Add BitLockerKeyProtector - PowerShell

Overview

Add-BitLockerKeyProtector adds a new key protector to an existing BitLocker-protected volume. This is useful for distributing access to the volume to multiple users or for creating backups of the recovery key.

Syntax

Add-BitLockerKeyProtector -MountPoint <string> -KeyProtector <string> [[-KeyCredential <PSCredential>]]

Options/Flags

• -MountPoint: Specifies the path to the BitLocker-protected volume to which you want to add the key protector.
• -KeyProtector: Specifies the new key protector to add. This can be a password, a certificate, a file, or a storage module.
• -KeyCredential: (Optional) Specifies the credentials to use if the key protector is a password-protected file or storage module.

Examples

Example 1: Add a password as a key protector

Add-BitLockerKeyProtector -MountPoint "C:" -KeyProtector "MyPassword"

Example 2: Add a certificate as a key protector

Add-BitLockerKeyProtector -MountPoint "C:" -KeyProtector (Get-Certificate -Thumbprint "1234567890ABCDEF")

Example 3: Add a file as a key protector

Add-BitLockerKeyProtector -MountPoint "C:" -KeyProtector "C:\MyRecoveryKey.txt" -KeyCredential (Get-Credential)

Common Issues

• Ensure that the volume is BitLocker-protected before attempting to add a key protector.
• Make sure that the key protector you are adding is valid and has not already been used on the volume.
• If you are adding a file as a key protector, ensure that the file is accessible and not corrupted.

Integration

Add-BitLockerKeyProtector can be combined with other PowerShell commands to create a variety of automated BitLocker management tasks. For example, you can use the following script to add a password as a key protector to all BitLocker-protected volumes on a computer:

Get-Volume | Where-Object {$_.BitLockerVolumeType -ne "None"} | Add-BitLockerKeyProtector -KeyProtector "MyPassword"

Related Commands

• Enable-BitLocker
• Disable-BitLocker
• Get-BitLockerVolume