Early December, I attented a Microsoft training on Windows 8 (22688A) in a local training center. I had the opportunity to test Bitlocker in module 11.
In the lab we were first asked to encrypt the volume E: on the first computer named Computer01A
After encrypting the volume, we had to dismount the encrypted drive from the VM Computer01A and attach it to the second computer named LON-CL2.
We had to look at the recovery key that was stored in Active Directory and use it to unlock the drive mounted on a second computer named LON-CL2
I decided to use PowerShell to unlock the drive 😛
Let’s first look at the properties of the newly attched encrypted drive. We can see that it’s locked and what “key protectors” were used to encrypt it.
Get-BitLockerVolume -MountPoint F: | fl *
Using the key stored in Active Directory, I did the following to unlock the drive:
Unlock-BitLockerVolume -MountPoint F: -RecoveryPassword "036212-568502..."
As I had some spare time during the lab, I explored other bitlocker cmdlets.
I started first to disable bitlocker on the F: drive on the computer named LON-CL2 as it was previously unlocked.
Disable-BitLockerVolume -MountPoint F:
Now, I wanted to be able to encrypt the drive and have its recovery key stored in Active Directory and I did:
Enable-Bitlocker -MountPoint F: -EncryptionMethod AES128 -UsedSpaceOnly:$true -RecoveryProtector