Remove BitLockerKeyProtector - PowerShell
Overview
The Remove-BitLockerKeyProtector command removes a key protector from a BitLocker-protected drive or volume. This key protector could be a password, PIN, or recovery key. Removing a key protector makes it more difficult for unauthorized users to access the contents of the protected drive or volume.
Syntax
Remove-BitLockerKeyProtector -MountPoint <string> -KeyProtector <string | KeyProtectorObject> -RemoveKeyProtectorOnly -Confirm:$true -WhatIf:$true
Options/Flags
-MountPoint
Specifies the mount point of the BitLocker-protected drive or volume from which to remove the key protector.
-KeyProtector
Specifies the key protector to remove. This can be either the key protector ID or the actual key protector object.
-RemoveKeyProtectorOnly
By default, the command removes the key protector and also revokes its use. This flag allows removing the key protector without revoking its use.
-Confirm:$true
Prompts for confirmation before executing the command.
-WhatIf:$true
Shows what would happen if the command were executed without actually executing it.
Examples
Removing a Password Key Protector
Remove-BitLockerKeyProtector -MountPoint C: -KeyProtector Password
Removing a PIN Key Protector
Remove-BitLockerKeyProtector -MountPoint C: -KeyProtector PIN
Removing a Recovery Key Key Protector
Remove-BitLockerKeyProtector -MountPoint C: -KeyProtector RecoveryKey
Common Issues
Error: The key protector is not present on the drive
This error can occur if the specified key protector is not actually present on the drive. Verify that the correct key protector is specified.
Error: The key protector is in use and cannot be removed
This error can occur if the specified key protector is currently in use by the system. Remove the key protector from use before trying to remove it.
Integration
The Remove-BitLockerKeyProtector command can be combined with other PowerShell commands to perform more complex tasks. For example, the following script removes all key protectors from a BitLocker-protected drive:
Get-BitLockerKeyProtector -MountPoint C: | Remove-BitLockerKeyProtector