recovery password. -- Active Directory Domain Services (AD DS) account. BitLocker uses domain authentication to unlock data volumes. Operating system volumes cannot use this type of key protector.</maml:para><maml:para>You can add only one of these methods or combinations at a time, but you can run this cmdlet more than once on a volume. </maml:para><maml:para>Adding a key protector is a single operation; for example, adding a startup key protector to a volume that uses the TPM and PIN combination as a key protector results in two key protectors, not a single key protector that uses TPM, PIN, and startup key. Instead, add a protector that uses TPM, PIN, and startup key and then remove the TPM and PIN protector by using the Remove-BitLockerKeyProtector cmdlet. </maml:para><maml:para>For a password or PIN key protector, specify a secure string. You can use the ConvertTo-SecureString cmdlet to create a secure string. You can use secure strings in a script and still maintain confidentiality of passwords.</maml:para><maml:para>This cmdlet returns a BitLocker volume object. If you choose recovery password as your key protector but do not specify a 48-digit recovery password, this cmdlet creates a random 48-bit recovery password. The cmdlet stores the password as the RecoveryPassword field of the KeyProtector attribute of the BitLocker volume object.</maml:para><maml:para>If you use startup key or recovery key as part of your key protector, provide a path to store the key. This cmdlet stores the name of the file that contains the key in the KeyFileName field of the KeyProtector field in the BitLocker volume object.</maml:para><maml:para>For an overview of BitLocker, see <maml:navigationLink><maml:linkText>BitLocker Drive Encryption Overview</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-BitLockerKeyProtector</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet adds a key protector to the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="sid"><maml:name>ADAccountOrGroup</maml:name><maml:description><maml:para>Specifies an account using the format Domain\User. This cmdlet adds the account you specify as a key protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Service</maml:name><maml:description><maml:para>Indicates that the system account for this computer unlocks the encrypted volume.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="sidp"><maml:name>ADAccountOrGroupProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses an AD DS account as a protector for the volume encryption key. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Add-BitLockerKeyProtector</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet adds a key protector to the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="pw"><maml:name>Password</maml:name><maml:description><maml:para>Specifies a secure string object that contains a password. The cmdlet adds the password specified as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="pwp"><maml:name>PasswordProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a password as a protector for the volume encryption key. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Add-BitLockerKeyProtector</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet adds a key protector to the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="sk"><maml:name>StartupKeyPath</maml:name><maml:description><maml:para>Specifies a path to a startup key. The cmdlet adds the key stored in the specified path as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases="p"><maml:name>Pin</maml:name><maml:description><maml:para>Specifies a secure string object that contains a PIN. The cmdlet adds the PIN specified, with other data, as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="tpskp"><maml:name>TpmAndPinAndStartupKeyProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a combination of TPM, a PIN, and a startup key as a protector for the volume encryption key. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Add-BitLockerKeyProtector</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet adds a key protector to the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="p"><maml:name>Pin</maml:name><maml:description><maml:para>Specifies a secure string object that contains a PIN. The cmdlet adds the PIN specified, with other data, as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="tpp"><maml:name>TpmAndPinProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a combination of TPM and a PIN as a protector for the volume encryption key. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Add-BitLockerKeyProtector</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet adds a key protector to the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="rk"><maml:name>RecoveryKeyPath</maml:name><maml:description><maml:para>Specifies a path to a recovery key. This cmdlet adds the recovery key stored in the specified path as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="rkp"><maml:name>RecoveryKeyProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a recovery key as a protector for the volume encryption key. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Add-BitLockerKeyProtector</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet adds a key protector to the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="rp"><maml:name>RecoveryPassword</maml:name><maml:description><maml:para>Specifies a recovery password. If you do not specify this parameter, the cmdlet creates a random password. You can enter a 48 digit password. The cmdlet adds the password specified or created as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="rpp"><maml:name>RecoveryPasswordProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a recovery password as a protector for the volume encryption key. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Add-BitLockerKeyProtector</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet adds a key protector to the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="sk"><maml:name>StartupKeyPath</maml:name><maml:description><maml:para>Specifies a path to a startup key. The cmdlet adds the key stored in the specified path as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="skp"><maml:name>StartupKeyProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a startup key as a protector for the volume encryption key. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Add-BitLockerKeyProtector</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet adds a key protector to the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="sk"><maml:name>StartupKeyPath</maml:name><maml:description><maml:para>Specifies a path to a startup key. The cmdlet adds the key stored in the specified path as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="tskp"><maml:name>TpmAndStartupKeyProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a combination of TPM and a startup key as a protector for the volume encryption key. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Add-BitLockerKeyProtector</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet adds a key protector to the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="tpmp"><maml:name>TpmProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses TPM as a protector for the volume encryption key. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="sid"><maml:name>ADAccountOrGroup</maml:name><maml:description><maml:para>Specifies an account using the format Domain\User. This cmdlet adds the account you specify as a key protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="sidp"><maml:name>ADAccountOrGroupProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses an AD DS account as a protector for the volume encryption key. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet adds a key protector to the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="pw"><maml:name>Password</maml:name><maml:description><maml:para>Specifies a secure string object that contains a password. The cmdlet adds the password specified as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue><dev:type><maml:name>SecureString</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="pwp"><maml:name>PasswordProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a password as a protector for the volume encryption key. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases="p"><maml:name>Pin</maml:name><maml:description><maml:para>Specifies a secure string object that contains a PIN. The cmdlet adds the PIN specified, with other data, as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue><dev:type><maml:name>SecureString</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="rk"><maml:name>RecoveryKeyPath</maml:name><maml:description><maml:para>Specifies a path to a recovery key. This cmdlet adds the recovery key stored in the specified path as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="rkp"><maml:name>RecoveryKeyProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a recovery key as a protector for the volume encryption key. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="rp"><maml:name>RecoveryPassword</maml:name><maml:description><maml:para>Specifies a recovery password. If you do not specify this parameter, the cmdlet creates a random password. You can enter a 48 digit password. The cmdlet adds the password specified or created as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="rpp"><maml:name>RecoveryPasswordProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a recovery password as a protector for the volume encryption key. