Using the control panel, administrators can choose Turn on BitLocker to start the BitLocker Drive Encryption wizard and add a protector, like PIN for an operating system volume or password if no TPM exists , or a password or smart card protector to a data volume.
The drive security window displays prior to changing the volume status. Selecting Activate BitLocker will complete the encryption process. Administrators who prefer a command-line interface can utilize manage-bde to check volume status. Manage-bde is capable of returning more information about the volume than the graphical user interface tools in the control panel. For example, manage-bde can display the BitLocker version in use, the encryption type, and the protectors associated with a volume.
If no volume letter is associated with the -status command, all volumes on the computer display their status. Windows PowerShell commands offer another way to query BitLocker status for volumes.
Like manage-bde, Windows PowerShell includes the advantage of being able to check the status of a volume on a remote computer. To get information that is more detailed on a specific volume, use the following command:.
This command will display information about the encryption method, volume type, key protectors, etc. Administrators can enable BitLocker prior to operating system deployment from the Windows Pre-installation Environment.
This task is done with a randomly generated clear key protector applied to the formatted volume and encrypting the volume prior to running the Windows setup process. If the encryption uses the Used Disk Space Only option described later in this document, this step takes only a few seconds and incorporates well into regular deployment processes.
Decrypting volumes removes BitLocker and any associated protectors from the volumes. Decryption should occur when protection is no longer required.
BitLocker decryption should not occur as a troubleshooting step. BitLocker can be removed from a volume using the BitLocker control panel applet, manage-bde, or Windows PowerShell cmdlets. We will discuss each method further below. BitLocker decryption using the control panel is done using a Wizard.
The control panel can be called from Windows Explorer or by opening the directly. After opening the BitLocker control panel, users will select the Turn off BitLocker option to begin the process.
Once selected, the user chooses to continue by clicking the confirmation dialog. With Turn off BitLocker confirmed, the drive decryption process will begin and report status to the control panel.
The control panel does not report decryption progress but displays it in the notification area of the task bar. Selecting the notification area icon will open a modal dialog with progress. Once decryption is complete, the drive will update its status in the control panel and is available for encryption. Decrypting volumes using manage-bde is straightforward. Decryption with manage-bde offers the advantage of not requiring user confirmation to start the process.
Manage-bde uses the -off command to start the decryption process. A sample command for decryption is:. This command disables protectors while it decrypts the volume and removes all protectors when decryption is complete.
If a user wishes to check the status of the decryption, they can use the following command:. Decryption with Windows PowerShell cmdlets is straightforward, similar to manage-bde. The additional advantage Windows PowerShell offers is the ability to decrypt multiple drives in one pass. In the example below, the user has three encrypted volumes, which they wish to decrypt. Using the Disable-BitLocker command, they can remove all protectors and encryption at the same time without the need for additional commands.
An example of this command is:. If a user did not want to input each mount point individually, using the -MountPoint parameter in an array can sequence the same command into one line without requiring additional user input. An example command is:. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. Is this page helpful? Please rate your experience Yes No.
Any additional feedback? Note Deleted files appear as free space to the file system, which is not encrypted by used disk space only. Note In the event that there are more than four protectors for a volume, the pipe command may run out of display space. For users of Vista Business, they have to complete the above procedures manually.
It involves 3 tools. Before we begin, make sure the disk is fully dedragmented e. Right click C: the Vista system partition and select "Shrink". Free at least 1. This site uses Akismet to reduce spam. Learn how your comment data is processed. Two quick fixes that were applied to finally resolve this are as follows: Since the problematic machine was a laptop Dell Latitude E hibernation was turned off powercfg -h off in command line System Restore points were also deleted cleanmgr is the command, then More Options tab, System Restore and Shadow Copies and Clean up After this I re-run BitLocker drive encryption wizard and all was happy again!
Like this: Like Loading Leave a Reply Cancel reply. You may need to manually prepare your drive for BitLocker. The following error message is displayed: "BitLocker setup failed to copy boot files. If you are upgrading computers in your organization from a previous version of Windows and those computers were configured with a single partition, you should create the required BitLocker system partition before applying the policy setting to the computers. Displays the drive letter, the total size, the maximum free space, and the partition characteristics of the partitions on the drive specified.
Only valid partitions are listed.
0コメント