Get BitLocker recovery password

Question

I am using the following PowerShell code to encrypt a drive. When I run it's it gives the following output and I am not able to assign it to a variable. It does not seem like a regular output. Any help is appreciated.

Code:

Enable-BitLocker -MountPoint $MountPoint -EncryptionMethod Aes256 -UsedSpaceOnly -RecoveryPasswordProtector

Output:

    WARNING: ACTIONS REQUIRED:

1. Save this numerical recovery password in a secure location away from your computer:

405273-201047-403040-618189-117755-037620-586223-109186

To prevent data loss, save this password immediately. This password helps ensure that you can unlock the encrypted volume.

score 0 · Answer 1 · answered Aug 10 '23 at 21:08

0

After you have run that command to encrypt the drive, you can get the key via:

(Get-BitLockerVolume -MountPoint D:).KeyProtector.RecoveryPassword

You just need to replace the drive: D: with the drive you encrypted. Note though this is only for this type of manual password recovery. In a domain environment its better to backup the key to Active Directory rather than keeping it just as txt file somewhere.

answered Aug 10 '23 at 21:08

KG-DROID

268
6

I also see that when I run Enable-BitLocker it sometimes lock the data drive. I have included the following line to autounlock right after enabling bitlocker but it doesn't seem to be working. I see sometime the drives are getting locked. Do you know the reason and a way to overcome this? Enable-BitLocker -MountPoint $drive -EncryptionMethod Aes256 -UsedSpaceOnly -RecoveryPasswordProtector Enable-BitLockerAutoUnlock -MountPoint $drive – user25998 Aug 14 '23 at 20:54
What do you mean by not working? Does it error? or Doesnt error, but after a restart the drive is locked still or something like that? – KG-DROID Aug 14 '23 at 21:33

Get BitLocker recovery password

1 Answers1