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Service</maml:name><maml:description><maml:para>Indicates that the system account for this computer unlocks the encrypted volume.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>False</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="sk"><maml:name>StartupKeyPath</maml:name><maml:description><maml:para>Specifies a path to a startup key. The cmdlet adds the key stored in the specified path as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="skp"><maml:name>StartupKeyProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a startup key as a protector for the volume encryption key. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="tpskp"><maml:name>TpmAndPinAndStartupKeyProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a combination of TPM, a PIN, and a startup key as a protector for the volume encryption key. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="tpp"><maml:name>TpmAndPinProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a combination of TPM and a PIN as a protector for the volume encryption key. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="tskp"><maml:name>TpmAndStartupKeyProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a combination of TPM and a startup key as a protector for the volume encryption key. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="tpmp"><maml:name>TpmProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses TPM as a protector for the volume encryption key. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>BitLockerVolume[], string[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>BitLockerVolume[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Add key protector</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$SecureString = ConvertTo-SecureString "1234" -AsPlainText -Force PS C:\>Add-BitLockerProtector -MountPoint "C:" -Pin $SecureString -TPMandPinProtector </dev:code><dev:remarks><maml:para>This example adds a combination of the TPM and a PIN as key protector for the BitLocker volume identified with the drive letter C:.</maml:para><maml:para>The first command uses the ConvertTo-SecureString cmdlet to create a secure string that contains a PIN and saves that string in the $SecureString variable. For more information about the ConvertTo-SecureString cmdlet, type Get-Help ConvertTo-SecureString.</maml:para><maml:para>The second command adds a protector to the BitLocker volume that has the drive letter C:. The command specifies that this volume uses a combination of the TPM and the PIN as key protector and provides the PIN saved in the $SecureString variable. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 2: Add a recovery key for all BitLocker volumes</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-BitLockerVolume | Add-BitLockerKeyProtector -RecoveryKeyPath "E:\Recovery\" -RecoveryKeyProtector </dev:code><dev:remarks><maml:para>This command gets all the BitLocker volumes for the current computer and passes them to the Add-BitLockerKeyProtector cmdlet by using the pipe operator. This cmdlet specifies a path to a recovery key and indicates that these volumes use a recovery key as a key protector.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 3: Add credentials as a key protector</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Add-BitLockerKeyProtector -MountPoint "C:" -AdAccountOrGroup "Western\SarahJones" -AdAccountOrGroupProtector </dev:code><dev:remarks><maml:para>This command adds an AD DS account key protector to the BitLocker volume specified by the MountPoint parameter. The command specifies an account and specifies that BitLocker uses user credentials as a key protector. When a user accesses this volume, BitLocker prompts for credentials for the user account Western\SarahJones.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/?linkid=287647</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Backup-BitLockerKeyProtector</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-BitLockerKeyProtector</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-BitLockerVolume</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-BitLocker</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Backup-BitLockerKeyProtector</command:name><maml:description><maml:para>Saves a key protector for a BitLocker volume in AD DS.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Backup</command:verb><command:noun>BitLockerKeyProtector</command:noun><dev:version /></command:details><maml:description><maml:para>The Backup-BitLockerKeyProtector cmdlet saves a recovery password key protector for a volume protected by BitLocker Drive Encryption to Active Directory Domain Services (AD DS). Specify a key to be saved by ID. </maml:para><maml:para>For an overview of BitLocker, see <maml:navigationLink><maml:linkText>BitLocker Drive Encryption Overview</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Backup-BitLockerKeyProtector</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. The cmdlet saves key protectors for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="2" aliases=""><maml:name>KeyProtectorId</maml:name><maml:description><maml:para>Specifies the ID for a key protector or a KeyProtector object. A BitLocker volume object includes a KeyProtector object. You can specify the key protector object itself, or you can specify the ID. See the Examples section. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="2" aliases=""><maml:name>KeyProtectorId</maml:name><maml:description><maml:para>Specifies the ID for a key protector or a KeyProtector object. A BitLocker volume object includes a KeyProtector object. You can specify the key protector object itself, or you can specify the ID. See the Examples section. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. The cmdlet saves key protectors for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>BitLockerVolume, String</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>BitLockerVolume </maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Save a key protector for a volume</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> $BLV = Get-BitLockerVolume -MountPoint "C:" PS C:\> Backup-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[1].KeyProtectorId </dev:code><dev:remarks><maml:para>This example saves a key protector for a specified BitLocker volume.</maml:para><maml:para>The first command uses Get-BitLockerVolume to obtain a BitLocker volume and store it in the $BLV variable.</maml:para><maml:para>The second command backs up the key protector for the BitLocker volume specified by the MountPoint parameter. The command specifies the key protector by using its ID, contained in the BitLocker object stored in $BLV. The KeyProtector attribute contains an array of key protectors associated to the volume. This command uses standard array syntax to index the KeyProtector object. The key protector that corresponds to the recovery password key protector can be identified by using the KeyProtectorType attribute in the KeyProtector object.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 2: Save a key protector using an ID</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Backup-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId "{E2611001E-6AD0-4A08-BAAA-C9c031DB2AA6}" </dev:code><dev:remarks><maml:para>This command saves a key protector for a specified BitLocker volume to AD DS. The command specifies the key protector by using its ID.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/?linkid=287648</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-BitLockerKeyProtector</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-BitLockerKeyProtector</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-BitLockerVolume</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Clear-BitLockerAutoUnlock</command:name><maml:description><maml:para>Removes BitLocker automatic unlocking keys.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Clear</command:verb><command:noun>BitLockerAutoUnlock</command:noun><dev:version /></command:details><maml:description><maml:para>The Clear-BitLockerAutoUnlock cmdlet removes all automatic unlocking keys used by BitLocker Drive Encryption. BitLocker stores these keys for the fixed data drives of a system on a volume that hosts a BitLocker-enabled operating system volume so that it can automatically unlock the fixed and removable data volumes in a system. This makes it easier for users to access data volumes. </maml:para><maml:para>You can configure BitLocker to automatically unlock volumes that do not host an operating system. After a user unlocks the operating system volume, BitLocker uses encrypted information stored in the registry and volume metadata to unlock any data volumes that use automatic unlocking.</maml:para><maml:para>You must remove automatic unlocking keys before you can disable BitLocker by using the Disable-BitLocker cmdlet. You can use the Disable-BitLockerAutoUnlock cmdlet to remove keys for specific volumes that use automatic unlocking instead of all volumes.</maml:para><maml:para>For an overview of BitLocker, see <maml:navigationLink><maml:linkText>BitLocker Drive Encryption Overview</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Clear-BitLockerAutoUnlock</maml:name></command:syntaxItem></command:syntax><command:parameters></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>String</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>BitLockerVolume</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Clear automatic unlocking keys</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Clear-BitLockerAutoUnlock </dev:code><dev:remarks><maml:para>This command clears all automatic unlocking keys stored on the current computer.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/?linkid=287649</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-BitLockerAutoUnlock</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-BitLockerAutoUnlock</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-BitLockerVolume</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Disable-BitLocker</command:name><maml:description><maml:para>Disables BitLocker encryption for a volume. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Disable</command:verb><command:noun>BitLocker</command:noun><dev:version /></command:details><maml:description><maml:para>The Disable-BitLocker cmdlet disables BitLocker Drive Encryption for a BitLocker volume. When you run this cmdlet, it removes all key protectors and begins decrypting the content of the volume. </maml:para><maml:para>If the volume that hosts the operating system contains any automatic unlocking keys, the cmdlet does not proceed. You can use the Clear-BitLockerAutoUnlock cmdlet to remove all automatic unlocking keys. Then you can disable BitLocker for the volume. </maml:para><maml:para>For an overview of BitLocker, see <maml:navigationLink><maml:linkText>BitLocker Drive Encryption Overview</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Disable-BitLocker</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. The cmdlet disables protection for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. The cmdlet disables protection for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>BitLockerVolume[], String[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>BitLockerVolume[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Disable BitLocker for a volume</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Disable-BitLocker -MountPoint "C:" </dev:code><dev:remarks><maml:para>This command disables BitLocker for the specified BitLocker volume. BitLocker begins decrypting data on C: immediately.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 2: Disable BitLocker for all volumes</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$BLV = Get-BitLockerVolume PS C:\>Disable-BitLocker -MountPoint $BLV </dev:code><dev:remarks><maml:para>This example disables BitLocker encryption for all volumes.</maml:para><maml:para>The first command uses Get-BitLockerVolume to get all the BitLocker volumes for the current computer and stores them in the $BLV variable. </maml:para><maml:para>The second command disables BitLocker encryption for all the BitLocker volumes stored in the $BLV variable. BitLocker begins decrypting data on the volumes.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/?linkid=287650</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Lock-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Resume-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Suspend-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Unlock-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-BitLockerVolume</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Disable-BitLockerAutoUnlock</command:name><maml:description><maml:para>Disables automatic unlocking for a BitLocker volume.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Disable</command:verb><command:noun>BitLockerAutoUnlock</command:noun><dev:version /></command:details><maml:description><maml:para>The Disable-BitLockerAutoUnlock cmdlet disables automatic unlocking for a volume protected by BitLocker Disk Encryption. The cmdlet removes automatic unlocking keys for specified volumes stored on a volume that hosts an operating system. </maml:para><maml:para>You can configure BitLocker to automatically unlock volumes that do not host an operating system. After a user unlocks the operating system volume, BitLocker uses encrypted information stored in the registry and volume metadata to access data volumes that use automatic unlocking.</maml:para><maml:para>You can specify a volume by drive letter, or you can specify a BitLocker volume object. You must remove automatic unlocking keys before you can disable BitLocker by using the Disable-BitLocker cmdlet. You can use the Clear-BitLockerAutoUnlock cmdlet to remove keys for all the volumes configured to use automatic unlocking instead of just specified volumes.</maml:para><maml:para>For an overview of BitLocker, see <maml:navigationLink><maml:linkText>BitLocker Drive Encryption Overview</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Disable-BitLockerAutoUnlock</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. The cmdlet disables automatic unlocking for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. The cmdlet disables automatic unlocking for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>BitLockerVolume[], String[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>BitLockerVolume[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Disable automatic unlocking for a volume</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Disable-AutoUnlock -MountPoint "E:" </dev:code><dev:remarks><maml:para>This command disables automatic unlocking for the specified BitLocker volume.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/?linkid=287651</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Clear-BitLockerAutoUnlock</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-BitLockerAutoUnlock</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-BitLockerVolume</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Enable-BitLocker</command:name><maml:description><maml:para>Enables encryption for a BitLocker volume.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Enable</command:verb><command:noun>BitLocker</command:noun><dev:version /></command:details><maml:description><maml:para>The Enable-BitLocker cmdlet enables BitLocker Drive Encryption for a volume. </maml:para><maml:para>When you enable encryption, you must specify a volume and an encryption method for that volume. You can specify a volume by drive letter or by specifying a BitLocker volume object. For the encryption method, you can choose either Advanced Encryption Standard (AES) algorithms AES-128 or AES-256, or you can use hardware encryption, if it is supported by the disk hardware. </maml:para><maml:para>You must also establish a key protector. BitLocker uses a key protector to encrypt the volume encryption key. When a user accesses a BitLocker encrypted drive, such as when starting a computer, BitLocker requests the relevant key protector. For example, the user can enter a PIN or provide a USB drive that contains a key. BitLocker decrypts the encryption key and uses it to read data from the drive. You can use one of the following methods or combinations of methods for a key protector: -- Trusted Platform Module (TPM) . BitLocker uses the computer's TPM to protect the encryption key. If you select this key protector, users can access the encrypted drive as long as it is connected to the system board that hosts the TPM and system boot integrity is intact. In general, TPM-based protectors can only be associated to an operating system volume. -- TPM and Personal Identification Number (PIN) . BitLocker uses a combination of the TPM and a user-supplied PIN. A PIN is four to twenty digits or, if you allow enhanced PINs, is four to twenty letters, symbols, spaces, or numbers. -- TPM, PIN, and startup key. BitLocker uses a combination of the TPM, a user-supplied PIN, and input from of a USB memory device that contains an external key. -- TPM and startup key. BitLocker uses a combination of the TPM and input from of a USB memory device. -- Startup key. BitLocker uses input from of a USB memory device that contains the external key. -- Password. BitLocker uses a password. -- Recovery key. BitLocker uses a recovery key stored as a specified file. -- Recovery password. BitLocker uses a recovery password. -- Active Directory Domain Services(AD DS). account. BitLocker uses domain authentication. </maml:para><maml:para>You can specify only one of these methods or combinations when you enable encryption, but you can use the Add-BitLockerKeyProtector cmdlet to add other protectors.</maml:para><maml:para>For a password or PIN key protector, specify a secure string. You can use the ConvertTo-SecureString cmdlet to create a secure string. You can use secure strings in a script and still maintain confidentiality of passwords.</maml:para><maml:para>This cmdlet returns a BitLocker volume object. If you choose recovery password as your key protector but do not specify a 48-digit recovery password, this cmdlet creates a random 48-bit recovery password. The cmdlet stores the password as the RecoveryPassword field of the KeyProtector attribute of the BitLocker volume object.</maml:para><maml:para>If you use startup key or recovery key as part of your key protector, provide a path to store the key. This cmdlet stores the name of the file that contains the key in the KeyFileName field of the KeyProtector field in the BitLocker volume object.</maml:para><maml:para>If you use the Enable-BitLocker cmdlet on an encrypted volume or on a volume that with encryption in process, it takes no action. If you use the cmdlet on a drive that has encryption paused, it resumes encryption on the volume.</maml:para><maml:para>By default, this cmdlet encrypts the entire drive. If you use the UsedSpaceOnly parameter, it only encrypts the used space in the disk. This option can significant reduce encryption time.</maml:para><maml:para>It is common practice to add a recovery password to an operating system volume by using the Add-BitLockerKeyProtector cmdlet, and then save the recovery password by using the Backup-BitLockerKeyProtector cmdlet, and then enable BitLocker for the drive. This procedure ensures that you have a recovery option.</maml:para><maml:para>For an overview of BitLocker, see <maml:navigationLink><maml:linkText>BitLocker Drive Encryption Overview</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Enable-BitLocker</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet enables protection for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="sid"><maml:name>AdAccountOrGroup</maml:name><maml:description><maml:para>Specifies an account using the format Domain\User. This cmdlet adds the account you specify as a key protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EncryptionMethod</maml:name><maml:description><maml:para>Specifies an encryption method for the encrypted drive. The acceptable values for this parameter are: -- Aes128 -- Aes256</maml:para></maml:description><command:parameterValue required="true" variableLength="false">BitLockerVolumeEncryptionMethodOnEnable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HardwareEncryption</maml:name><maml:description><maml:para>Indicates that the volume uses hardware encryption.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Service</maml:name><maml:description><maml:para>Indicates that the system account for this computer unlocks the encrypted volume.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="s"><maml:name>SkipHardwareTest</maml:name><maml:description><maml:para>Indicates that BitLocker does not perform a hardware test before it begins encryption. BitLocker uses a hardware test as a dry run to make sure that all the key protectors are correctly set up and that the computer can start without issues.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="qe"><maml:name>UsedSpaceOnly</maml:name><maml:description><maml:para>Indicates that BitLocker does not encrypt disk space which contains unused data.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="sidp"><maml:name>AdAccountOrGroupProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses an AD DS account as a protector for the volume encryption key. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Enable-BitLocker</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet enables protection for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="pw"><maml:name>Password</maml:name><maml:description><maml:para>Specifies a secure string object that contains a password. The password specified acts as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EncryptionMethod</maml:name><maml:description><maml:para>Specifies an encryption method for the encrypted drive. The acceptable values for this parameter are: -- Aes128 -- Aes256</maml:para></maml:description><command:parameterValue required="true" variableLength="false">BitLockerVolumeEncryptionMethodOnEnable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HardwareEncryption</maml:name><maml:description><maml:para>Indicates that the volume uses hardware encryption.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="s"><maml:name>SkipHardwareTest</maml:name><maml:description><maml:para>Indicates that BitLocker does not perform a hardware test before it begins encryption. BitLocker uses a hardware test as a dry run to make sure that all the key protectors are correctly set up and that the computer can start without issues.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="qe"><maml:name>UsedSpaceOnly</maml:name><maml:description><maml:para>Indicates that BitLocker does not encrypt disk space which contains unused data.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="pwp"><maml:name>PasswordProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a password as a protector for the volume encryption key. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Enable-BitLocker</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet enables protection for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="p"><maml:name>Pin</maml:name><maml:description><maml:para>Specifies a secure string object that contains a PIN. BitLocker uses the PIN specified, with other data, as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EncryptionMethod</maml:name><maml:description><maml:para>Specifies an encryption method for the encrypted drive. The acceptable values for this parameter are: -- Aes128 -- Aes256</maml:para></maml:description><command:parameterValue required="true" variableLength="false">BitLockerVolumeEncryptionMethodOnEnable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HardwareEncryption</maml:name><maml:description><maml:para>Indicates that the volume uses hardware encryption.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="s"><maml:name>SkipHardwareTest</maml:name><maml:description><maml:para>Indicates that BitLocker does not perform a hardware test before it begins encryption. BitLocker uses a hardware test as a dry run to make sure that all the key protectors are correctly set up and that the computer can start without issues.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="qe"><maml:name>UsedSpaceOnly</maml:name><maml:description><maml:para>Indicates that BitLocker does not encrypt disk space which contains unused data.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="tpp"><maml:name>TpmAndPinProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a combination of the TPM and a PIN as a protector for the volume encryption key. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Enable-BitLocker</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet enables protection for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="sk"><maml:name>StartupKeyPath</maml:name><maml:description><maml:para>Specifies a path to a startup key. The key stored in the specified path acts as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3" aliases="p"><maml:name>Pin</maml:name><maml:description><maml:para>Specifies a secure string object that contains a PIN. BitLocker uses the PIN specified, with other data, as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EncryptionMethod</maml:name><maml:description><maml:para>Specifies an encryption method for the encrypted drive. The acceptable values for this parameter are: -- Aes128 -- Aes256</maml:para></maml:description><command:parameterValue required="true" variableLength="false">BitLockerVolumeEncryptionMethodOnEnable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HardwareEncryption</maml:name><maml:description><maml:para>Indicates that the volume uses hardware encryption.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="s"><maml:name>SkipHardwareTest</maml:name><maml:description><maml:para>Indicates that BitLocker does not perform a hardware test before it begins encryption. BitLocker uses a hardware test as a dry run to make sure that all the key protectors are correctly set up and that the computer can start without issues.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="qe"><maml:name>UsedSpaceOnly</maml:name><maml:description><maml:para>Indicates that BitLocker does not encrypt disk space which contains unused data.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="tpskp"><maml:name>TpmAndPinAndStartupKeyProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a combination of the TPM, a PIN, and a startup key as a protector for the volume encryption key. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Enable-BitLocker</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet enables protection for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="rk"><maml:name>RecoveryKeyPath</maml:name><maml:description><maml:para>Specifies a path to a recovery key. The key stored in the specified path acts as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EncryptionMethod</maml:name><maml:description><maml:para>Specifies an encryption method for the encrypted drive. The acceptable values for this parameter are: -- Aes128 -- Aes256</maml:para></maml:description><command:parameterValue required="true" variableLength="false">BitLockerVolumeEncryptionMethodOnEnable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HardwareEncryption</maml:name><maml:description><maml:para>Indicates that the volume uses hardware encryption.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="s"><maml:name>SkipHardwareTest</maml:name><maml:description><maml:para>Indicates that BitLocker does not perform a hardware test before it begins encryption. BitLocker uses a hardware test as a dry run to make sure that all the key protectors are correctly set up and that the computer can start without issues.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="qe"><maml:name>UsedSpaceOnly</maml:name><maml:description><maml:para>Indicates that BitLocker does not encrypt disk space which contains unused data.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="rkp"><maml:name>RecoveryKeyProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a recovery key as a protector for the volume encryption key. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Enable-BitLocker</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet enables protection for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="rp"><maml:name>RecoveryPassword</maml:name><maml:description><maml:para>Specifies a recovery password. If you do not specify this parameter, but you do include the RecoveryPasswordProtector parameter, the cmdlet creates a random password. You can enter a 48 digit password. The password specified or created acts as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EncryptionMethod</maml:name><maml:description><maml:para>Specifies an encryption method for the encrypted drive. The acceptable values for this parameter are: -- Aes128 -- Aes256</maml:para></maml:description><command:parameterValue required="true" variableLength="false">BitLockerVolumeEncryptionMethodOnEnable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HardwareEncryption</maml:name><maml:description><maml:para>Indicates that the volume uses hardware encryption.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="s"><maml:name>SkipHardwareTest</maml:name><maml:description><maml:para>Indicates that BitLocker does not perform a hardware test before it begins encryption. BitLocker uses a hardware test as a dry run to make sure that all the key protectors are correctly set up and that the computer can start without issues.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="qe"><maml:name>UsedSpaceOnly</maml:name><maml:description><maml:para>Indicates that BitLocker does not encrypt disk space which contains unused data.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="rpp"><maml:name>RecoveryPasswordProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a recovery password as a protector for the volume encryption key. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Enable-BitLocker</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet enables protection for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="sk"><maml:name>StartupKeyPath</maml:name><maml:description><maml:para>Specifies a path to a startup key. The key stored in the specified path acts as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EncryptionMethod</maml:name><maml:description><maml:para>Specifies an encryption method for the encrypted drive. The acceptable values for this parameter are: -- Aes128 -- Aes256</maml:para></maml:description><command:parameterValue required="true" variableLength="false">BitLockerVolumeEncryptionMethodOnEnable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HardwareEncryption</maml:name><maml:description><maml:para>Indicates that the volume uses hardware encryption.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="s"><maml:name>SkipHardwareTest</maml:name><maml:description><maml:para>Indicates that BitLocker does not perform a hardware test before it begins encryption. BitLocker uses a hardware test as a dry run to make sure that all the key protectors are correctly set up and that the computer can start without issues.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="qe"><maml:name>UsedSpaceOnly</maml:name><maml:description><maml:para>Indicates that BitLocker does not encrypt disk space which contains unused data.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="skp"><maml:name>StartupKeyProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a startup key as a protector for the volume encryption key. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Enable-BitLocker</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet enables protection for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="sk"><maml:name>StartupKeyPath</maml:name><maml:description><maml:para>Specifies a path to a startup key. The key stored in the specified path acts as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EncryptionMethod</maml:name><maml:description><maml:para>Specifies an encryption method for the encrypted drive. The acceptable values for this parameter are: -- Aes128 -- Aes256</maml:para></maml:description><command:parameterValue required="true" variableLength="false">BitLockerVolumeEncryptionMethodOnEnable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HardwareEncryption</maml:name><maml:description><maml:para>Indicates that the volume uses hardware encryption.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="s"><maml:name>SkipHardwareTest</maml:name><maml:description><maml:para>Indicates that BitLocker does not perform a hardware test before it begins encryption. BitLocker uses a hardware test as a dry run to make sure that all the key protectors are correctly set up and that the computer can start without issues.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="qe"><maml:name>UsedSpaceOnly</maml:name><maml:description><maml:para>Indicates that BitLocker does not encrypt disk space which contains unused data.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="tskp"><maml:name>TpmAndStartupKeyProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a combination of the TPM and a startup key as a protector for the volume encryption key. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Enable-BitLocker</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet enables protection for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EncryptionMethod</maml:name><maml:description><maml:para>Specifies an encryption method for the encrypted drive. The acceptable values for this parameter are: -- Aes128 -- Aes256</maml:para></maml:description><command:parameterValue required="true" variableLength="false">BitLockerVolumeEncryptionMethodOnEnable</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HardwareEncryption</maml:name><maml:description><maml:para>Indicates that the volume uses hardware encryption.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="s"><maml:name>SkipHardwareTest</maml:name><maml:description><maml:para>Indicates that BitLocker does not perform a hardware test before it begins encryption. BitLocker uses a hardware test as a dry run to make sure that all the key protectors are correctly set up and that the computer can start without issues.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="qe"><maml:name>UsedSpaceOnly</maml:name><maml:description><maml:para>Indicates that BitLocker does not encrypt disk space which contains unused data.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="tpmp"><maml:name>TpmProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses the TPM as a protector for the volume encryption key. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="sid"><maml:name>AdAccountOrGroup</maml:name><maml:description><maml:para>Specifies an account using the format Domain\User. This cmdlet adds the account you specify as a key protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="sidp"><maml:name>AdAccountOrGroupProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses an AD DS account as a protector for the volume encryption key. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>EncryptionMethod</maml:name><maml:description><maml:para>Specifies an encryption method for the encrypted drive. The acceptable values for this parameter are: -- Aes128 -- Aes256</maml:para></maml:description><command:parameterValue required="true" variableLength="false">BitLockerVolumeEncryptionMethodOnEnable</command:parameterValue><dev:type><maml:name>BitLockerVolumeEncryptionMethodOnEnable</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>HardwareEncryption</maml:name><maml:description><maml:para>Indicates that the volume uses hardware encryption.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet enables protection for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="pw"><maml:name>Password</maml:name><maml:description><maml:para>Specifies a secure string object that contains a password. The password specified acts as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue><dev:type><maml:name>SecureString</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="pwp"><maml:name>PasswordProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a password as a protector for the volume encryption key. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="p"><maml:name>Pin</maml:name><maml:description><maml:para>Specifies a secure string object that contains a PIN. BitLocker uses the PIN specified, with other data, as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue><dev:type><maml:name>SecureString</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="rk"><maml:name>RecoveryKeyPath</maml:name><maml:description><maml:para>Specifies a path to a recovery key. The key stored in the specified path acts as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="rkp"><maml:name>RecoveryKeyProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a recovery key as a protector for the volume encryption key. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="rp"><maml:name>RecoveryPassword</maml:name><maml:description><maml:para>Specifies a recovery password. If you do not specify this parameter, but you do include the RecoveryPasswordProtector parameter, the cmdlet creates a random password. You can enter a 48 digit password. The password specified or created acts as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="rpp"><maml:name>RecoveryPasswordProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a recovery password as a protector for the volume encryption key. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Service</maml:name><maml:description><maml:para>Indicates that the system account for this computer unlocks the encrypted volume.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>False</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="s"><maml:name>SkipHardwareTest</maml:name><maml:description><maml:para>Indicates that BitLocker does not perform a hardware test before it begins encryption. BitLocker uses a hardware test as a dry run to make sure that all the key protectors are correctly set up and that the computer can start without issues.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="sk"><maml:name>StartupKeyPath</maml:name><maml:description><maml:para>Specifies a path to a startup key. The key stored in the specified path acts as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="skp"><maml:name>StartupKeyProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a startup key as a protector for the volume encryption key. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="tpskp"><maml:name>TpmAndPinAndStartupKeyProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a combination of the TPM, a PIN, and a startup key as a protector for the volume encryption key. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="tpp"><maml:name>TpmAndPinProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a combination of the TPM and a PIN as a protector for the volume encryption key. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="tskp"><maml:name>TpmAndStartupKeyProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses a combination of the TPM and a startup key as a protector for the volume encryption key. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="tpmp"><maml:name>TpmProtector</maml:name><maml:description><maml:para>Indicates that BitLocker uses the TPM as a protector for the volume encryption key. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="qe"><maml:name>UsedSpaceOnly</maml:name><maml:description><maml:para>Indicates that BitLocker does not encrypt disk space which contains unused data.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>BitLockerVolume[],String[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>BitLockerVolume[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Enable BitLocker</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> $SecureString = ConvertTo-SecureString "1234" -AsPlainText -Force PS C:\> Enable-BitLocker -MountPoint "C:" -EncryptionMethod Aes256 –UsedSpaceOnly -Pin $SecureString -TPMandPinProtector </dev:code><dev:remarks><maml:para>This example enables BitLocker for a specified drive using the TPM and a PIN for key protector.</maml:para><maml:para>The first command uses the ConvertTo-SecureString cmdlet to create a secure string that contains a PIN and saves that string in the $SecureString variable. For more information about the ConvertTo-SecureString cmdlet, type Get-Help ConvertTo-SecureString.</maml:para><maml:para>The second command enables BitLocker encryption for the BitLocker volume that has the drive letter C:. The cmdlet specifies an encryption algorithm and the PIN saved in the $SecureString variable. The command also specifies that this volume uses a combination of the TPM and the PIN as key protector. The command also specifies to encrypt the used space data on the disk, instead of the entire volume. When the system writes data to the volume in the future, that data is encrypted. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 2: Enable BitLocker with a specified recovery key</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Get-BitLockerVolume | Enable-BitLocker -EncryptionMethod Aes128 -RecoveryKeyPath "E:\Recovery\" -RecoveryKeyProtector </dev:code><dev:remarks><maml:para>This command gets all the BitLocker volumes for the current computer and passes pipes them to the Enable-BitLocker cmdlet by using the pipe operator. This cmdlet specifies an encryption algorithm for the volume or volumes. This command also specifies a path to a recovery key and indicates that these volumes use a recovery key as a key protector.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 3: Enable BitLocker with a specified user account</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Enable-BitLocker -MountPoint "C:" -EncryptionMethod Aes128 -AdAccountOrGroup "Western\SarahJones" -AdAccountOrGroupProtector </dev:code><dev:remarks><maml:para>This command encrypts the BitLocker volume specified by the MountPoint parameter, and uses the AES 128 encryption method. The command also specifies an account and specifies that BitLocker uses user credentials as a key protector. When a user accesses this volume, BitLocker prompts for credentials for the user account Western\SarahJones. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/?linkid=287652</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Lock-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Resume-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Suspend-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Unlock-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-BitLockerVolume</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Enable-BitLockerAutoUnlock</command:name><maml:description><maml:para>Enables automatic unlocking for a BitLocker volume.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Enable</command:verb><command:noun>BitLockerAutoUnlock</command:noun><dev:version /></command:details><maml:description><maml:para>The Enable-BitLockerAutoUnlock cmdlet enables automatic unlocking for a volume protected by BitLocker Disk Encryption. </maml:para><maml:para>You can configure BitLocker to automatically unlock volumes that do not host an operating system. After a user unlocks the operating system volume, BitLocker uses encrypted information stored in the registry and volume metadata to unlock any data volumes that use automatic unlocking.</maml:para><maml:para>For an overview of BitLocker, see <maml:navigationLink><maml:linkText>BitLocker Drive Encryption Overview</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Enable-BitLockerAutoUnlock</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. The cmdlet enables automatic unlocking for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. The cmdlet enables automatic unlocking for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>BitLockerVolume[], String[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>BitLockerVolume[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Enable automatic unlocking</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Enable-BitLockerAutoUnlock -MountPoint "E:" </dev:code><dev:remarks><maml:para>This command enables automatic unlocking for the specified BitLocker volume.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/?linkid=287653</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Clear-BitLockerAutoUnlock</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-BitLockerAutoUnlock</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-BitLockerVolume</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-BitLockerVolume</command:name><maml:description><maml:para>Gets information about volumes that BitLocker can protect.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>BitLockerVolume</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-BitLockerVolume cmdlet gets information about volumes that BitLocker Drive Encryption can protect. You can specify a BitLocker volume by drive letter, followed by a colon (C:, E:). If you do not specify a drive letter, this cmdlet gets all volumes for the current computer. </maml:para><maml:para>You can use this cmdlet to get BitLocker volumes to use with other cmdlets, such as the Enable-BitLocker cmdlet or the Add-BitLockerKeyProtector cmdlet. You can also use this cmdlet to view the following information about a BitLocker volume: -- VolumeType. Data or Operating System. -- Mount Point. Drive letter. -- CapacityGB. Size of drive. -- VolumeStatus. Whether BitLocker currently protects some, all, or none of the data on the volume. -- Encryption Percentage. Percent of the volume protected by BitLocker. -- KeyProtector. Type of key protector or protectors. -- AutoUnlock Enabled. Whether BitLocker uses automatic unlocking for the volume. -- Protection Status. Whether BitLocker currently uses a key protector to encrypt the volume encryption key.</maml:para><maml:para>For an overview of BitLocker, see <maml:navigationLink><maml:linkText>BitLocker Drive Encryption Overview</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-BitLockerVolume</maml:name><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters. This cmdlet gets these BitLocker volumes. