Using ATI/ACPHO with update Bitlocker implementation
A few days ago on a empty partition I decided to apply Bitlocker to it. A message popped up saying that a new version of Bitlocker would be used that was only supported by recent builds of Windows 10 and Windows 11. One consequence of using the new version is that to access partitions/files backed up with Bitlocker, requires the Bitlocker encryption password. This means that they backup task would require a pre-command to "unlock" the drive/folders so that the backup can proceed. Has anyone done this successfully?
Just did a quick search an apparently there is a way of auto-unlocking the protected drives in the Bitlocker settings, which I will have a look at; it is also possible to unlock using the command line (must be logged in as Administrator). Cannot check at the moment as the PC on which I used bitlocker is currently off and too late in the day to boot it up.
Ian


- Log in to post comments

Given my usage I would prefer to have the lock in place except when I want to update the files on the partition (occurs infrequently) or do a backup. The script will be most useful.
Ian
- Log in to post comments

Ian, I created the following Powershell script when I was playing with BitLocker a couple of years back where the script is able to find a locked drive / partition and unlock it after prompting the user for the password.
# Powershell script to unlock BitLocker encrypted drive: UnlockBL.ps1 Write-Host "-------------------------------------------------------------------" Write-Host "-------------- Enter the password for BitLocker -------------------" $pass = Read-Host 'Enter Bitlocker Password!' -AsSecureString Write-Host "-------------------------------------------------------------------" $unlckDrive = (Get-BitLockerVolume | where {$_.CapacityGB -eq 0}).mountpoint Write-Host "BitLocker volume found at $unlckDrive" Unlock-BitLocker -MountPoint $unlckDrive -Password $pass
I wrote this to use when booted from WinPE media with Powershell support injected but it will work just as well in Windows.
If you prefer to just use a BAT file then you can use one of the following commands:
rem Unlock BitLocker protected drive from WinPE rem manage-bde -unlock d: -rk BitLockerRecoveryKey.txt manage-bde -unlock d: -pw YourPasswordHere rem manage-bde -unlock d: -rp 163372-470437-657657-602624-202235-565554-676148-312488
As you can see from above, there are various password option / switches:
-rk expects a recovery key text file
-rp expects the recovery key (from the key text file)
-pw expects the actual plain text password
When using a BAT file you need to provide the drive letter, i.e. d: in my example. The PS script will find the correct drive letter as this could have changed when using boot media.
- Log in to post comments