Remove BitLockerKeyProtector - PowerShell


The Remove-BitLockerKeyProtector command removes a key protector from a BitLocker-protected drive or volume. This key protector could be a password, PIN, or recovery key. Removing a key protector makes it more difficult for unauthorized users to access the contents of the protected drive or volume.


Remove-BitLockerKeyProtector -MountPoint <string> -KeyProtector <string | KeyProtectorObject> -RemoveKeyProtectorOnly -Confirm:$true -WhatIf:$true



Specifies the mount point of the BitLocker-protected drive or volume from which to remove the key protector.


Specifies the key protector to remove. This can be either the key protector ID or the actual key protector object.


By default, the command removes the key protector and also revokes its use. This flag allows removing the key protector without revoking its use.


Prompts for confirmation before executing the command.


Shows what would happen if the command were executed without actually executing it.


Removing a Password Key Protector

Remove-BitLockerKeyProtector -MountPoint C: -KeyProtector Password

Removing a PIN Key Protector

Remove-BitLockerKeyProtector -MountPoint C: -KeyProtector PIN

Removing a Recovery Key Key Protector

Remove-BitLockerKeyProtector -MountPoint C: -KeyProtector RecoveryKey

Common Issues

Error: The key protector is not present on the drive

This error can occur if the specified key protector is not actually present on the drive. Verify that the correct key protector is specified.

Error: The key protector is in use and cannot be removed

This error can occur if the specified key protector is currently in use by the system. Remove the key protector from use before trying to remove it.


The Remove-BitLockerKeyProtector command can be combined with other PowerShell commands to perform more complex tasks. For example, the following script removes all key protectors from a BitLocker-protected drive:

Get-BitLockerKeyProtector -MountPoint C: | Remove-BitLockerKeyProtector