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters. This cmdlet gets these BitLocker volumes. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>BitLockerVolume[], String[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>BitLockerVolume[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Get all BitLocker volumes</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Get-BitLockerVolume VolumeType Mount CapacityGB VolumeStatus Encryption KeyProtector AutoUnlock Protection Point Percentage Enabled Status ---------- ----- ---------- ------------ ---------- ------------ ---------- ---------- Data D: 931.51 EncryptionInProgress 1 {RecoveryPassword, Pas... Off Data E: 928.83 FullyDecrypted 0 {} Off OperatingSystem C: 232.54 FullyDecrypted 0 {Tpm} Off Data F: 0.98 FullyDecrypted 0 {} Off Data G: 1.70 FullyDecrypted 0 {} Off </dev:code><dev:remarks><maml:para>This command gets all the BitLocker volumes for the current computer. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 2: Get a specific BitLocker volume</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Get-BitLockerVolume -MountPoint "E:" VolumeType Mount CapacityGB VolumeStatus Encryption KeyProtector AutoUnlock Protection Point Percentage Enabled Status ---------- ----- ---------- ------------ ---------- ------------ ---------- ---------- Data E: 928.83 FullyDecrypted 0 {} Off </dev:code><dev:remarks><maml:para>This command gets the specified BitLocker volume.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/?linkid=287654</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-BitLockerKeyProtector</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-BitLockerAutoUnlock</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Lock-BitLocker</command:name><maml:description><maml:para>Prevents access to encrypted data on a BitLocker volume. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Lock</command:verb><command:noun>BitLocker</command:noun><dev:version /></command:details><maml:description><maml:para>The Lock-BitLocker cmdlet prevents access to all encrypted data on a volume that uses BitLocker Drive Encryption. You can use the Unlock-BitLocker cmdlet to restore access. </maml:para><maml:para>You can specify a volume to lock by drive letter, or you can specify a BitLocker volume object. This cmdlet cannot lock a volume that hosts the operating system. If you attempt to lock an already locked volume, this cmdlet does nothing.</maml:para><maml:para>For an overview of BitLocker, see <maml:navigationLink><maml:linkText>BitLocker Drive Encryption Overview</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Lock-BitLocker</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. The cmdlet attempts to lock the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="fd"><maml:name>ForceDismount</maml:name><maml:description><maml:para>Indicates that the cmdlet attempts to lock a drive even if the drive is in use. </maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="fd"><maml:name>ForceDismount</maml:name><maml:description><maml:para>Indicates that the cmdlet attempts to lock a drive even if the drive is in use. </maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. The cmdlet attempts to lock the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>BitLockerVolume[], String[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>BitLockerVolume[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Lock a volume</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Lock-Volume -MountPoint "E:" -ForceDismount </dev:code><dev:remarks><maml:para>This command locks the BitLocker volume specified with the Mount parameter. The command uses the ForceDismount parameter, so the cmdlet attempts to lock the volume even if it is in use.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/?linkid=287655</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Resume-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Suspend-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Unlock-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-BitLockerVolume</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Remove-BitLockerKeyProtector</command:name><maml:description><maml:para>Removes a key protector for a BitLocker volume. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>BitLockerKeyProtector</command:noun><dev:version /></command:details><maml:description><maml:para>The Remove-BitLockerKeyProtector cmdlet removes a key protector for a volume protected by BitLocker Drive Encryption. </maml:para><maml:para>You can specify a key protector to remove by using an ID. To add a protector, use the Add-BitLockerKeyProtector cmdlet. </maml:para><maml:para>If you remove all the key protectors for a BitLocker volume, BitLocker stores the data encryption key for the volume without using encryption. This means that any user that can access the volume can read the encrypted data on the volume unless you add a key protector. Any encrypted data on the drive remains encrypted. </maml:para><maml:para>We recommend you have at least one recovery password as key protector to a volume in case you need to recover a system.</maml:para><maml:para>For an overview of BitLocker, see <maml:navigationLink><maml:linkText>BitLocker Drive Encryption Overview</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-BitLockerKeyProtector</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. The cmdlet removes key protectors for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="2" aliases="id"><maml:name>KeyProtectorId</maml:name><maml:description><maml:para>Specifies the ID for a key protector or a KeyProtector object. A BitLocker volume object includes a KeyProtector object. You can specify the key protector object itself, or you can specify the ID. See the Examples section. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="2" aliases="id"><maml:name>KeyProtectorId</maml:name><maml:description><maml:para>Specifies the ID for a key protector or a KeyProtector object. A BitLocker volume object includes a KeyProtector object. You can specify the key protector object itself, or you can specify the ID. See the Examples section. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. The cmdlet removes key protectors for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>BitLockerVolume[], String[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>BitLockerVolume[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Remove a key protector for a volume</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> $BLV = Get-BitLockerVolume -MountPoint "C:" Remove-BitlockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[1] </dev:code><dev:remarks><maml:para>This example removes a key protector for a specified BitLocker volume.</maml:para><maml:para>The first command uses Get-BitLockerVolume to obtain a BitLocker volume and store it in the $BLV variable.</maml:para><maml:para>The second command removes the key protector for the BitLocker volume specified by the MountPoint parameter. The command specifies the key protector by using its ID, contained in the BitLocker object stored in $BLV. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/?linkid=287656</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-BitLockerKeyProtector</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Backup-BitLockerKeyProtector</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-BitLockerVolume</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Resume-BitLocker</command:name><maml:description><maml:para>Restores Bitlocker encryption for the specified volume. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Resume</command:verb><command:noun>BitLocker</command:noun><dev:version /></command:details><maml:description><maml:para>The Resume-BitLocker cmdlet restores encryption on a volume that uses BitLocker Drive Encryption. You can use the Suspend-BitLocker cmdlet to allow users to access encrypted data temporarily. Data written to the volume continues to be encrypted, but the key to unlock the operating system volume is in the open.</maml:para><maml:para>You can specify a volume by drive letter, or you can specify a BitLocker volume object. If you specify a BitLocker volume that is not suspended, this cmdlet has no effect on that volume.</maml:para><maml:para>For an overview of BitLocker, see <maml:navigationLink><maml:linkText>BitLocker Drive Encryption Overview</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Resume-BitLocker</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet resumes protection for the volumes specified. To obtain a BitLocker volume object, use theGet-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet resumes protection for the volumes specified. To obtain a BitLocker volume object, use theGet-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>BitLockerVolume[], String[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>BitLockerVolume[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Resume protection for a volume</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Resume-BitLocker -MountPoint "C:" </dev:code><dev:remarks><maml:para>This command resumes BitLocker protection for the C: drive.