Managing Bitlocker

by Mar 15, 2022

Better make sure your local drives on notebooks are encrypted. This protects your personal data in case a notebook gets stolen or is placed into garbage one day.

Most modern business notebooks come with TPM chips and support real-time encryption of hard drives. Windows comes with the PowerShell module “Bitlocker” that manages hard drive encryption:

PS> Get-Command -Module bitlocker 

CommandType Name                              Version Source   
----------- ----                              ------- ------   
Function    Add-BitLockerKeyProtector bitlocker
Function    Backup-BitLockerKeyProtector bitlocker
Function    BackupToAAD-BitLockerKeyProtector bitlocker
Function    Clear-BitLockerAutoUnlock bitlocker
Function    Disable-BitLocker        bitlocker
Function    Disable-BitLockerAutoUnlock bitlocker
Function    Enable-BitLocker         bitlocker
Function    Enable-BitLockerAutoUnlock bitlocker
Function    Get-BitLockerVolume      bitlocker
Function    Lock-BitLocker           bitlocker
Function    Remove-BitLockerKeyProtector bitlocker
Function    Resume-BitLocker         bitlocker
Function    Suspend-BitLocker        bitlocker
Function    Unlock-BitLocker         bitlocker 

Make sure you launch PowerShell elevated before you try any of these commands. Get-BitlockerVolume, for example, dumps current settings and protection status:

PS> Get-BitLockerVolume | Select-Object -Property *

ComputerName         : DELL7390
MountPoint           : C:
EncryptionMethod     : XtsAes128
AutoUnlockEnabled    : 
AutoUnlockKeyStored  : False
MetadataVersion      : 2
VolumeStatus         : FullyEncrypted
ProtectionStatus     : On
LockStatus           : Unlocked
EncryptionPercentage : 100
WipePercentage       : 0
VolumeType           : OperatingSystem
CapacityGB           : 938,0381
KeyProtector         : {Tpm, RecoveryPassword} 

The cmdlet revels current protection status, employed protection methods and EncryptionPercentage indicates whether encryption is completed or still working its way through your data.

If your hard drive is not encrypted you should read more about TPM and encryption first. While you can use Enable-Bitlocker to start encrypting your hard drive, it is important that you fully understand all encryption principles so you don’t accidentally lock yourself out.

Twitter This Tip! ReTweet this Tip!