BitLocker is a Windows feature that provides encryption for data stored on a computer. It is used to protect data from unauthorized access and to ensure that only authorized users can access the data. The Add-BitLockerKeyProtector cmdlet is used to add a key protector to a volume that is encrypted with BitLocker. This cmdlet can be used to add a recovery password, a startup key, or a TPM (Trusted Platform Module) protector.
Introduction to Add-BitLockerKeyProtector
The Add-BitLockerKeyProtector cmdlet is used to add a key protector to a volume that is encrypted with BitLocker. This cmdlet can be used to add a recovery password, a startup key, or a TPM (Trusted Platform Module) protector. The key protector is used to unlock the encrypted volume and is required for the system to boot. The Add-BitLockerKeyProtector cmdlet is part of the BitLocker PowerShell module, which is included in Windows 10 and Windows Server 2016.
Syntax of Add-BitLockerKeyProtector
The syntax of the Add-BitLockerKeyProtector cmdlet is as follows:
Add-BitLockerKeyProtector -MountPoint
Parameters of Add-BitLockerKeyProtector
The parameters of the Add-BitLockerKeyProtector cmdlet are as follows:
| Parameter | Description |
|---|---|
| MountPoint | Specifies the mount point of the volume to which the key protector will be added. |
| KeyProtector | Specifies the type of key protector to add. This parameter can be used to add a recovery password, a startup key, or a TPM protector. |
| Force | Specifies that the cmdlet should proceed without prompting for confirmation. |
| WhatIf | Specifies that the cmdlet should simulate the actions that it would take on the system, but should not actually make any changes. |
| Confirm | Specifies that the cmdlet should prompt for confirmation before making any changes. |
Inputs for Add-BitLockerKeyProtector
The Add-BitLockerKeyProtector cmdlet requires the following inputs:
- MountPoint: The mount point of the volume to which the key protector will be added.
- KeyProtector: The type of key protector to add. This parameter can be used to add a recovery password, a startup key, or a TPM protector.
Outputs of Add-BitLockerKeyProtector
The Add-BitLockerKeyProtector cmdlet does not produce any output.
Examples of Add-BitLockerKeyProtector
The following examples show how to use the Add-BitLockerKeyProtector cmdlet:
To add a recovery password key protector to the C: drive, use the following command:
Add-BitLockerKeyProtector -MountPoint C: -KeyProtector RecoveryPassword
To add a TPM protector to the D: drive, use the following command:
Add-BitLockerKeyProtector -MountPoint D: -KeyProtector TPM
Tips for Using Add-BitLockerKeyProtector
When using the Add-BitLockerKeyProtector cmdlet, keep the following tips in mind:
- The MountPoint parameter must specify the mount point of the volume to which the key protector will be added.
- The KeyProtector parameter must specify the type of key protector to add. This parameter can be used to add a recovery password, a startup key, or a TPM protector.
- The Force parameter can be used to proceed without prompting for confirmation.
- The WhatIf parameter can be used to simulate the actions that the cmdlet would take on the system, but without actually making any changes.
- The Confirm parameter can be used to prompt for confirmation before making any changes.
Conclusion
The Add-BitLockerKeyProtector cmdlet is used to add a key protector to a volume that is encrypted with BitLocker. This cmdlet can be used to add a recovery password, a startup key, or a TPM (Trusted Platform Module) protector. The key protector is used to unlock the encrypted volume and is required for the system to boot. The Add-BitLockerKeyProtector cmdlet is part of the BitLocker PowerShell module, which is included in Windows 10 and Windows Server 2016.