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>Example 2: Resume protection for all volumes on a computer</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-BitLockerVolume | Resume-BitLocker </dev:code><dev:remarks><maml:para>This command gets all the BitLocker volumes for the current computer by using the Get-BitLockerVolume cmdlet and passes them to Resume-BitLocker by using the pipe operator. The command restores protection for all BitLocker volumes. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/?linkid=287657</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Lock-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Suspend-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Unlock-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-BitLockerVolume</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Suspend-BitLocker</command:name><maml:description><maml:para>Suspends Bitlocker encryption for the specified volume.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Suspend</command:verb><command:noun>BitLocker</command:noun><dev:version /></command:details><maml:description><maml:para>The Suspend-BitLocker cmdlet suspends Bitlocker encryption, allowing users to access encrypted data on a volume that uses BitLocker Drive Encryption. This cmdlet makes the encryption key available in the clear. </maml:para><maml:para>Suspension of BitLocker does not mean that BitLocker decrypts data on the volume. Instead, suspension makes key used to decrypt the data available to everyone in the clear. New data written to the disk is still encrypted. </maml:para><maml:para>While suspended, BitLocker does not validate system integrity at start up. You might suspend BitLocker protection for firmware upgrades or system updates.</maml:para><maml:para>You can specify the number of times that a computer restarts before the BitLocker suspension ends by using the RebootCount parameter, or you can use the Resume-BitLocker cmdlet to manually resume protection. If you do not specify the RebootCount parameter, the cmdlet uses a value of one (1), so BitLocker protection resumes after the next restart.</maml:para><maml:para>For an overview of BitLocker, see <maml:navigationLink><maml:linkText>BitLocker Drive Encryption Overview</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Suspend-BitLocker</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet suspends protection for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>RebootCount</maml:name><maml:description><maml:para>Specifies the number of computer restarts before BitLocker restores protection. The acceptable values for this parameter are: integers from 0 to 15. Specify zero to suspend protection indefinitely until you resume it by using the Resume-BitLocker cmdlet.</maml:para><maml:para>If you do not inclue this parameter, the cmdlet uses a value of one.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. This cmdlet suspends protection for the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>RebootCount</maml:name><maml:description><maml:para>Specifies the number of computer restarts before BitLocker restores protection. The acceptable values for this parameter are: integers from 0 to 15. Specify zero to suspend protection indefinitely until you resume it by using the Resume-BitLocker cmdlet.</maml:para><maml:para>If you do not inclue this parameter, the cmdlet uses a value of one.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>0</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>BitLockerVolume[], String[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>BitLockerVolume[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Suspend BitLocker protection</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Suspend-BitLocker -MountPoint "C:" -RebootCount 0 </dev:code><dev:remarks><maml:para>This command suspends Bitlocker encryption on the BitLocker volume specified by the MountPoint parameter. Because the RebootCount parameter value is 0, BitLocker encryption remains suspended until you run the Resume-BitLocker cmdlet. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/?linkid=287658</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Lock-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Resume-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Unlock-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-BitLockerVolume</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Unlock-BitLocker</command:name><maml:description><maml:para>Restores access to data on a BitLocker volume.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Unlock</command:verb><command:noun>BitLocker</command:noun><dev:version /></command:details><maml:description><maml:para>The Unlock-BitLocker cmdlet restores access to encrypted data on a volume that uses BitLocker Drive Encryption. You can use the Lock-BitLocker cmdlet to prevent access. </maml:para><maml:para>In order to restore access, provide one of the following key protectors for the volume: -- Active Directory Domain Services (AD DS) account -- Password -- Recovery key -- Recovery password</maml:para><maml:para>For an overview of BitLocker, see <maml:navigationLink><maml:linkText>BitLocker Drive Encryption Overview</maml:linkText><maml:uri></maml:uri></maml:navigationLink> (http://technet.microsoft.com/en-us/library/cc732774.aspx) on TechNet.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Unlock-BitLocker</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. The cmdlet unlocks the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AdAccountOrGroup</maml:name><maml:description><maml:para>Indicates that BitLocker requires account credentials to unlock the volume. In order to use this parameter, the account for the current user must be a key protector for the volume.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Unlock-BitLocker</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. The cmdlet unlocks the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="pw"><maml:name>Password</maml:name><maml:description><maml:para>Specifes a secure string that contains a password. The password specified acts as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Unlock-BitLocker</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. The cmdlet unlocks the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="rk"><maml:name>RecoveryKeyPath</maml:name><maml:description><maml:para>Specifies the path to a recovery key. The key stored in the specified path acts as a protector for the volume encryption.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Unlock-BitLocker</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. The cmdlet unlocks the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="rp"><maml:name>RecoveryPassword</maml:name><maml:description><maml:para>Specifies a recovery password. The password specified acts as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AdAccountOrGroup</maml:name><maml:description><maml:para>Indicates that BitLocker requires account credentials to unlock the volume. In order to use this parameter, the account for the current user must be a key protector for the volume.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>MountPoint</maml:name><maml:description><maml:para>Specifies an array of drive letters or BitLocker volume objects. The cmdlet unlocks the volumes specified. To obtain a BitLocker volume object, use the Get-BitLockerVolume cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="pw"><maml:name>Password</maml:name><maml:description><maml:para>Specifes a secure string that contains a password. The password specified acts as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue><dev:type><maml:name>SecureString</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="rk"><maml:name>RecoveryKeyPath</maml:name><maml:description><maml:para>Specifies the path to a recovery key. The key stored in the specified path acts as a protector for the volume encryption.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="rp"><maml:name>RecoveryPassword</maml:name><maml:description><maml:para>Specifies a recovery password. The password specified acts as a protector for the volume encryption key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before running the cmdlet.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>BitLockerVolume[], String[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>BitLockerVolume[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>Example 1: Unlock a volume</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> $SecureString = ConvertTo-SecureString "fjuksAS1337" -AsPlainText -Force PS C:\> Unlock-BitLocker -MountPoint "E:" -Password $SecureString </dev:code><dev:remarks><maml:para>This example unlocks a specified BitLocker volume by using a password.</maml:para><maml:para>The first command uses the ConvertTo-SecureString cmdlet to create a secure string that contains a password and saves it in the $SecureString variable. For more information about the ConvertTo-SecureString cmdlet, type Get-Help ConvertTo-SecureString.</maml:para><maml:para>The second command unlocks the specified BitLocker volume by using the password saved in the $SecureString variable. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/?linkid=287659</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Lock-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Resume-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Suspend-BitLocker</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-BitLockerVolume</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> </helpItems> |