Managing Bitlocker

by Mar 15, 2022

Better make sure your local drives on notebooks are encrypted. This protects your personal data in case a notebook gets stolen or is placed into garbage one day.

Most modern business notebooks come with TPM chips and support real-time encryption of hard drives. Windows comes with the PowerShell module “Bitlocker” that manages hard drive encryption:

 
PS> Get-Command -Module bitlocker 

CommandType Name                              Version Source   
----------- ----                              ------- ------   
Function    Add-BitLockerKeyProtector         1.0.0.0 bitlocker
Function    Backup-BitLockerKeyProtector      1.0.0.0 bitlocker
Function    BackupToAAD-BitLockerKeyProtector 1.0.0.0 bitlocker
Function    Clear-BitLockerAutoUnlock         1.0.0.0 bitlocker
Function    Disable-BitLocker                 1.0.0.0 bitlocker
Function    Disable-BitLockerAutoUnlock       1.0.0.0 bitlocker
Function    Enable-BitLocker                  1.0.0.0 bitlocker
Function    Enable-BitLockerAutoUnlock        1.0.0.0 bitlocker
Function    Get-BitLockerVolume               1.0.0.0 bitlocker
Function    Lock-BitLocker                    1.0.0.0 bitlocker
Function    Remove-BitLockerKeyProtector      1.0.0.0 bitlocker
Function    Resume-BitLocker                  1.0.0.0 bitlocker
Function    Suspend-BitLocker                 1.0.0.0 bitlocker
Function    Unlock-BitLocker                  1.0.0.0 bitlocker

Make sure you launch PowerShell elevated before you try any of these commands. Get-BitlockerVolume, for example, dumps current settings and protection status:

 
PS> Get-BitLockerVolume | Select-Object -Property *


ComputerName         : DELL7390
MountPoint           : C:
EncryptionMethod     : XtsAes128
AutoUnlockEnabled    : 
AutoUnlockKeyStored  : False
MetadataVersion      : 2
VolumeStatus         : FullyEncrypted
ProtectionStatus     : On
LockStatus           : Unlocked
EncryptionPercentage : 100
WipePercentage       : 0
VolumeType           : OperatingSystem
CapacityGB           : 938,0381
KeyProtector         : {Tpm, RecoveryPassword}

The cmdlet revels current protection status, employed protection methods and EncryptionPercentage indicates whether encryption is completed or still working its way through your data.

If your hard drive is not encrypted you should read more about TPM and encryption first. While you can use Enable-Bitlocker to start encrypting your hard drive, it is important that you fully understand all encryption principles so you don’t accidentally lock yourself out.

Twitter This Tip! ReTweet this Tip!