Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
Applies To: Windows 7, Windows Server 2008 R2
Encrypts the drive and turns on BitLocker. For examples of how this command can be used, see Examples.
Syntax
manage-bde –on <Drive> {[-recoveryPassword <NumericalPassword>]|[-recoverykey <PathToExternalDirectory>]|[-startupkey <PathToExternalKeyDirectory>]|[-certificate]|
[-tpmandpin]|[-tpmandpinandstartupkey <PathToExternalKeyDirectory>]|[-tpmandstartupkey <PathToExternalKeyDirectory>]|[-password]}
[-encryptionmethod {aes128_diffuser|aes256_diffuser|aes128|aes256}] [-skiphardwaretest] [-discoveryvolumetype <FileSystemType>] [-computername <Name>]
[{-?|/?}] [{-help|-h}]
Parameters
| Parameter | Description |
|---|---|
<Drive> |
Represents a drive letter followed by a colon. |
-recoverypassword |
Adds a numerical password protector. You can also use -rp as an abbreviated version of this command. |
<NumericalPassword> |
Represents the recovery password. |
-recoverykey |
Adds an external key protector for recovery. You can also use -rk as an abbreviated version of this command. |
<PathToExternalDirectory> |
Represents the directory path to the recovery key. |
-startupkey |
Adds an external key protector for startup. You can also use -sk as an abbreviated version of this command. |
<PathToExternalKeyDirectory> |
Represents the directory path to the startup key. |
-certificate |
Adds a public key protector for a data drive. You can also use -cert as an abbreviated version of this command. |
-tpmandpin |
Adds a Trusted Platform Module (TPM) and personal identification number (PIN) protector for the operating system drive. You can also use -tp as an abbreviated version of this command. |
-tpmandstartupkey |
Adds a TPM and startup key protector for the operating system drive. You can also use -tsk as an abbreviated version of this command. |
-tpmandpinandstartupkey |
Adds a TPM, PIN, and startup key protector for the operating system drive. You can also use -tpsk as an abbreviated version of this command. |
-password |
Adds a password key protector for the data drive. You can also use -pw as an abbreviated version of this command. |
-encryptionMethod |
Configures the encryption algorithm and key size. You can also use -em as an abbreviated version of this command. |
-skiphardwaretest |
Begins encryption without a hardware test. You can also use -s as an abbreviated version of this command. |
-discoveryvolumetype |
Specifies the file system to use for the discovery data drive. The discovery data drive is a hidden drive added to a FAT-formatted, BitLocker-protected removable data drive that contains the BitLocker To Go Reader so that Windows Vista or Windows XP operating systems can be used to view BitLocker-protected drives. |
<FileSystemType> |
Specifies which file systems can be used with discovery data drives: FAT32, default, or none. |
-computername |
Specifies that Manage-bde is being used to modify BitLocker protection on a different computer. You can also use -cn as an abbreviated version of this command. |
<Name> |
Represents the name of the computer on which to modify BitLocker protection. Accepted values include the computer's NetBIOS name and the computer's IP address. |
-? or /? |
Displays brief Help at the command prompt. |
-help or -h |
Displays complete Help at the command prompt. |
Examples
The following example illustrates using the -on command to turn on BitLocker for drive C and add a recovery password to the drive.
manage-bde –on C: -recoverypassword
The following example illustrates using the -on command to turn on BitLocker for drive C, add a recovery password to the drive, and save a recovery key to drive E.
manage-bde –on C: -recoverykey E:\ -recoverypassword
The following example illustrates using the -on command to turn on BitLocker for drive C by using an external key protector (such as a USB key) to unlock the operating system drive. This method is required if you are using BitLocker with computers that do not have a TPM.
manage-bde -on C: -startupkey E:\
The following example illustrates using the -on command to turn on BitLocker for data drive E and add a password key protector. Manage-bde will prompt you to enter the password after this command has been entered.
manage-bde –on E: -pw