Link to home
Start Free TrialLog in
Avatar of awgit
awgit

asked on

Command Line to disable BitLocker Startup Pin

Using the command line to manage two features in BitLocker.

1. Enable startup pin once the volume is already encrypted.
2. Disable the pin that is enabled in #1

I have sucessfully performed step 1 by using the following:
cscript %systemroot%\system32\manage-bde.wsf -protectors -add %systemdrive% -tpmandpin 1234

When I try to remove it with the following...
cscript %systemroot%\system32\manage-bde.wsf -protectors -delete C: -Type TPMAndPin

I get the BitLocker recovery when I start the PC. Apparently I am not removing it correctly.... any ideas?
ASKER CERTIFIED SOLUTION
Avatar of Member_2_2473503
Member_2_2473503
Flag of Philippines image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of awgit
awgit

ASKER

Oh, yes I understand where i have TPMAndPin - I'll see if I can do just Pin and remove that part only.

thanks
Avatar of Member_2_2473503
Member_2_2473503
Flag of Philippines image
That I am not sure of, but you can try to find out.

Unfortunately my laptop does not support TPM so when I do bitlocker I have to store my decrypt key on a thumb drive.  And while I like that as I feel it makes it more secure (just don't leave the thumb drive with the laptop) it has prevented me from getting experience with the TPM system.

eb
Avatar of amaiman
amaiman
Flag of United States of America image
After you delete the TPMandPIN data: cscript %systemroot%\system32\manage-bde.wsf -protectors -delete C: -Type TPMAndPin

You can then re-enable "just TPM' support without a PIN with the following:
cscript %systemroot%\system32\manage-bde.wsf -protectors -add %systemdrive% -tpm
Avatar of daanstam
daanstam
It is faster to disable Bitlocker:
Disable:
cscript manage-bde.wsf -protectors -disable c:

Or try to show the pin: