Bitlocker脚本解锁驱动器

Question

What I am trying to achieve is to create a very small script to unlock my bitlocker drive, using the password, not the recovery password.

There is a Microsoft command for that, which is:

manage-bde -unlock D: -password

where D is my bit locker drive. If I run this command line it will ask me for the password, and then the drive is properly unlocked.

At first I thought about creating a variable to ask for the password to the user, and then use this variable in the above command line, so that the script would look like:

set /p pass= what is your pass
manage-bde -unlock D: -password %pass%

The problem is that -password does not seem to accept any argument, would it be the variable, or the password in clear, it will fail. So, the only way to make it work seems to be an automatic reply to the prompt for the password, with the data in the variable. But I don't know how to do that. I assume there is an extra command line to add after the manage-dbe ...

My programming skills are quite weak, so any help would be appreciated.

Answer 1

Kind of late to the party but as mentioned here you can easily do this with only a couple of lines, if you don't have any problem using PowerShell:

PS C:\> $SecureString = ConvertTo-SecureString "fjuksAS1337" -AsPlainText -Force
PS C:\> Unlock-BitLocker -MountPoint "E:" -Password $SecureString

Answer 2

Late reply, I know--sorry. But for anyone who wants to do this, no , you do NOT have to use the recovery password. Hard-coding the recovery password like that defeats the entire purpose of using Bitlocker.

I put together a very simple script that works. It does require Administrator privileges (which I will not expound on). There is a way around that using Task Scheduler (schtasks.exe), but I don't feel like getting into that here.

The script assumes you know which letters you have assigned to Bitlocker volumes. You can make this script a lot fancier by validating the letter entered, and so on.

Save the code to a file with the .CMD file extension, preferably to a directory in your system or user path. To invoke the script, simply enter [script name] [Bitlocker volume letter] . For example, unlock x . Don't include a trailing semicolon.

Remember, it requires elevation !

@echo off & cls

set Volume=%1:

echo.

manage-bde.exe -unlock -password %Volume%

echo. & pause & echo.

:: End of script

Answer 3

Along with Unlock-BitLocker You could as well prompt for a secure string, rather than putting it in the script:

$key = Read-Host 'Enter Bitlocker Password!' -AsSecureString

Unlock-Bitlocker -MountPoint "Y:" -Password $key
Unlock-Bitlocker -MountPoint "Z:" -Password $key

Answer 4

Just make a batch file that looks file below, and add it to your start-up folder. Drive gets unlocked automatically each boot.

Remarks:

• you have to use the recovery key, and not the password.
• i use this script because my C drive is encrypted with Safeboot (not bitlocker) and a second internal harddrive is protected with bitlocker.
• There's always a risk using this kind of data in a script, even though it's not the real password, and just the recovery key!

cscript C:\\Windows\\System32\\manage-bde.wsf -unlock d: -recoverypassword 215270-XXXXXX-345807-005038-278652-077022-634964-379346

Answer 5

Go to Control Panel -> Manage Bitlocker and unlock your D drive using your password.

Back up your recorvery key to a file. Get the Recovery Key (Ex: 240536-642752-211409-491690-520026-693407-016863-529159) saved in that file.

use the following command to automate the process: manage-bde -unlock D: -recoverypassword 240536-642752-211409-491690-520026-693407-016863-529159

Answer 6

MSFT has probably changed somethings. Here is a code fragment that works for encrypted drives and provides mount point for later use (eg- F: or X:)

$pass = Read-Host "Password for $devVHD" -AsSecureString
mount-diskimage -ImagePath $devVHD
$unlckDrive = (Get-BitLockerVolume | where {$_.CapacityGB -eq 0}).mountpoint
Unlock-BitLocker -MountPoint $unlckDrive -Password $pass    

Answer 7

Just write this in Notepad and save it as .bat file.

You can then set up new task in the Task Scheduler to run the script on startup. Don't forget to check the task to be Run as Administrator :

@echo off
manage-bde D: -unlock -recoverypassword XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX
pause

Answer 8

use -recoverypassword switch and write your recovery pwd, it works for me ;)

EDIT: manage-bde -unlock D: -recoverypassword manage-bde -unlock D: -recoverypassword XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX