Enabling BitLocker on Removable Drives (USB Flash drives, USB Hard Drives)


    There is a way to encrypt removable drives.  Prior to attempting to enable BitLocker on your removable drive you need to ensure that the drive is formatted using the NTFS file system and you have backed up the data inside in case things go wrong and you cannot unlock your drive.


    This link provides a high level overview of BitLocker: http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption


    Here is the executive version for the non-techie people: http://technet.microsoft.com/en-us/windowsvista/aa906018.aspx


    Here is a reference to BitLocker FAQ: http://technet2.microsoft.com/WindowsVista/en/library/58358421-a7f5-4c97-ab41-2bcc61a58a701033.mspx?mfr=true


    And if you’re really geeky and want to learn more about what encryption algorithm is used and why..  http://download.microsoft.com/download/0/2/3/0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/BitLockerCipher200608.pdf



  1.  BitLocker is only available on Windows Vista Ultimate and Enterprise.

  2. You can use BitLocker even if TPM is not present in your computer.


    Before you begin

    Before you start to encrypt your removable drive, you will need to think where you will store the key that will be used to unlock the drive.  If you loose this key you will loose access to the data in the drive.  To know where you want to store the key you need to know how badly do you want to protect the data inside.


    Personally, I wanted a level of security over my data so that if I loose my USB drive someone can't just plug it into a computer and get access to the data.  I am willing to sacrifice a little bit of security for the purpose of convenience.  So I have actually decided to store the keys in 2 places, one is on my laptop hard drive, the other is on my home computer hard drive and I also have a backup key in another USB drive.  This is so I can easily gain access to my USB key data on both computers and at the same time, I can also get access to the USB data on another computer by having the key on another USB drive.  I have also chosen the default 128 bit AES key because I think this is adequate for my purpose.


    To run the utility you will need to do:

  4. Open command prompt using "Run as Administrator".  Quickest way to do this is by right clicking the command prompt icon.

  5. Make sure you are in %WINDIR%\System32 directory

  6. Type the following command, this will list out the available parameters.  I have also dumped out the parameters below:

  7. cscript manage-bde.wsf


    To encrypt the removable drive:


    • Your removable drive has been assigned the drive letter R:

    • I want to have a recovery password automatically generated for me

    • I want to put my recovery key on D:\



    Command to type:

    cscript manage-bde.wsf -on R: -recoverykey d:\ -recoverypassword


    This will encrypt the removable drive and put the key file in your d:\. 


    After the encryption, you will see your recovery password generated.  Make sure you make a copy of this.  It should be in a format similar to this:  111950-074411-044704-271238-313841-511626-093401-026598


    To see the key file you will need to make sure in windows explorer you set the option to be able to view hidden and operating system files.  The file will look something like:  E181C91B-20A9-4702-87C9-33F901D38DE9.BEK


    Note that it may take some time for the encryption process to complete.  You can check the progress by typing the command below:

    cscript manage-bde.wsf -status R:


    To access your BitLocked drive:

    When you load your removable drive, you an manually type the following (if you want to use your password) - (please use your specific password)

    cscript manage-bde.wsf -unlock R: -recoverypassword 111950-074411-044704-271238-313841-511626-093401-026598


    Or you can type the following command (Please use your specific key file)

    cscript manage-bde.wsf -unlock R: -recoverykey D:\E181C91B-20A9-4702-87C9-33F901D38DE9.BEK


    If you want to make life easier for yourself, you can create a batch file with the command above in it. 


    WARNING: Again before I get flame mails, by keeping your key file in your computer and if you type in your password in the batch file you are reducing the security of your encrypted drive because if someone has access to your computer and your removable drive, they can potential decrypt it.


    Parameter Reference (just the relevant ones)

    The table below provides a list of the parent parameters and the sub-parameters for each (where applicable)


    Parent level syntax:

    manage-bde[.wsf] -parameter [arguments]





    Provides information about BitLocker-capable volumes.


    Encrypts the volume and turns BitLocker protection on.  Note that this process continues even after the script finishes executing in the command prompt.  Use the -status flag to check encryption progress.


    Decrypts the volume and turns BitLocker protection off. Note that this process continues even after the script finishes executing in the command prompt.  Use the -status flag to check decryption progress.


    Pauses encryption or decryption.


    Resumes encryption or decryption.


    Prevents access to BitLocker-encrypted data.


    Allows access to BitLocker-encrypted data.


    Manages automatic unlocking of data volumes. 

    You can enable the autounlock option for an encrypted volume if the following conditions are true:

    The encrypted volume is unlocked when you enable the autounlock option. If the volume is locked, unlock the volume, enable the autounlock option, and then lock the volume again.

    The operating system volume is encrypted. If you have not encrypted the operating system volume, you receive the following error message when you enable the autounlock option for an encrypted volume:

    An error occurred while enabling the volume for auto-unlocking. (code 0x80310020)


    Manages protection methods for the encryption key.  This parameter allows you to add, remove, enable, disable your keys or password to the encrypted drive.


    Configures the computer's Trusted Platform Module (TPM).


    Forces a BitLocker-protected OS to recover on restarts.


    Same as -ForceRecovery


    Runs on another computer. Examples: "ComputerX", ""


    Same as -ComputerName

    -? Or /?

    Displays brief help. Example: "-ParameterSet -?"

    -Help or -h

    Displays complete help. Example: "-ParameterSet -h"



    manage-bde -status [Volume]   [{-ProtectionAsErrorLevel|-p}]  [{-ComputerName|-cn} ComputerName]  [{-?|/?}] [{-Help|-h}]




    A drive letter followed by a colon. Example: "C:"



    Used in developing batch files.


        manage-bde -status

        manage-bde -status e:

        manage-bde -status e: -ProtectionAsErrorLevel



    manage-bde -on Volume

            [{-RecoveryPassword|-rp} [NumericalPassword] ]

            [{-RecoveryKey|-rk} PathToExternalKeyDirectory]

            [{-StartupKey|-sk} PathToExternalKeyDirectory]

            [{-TPMAndPIN|-tp} PIN]

            [{-TPMAndStartupKey|-tsk} PathToExternalKeyDirectory]






            [{-ComputerName|-cn} ComputerName]

            [{-?|/?}] [{-Help|-h}]





    A drive letter followed by a colon. Example: "C:"


    - rp

    Adds a Numerical Password protector.  If this option is used without additional values, the system will generate a random password.  If you want to specify your own pass key, you will need to follow the rule below:


    The password must contain exactly 48 digits, which can be divided into 8

    groups of 6 digits each. Use a hyphen (-) to separate groups of 6 digits on

    the command line.

    Each group of 6 digits in the 48-digit numerical password must be:

    1. Divisible by 11

    2. Less than 720896


    For example, "000000" is a valid group of 6 digits.

    Invalid groups include "123456", "720896", and "888888".




    Adds an External Key protector for recovery.



    Adds an External Key protector for startup.



    Adds a TPM And PIN protector for the OS volume.



    Adds a TPM And Startup Key protector for the OS volume.



    Configures the encryption algorithm and key size.  Default is  set to AES 128 with Diffuser.  If you want to know more about the encryption algorithms you can read it here: http://download.microsoft.com/download/0/2/3/0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/BitLockerCipher200608.pdf



    Begins encryption without a hardware test.


        manage-bde -on C: -RecoveryPassword

        manage-bde -on C: -RecoveryKey e:\ -RecoveryPassword

        manage-bde -on C: -rp -rk "f:\Folder" -SkipHardwareTest



    manage-bde -off Volume  [{-ComputerName|-cn} ComputerName]  [{-?|/?}] [{-Help|-h}]





    A drive letter followed by a colon. Example: "C:"



    manage-bde -unlock Volume

                        {[{-RecoveryPassword| -rp} NumericalPassword] |

                        [{-RecoveryKey|-rk} PathToExternalKeyFile]}

                        [{-ComputerName|-cn} ComputerName]

                        [{-?|/?}] [{-Help|-h}]





    A drive letter followed by a colon. Example: "C:"


    - rp

    Provide a password to unlock the volume.



    Provide an external key file to unlock the volume.


        manage-bde -unlock -?

        manage-bde -unlock e: -RecoveryPassword ...

        manage-bde -unlock e: -RecoveryKey "f:\File Folder\Filename"



    manage-bde -autounlock  Volume

                        [-enable | -disable | -ClearAllKeys] volume

                        [{-ComputerName|-cn} ComputerName]

                        [{-?|/?}] [{-Help|-h}]





    A drive letter followed by a colon. Example: "C:"


    Enables automatic unlocking for a data volume.



    Disables automatic unlocking for a data volume.


    Removes all stored external keys on the OS volume.


        managee-bde -autounlock -enable E:

        managee-bde -autounlock -disable E:

        managee-bde -autounlock -ClearAllKeys C:



    manage-bde -protectors


    manage-bde -protectors -get Volume -parameter [arguments]


    manage-bde -protectors -add Volume -parameter [arguments]


    manage-bde -protectors -delete Volume -parameter [arguments]


    manage-bde -protectors -disable Volume


    manage-bde -protectors -enable Volume





    A drive letter followed by a colon. Example: "C:"


    Displays key protection methods.  Include '-?' for parameters.


    Adds key protection methods. Include '-?' for parameters.

    The options in here is the same as when you use the -on option.


    Deletes key protection methods. Include '-?' for parameters.


    Disables protection. Allows anyone to access encrypted data by making the encryption key available unsecured on disk. No key protectors are removed.


    Enables protection by removing the unsecured encryption key from disk. All key protectors take into effect.


Comments (53)
  1. A while ago I wrote a blog post on BitLocker Drive Encryption and why I thought it wasn’t ready for prime

  2. My last post walked through the process of installing and implementing BitLocker on a Hyper-V server

  3. 出会い says:

    ヒマだょ…誰かかまってぉ…会って遊んだりできる人募集!とりあえずメール下さい☆ uau-love@docomo.ne.jp

  4. カワイイ子ほど家出してみたくなるようです。家出掲示板でそのような子と出会ってみませんか?彼女たちは夕食をおごってあげるだけでお礼にHなご奉仕をしてくれちゃったりします

  5. 右脳左脳 says:


  6. セレブラブでは性欲のある男性を募集しています。セフレパートナーを探している20代・30代の女性たちが多数登録されています。セレブと遊びたい、Hがしたいという方は無料登録からどうぞ

  7. 逆援助 says:

    セレブ達は一般の人達とは接する機会もなく、その出会う唯一の場所が「逆援助倶楽部」です。 男性はお金、女性はSEXを要求する場合が多いようです。これは女性に圧倒的な財力があるから成り立つことの出来る関係ではないでしょうか?

  8. 救援部 says:


  9. 家出 says:


  10. 当サイトは、みんなの「勝ち組負け組度」をチェックする性格診断のサイトです。ホントのあなたをズバリ分析しちゃいます!勝ち組負け組度には、期待以上の意外な結果があるかもしれません

  11. 素人 says:


  12. エロ漫画 says:


  13. 高級チェリーの夏は童貞卒業の夏です。セレブ達も童貞を卒業させたくてウズウズしながら貴方との出会いを待っています。そんなセレブ達に童貞を捧げ、貴方もハッピーライフを送ってみませんか

  14. 助けて〜! says:

    何回かメールして会える人一緒に楽しいことしょ?お給料もらったばかりだからご飯くらいならごちそうしちゃうょ♪ cha-a@docomo.ne.jp とりあえずメールくださぃ★

  15. セレブラブではココロとカラダに癒しを求めるセレブ達と会って頂ける男性を募集しています。セレブ女性が集まる当サイトではリッチな彼女たちからの謝礼を保証、安心して男性はお金、女性は体の欲求を満たしていただけます。無料登録は当サイトトップページからどうぞ

  16. SOS少女 says:


  17. 精神年齢 says:


  18. マダムと甘い時間を過ごしてみませんか?性欲を持て余しているセレブたちは出張ホストサービスで男性を探し、セックスを求めているのです。ホスト希望の方なら容姿や年齢は一切不問!ご近所の女性を探して、多額の報酬をゲットしよう

  19. 楽しく、気持ちよく絶頂を味わえることで若い女性から熟女の女性まで幅広い世代で爆発的な人気がある、スローセックス。当サイトはプレイに興味がある、あるいは試してみたいけれど相手がいない…といった方の支援サイトです。当サイトでSEXパートナーを探してみませんか

  20. 夏真っ盛り!女の子は開放的な気分で一人エッチしたくてウズウズしてるっ!!貴方は女の子のオナ○ーを見て気分を高めてあげてネ!!もちろん、お手伝いしてもオッケーだよ!!さぁ、今すぐ女の子にアクセスしよっ

  21. メル友募集 says:

    恋することって怖くないですか?最近ちょっと臆病になってて…そういうの抜きでえっちなことしたくて… lovely-i0709@docomo.ne.jp優しい人がいたらメール待ってます☆

  22. 逆円助 says:


  23. 精神年齢 says:


  24. 童貞卒業 says:


  25. 素人 says:


  26. 熟女 says:

    熟女だって性欲がある、貴方がもし人妻とSEXしてお金を稼ぎたいのなら、一度人妻ワイフをご利用ください。当サイトには全国各地からお金持ちのセレブたちが集まっています。女性から男性への報酬は、 最低15万円からと決めております。興味のある方は一度当サイト案内をご覧ください

  27. メル友募集 says:

    恥ずかしいけどやらしいことしたくてしょうがありません…誰か一緒にしてくれませんか?とりあえず連絡待ってます☆ cute.y.0902@docomo.ne.jp

  28. オナニー says:


  29. SOS娘 says:


  30. 話題の小向美奈子ストリップを盗撮!入念なボディチェックをすり抜けて超小型カメラで撮影した神動画がアップ中!期間限定配信の衝撃的映像を見逃すな

  31. 高額報酬 says:


  32. mixi says:


  33. 素人 says:


  34. メル友募集 says:

    最近してないし欲求不満です。一緒にいやらしいことしませんか?エッチには自信あるよ(笑) nyaon.chuki@docomo.ne.jp メール待ってるよ☆

  35. 家出 says:


  36. 動物占い says:


  37. 救援部 says:


  38. 家出 says:


  39. セレブ女性との割り切りお付き合いで大金を稼いでみませんか?女性に癒しと快楽、男性に謝礼とお互い満たしあえる当サイト、セレブラブはあなたの登録をお待ちしております。

  40. 夏フェス!! says:

    誰か満足させてくれる人いませんか?めんどくさいこと抜きでしよっ♪ gu-gu-m@docomo.ne.jp とりあえずメールして☆

  41. 逆円 says:


  42. 家出 says:


  43. あなたのゲーマー度を無料ゲーム感覚で測定します。15個の質問に答えるだけの簡単測定で一度遊んでみませんか?ゲームが得意な人もそうでない人もぜひどうぞ。

  44. 素人 says:


  45. 出会い系 says:


  46. 逆援助 says:


  47. 友達募集 says:

    自分のほむぺ初公開でぇす。やっと完成したのでみんなに見てもらいたくて★カキコしました。意見ある方めぇるまってまぁす。 ggg.nj@docomo.ne.jp

  48. 出会い says:


  49. 家出 says:


  50. あなたの真のH度を診断できるHチェッカー!コンパや飲み会で盛り上がること間違いなしのおもしろツールでみんなと盛り上がろう

  51. 逆円 says:


  52. Nick Danks says:

    i have locked my hard drive and its now asking for a recovery key iand i do not have one.

    can anyone help me please.


Comments are closed.

Skip to main content