Q. How do I enable BitLocker from the command line?

A. BitLocker comes with the manage-bde.wsf script, which has the same capabilites as the BitLocker GUI, including configuring, enabling, pausing, and terminating drive encryption. It can also view which volumes can be encrypted with BitLocker through the -status switch with the following command:

cscript C:windowssystem32manage-bde.wsd -status

To enable BitLocker, use the -on switch and enter the information, such as –rp, which tells BitLocker to use a numerical recovery key that you print and save, and –sk to target a specific external device to contain the key (which needs to be inserted at each reboot). If you use the command line, you can designate a floppy drive as a BDE key location, which is useful for virtual testing but not recommended in production environments. Here are the commands for using the -rp and -sk switches:

cscript C:windowssystem32manage-bde.wsf -on C: -rp -sk a: