Add BitLockerKeyProtector - PowerShell


Add-BitLockerKeyProtector adds a new key protector to an existing BitLocker-protected volume. This is useful for distributing access to the volume to multiple users or for creating backups of the recovery key.


Add-BitLockerKeyProtector -MountPoint <string> -KeyProtector <string> [[-KeyCredential <PSCredential>]]


  • -MountPoint: Specifies the path to the BitLocker-protected volume to which you want to add the key protector.
  • -KeyProtector: Specifies the new key protector to add. This can be a password, a certificate, a file, or a storage module.
  • -KeyCredential: (Optional) Specifies the credentials to use if the key protector is a password-protected file or storage module.


Example 1: Add a password as a key protector

Add-BitLockerKeyProtector -MountPoint "C:" -KeyProtector "MyPassword"

Example 2: Add a certificate as a key protector

Add-BitLockerKeyProtector -MountPoint "C:" -KeyProtector (Get-Certificate -Thumbprint "1234567890ABCDEF")

Example 3: Add a file as a key protector

Add-BitLockerKeyProtector -MountPoint "C:" -KeyProtector "C:\MyRecoveryKey.txt" -KeyCredential (Get-Credential)

Common Issues

  • Ensure that the volume is BitLocker-protected before attempting to add a key protector.
  • Make sure that the key protector you are adding is valid and has not already been used on the volume.
  • If you are adding a file as a key protector, ensure that the file is accessible and not corrupted.


Add-BitLockerKeyProtector can be combined with other PowerShell commands to create a variety of automated BitLocker management tasks. For example, you can use the following script to add a password as a key protector to all BitLocker-protected volumes on a computer:

Get-Volume | Where-Object {$_.BitLockerVolumeType -ne "None"} | Add-BitLockerKeyProtector -KeyProtector "MyPassword"