< Back
Remove-BitLockerKeyProtector
Post
NAME Remove-BitLockerKeyProtector
SYNOPSIS
Removes a key protector for a BitLocker volume.
SYNTAX
Remove-BitLockerKeyProtector [-MountPoint] <String[]> [-KeyProtectorId] <String> [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The Remove-BitLockerKeyProtector cmdlet removes a key protector for a volume protected by BitLocker Drive Encryption.
You can specify a key protector to remove by using an ID. To add a protector, use the Add-BitLockerKeyProtector cmdlet.
If you remove all the key protectors for a BitLocker volume, BitLocker stores the data encryption key for the volume without using encryption.
This means that any user that can access the volume can read the encrypted data on the volume unless you add a key protector. Any encrypted data
on the drive remains encrypted.
We recommend you have at least one recovery password as key protector to a volume in case you need to recover a system.
For an overview of BitLocker, see BitLocker Drive Encryption Overview (http://technet.microsoft.com/en-us/libr ... 32774.aspx) on TechNet.
PARAMETERS
-KeyProtectorId <String>
Specifies the ID for a key protector or a KeyProtector object. A BitLocker volume object includes a KeyProtector object. You can specify the
key protector object itself, or you can specify the ID. See the Examples section. To obtain a BitLocker volume object, use the
Get-BitLockerVolume cmdlet.
Required? true
Position? 2
Default value
Accept pipeline input? True (ByValue, ByPropertyName)
Accept wildcard characters? false
-MountPoint <String[]>
Specifies an array of drive letters or BitLocker volume objects. The cmdlet removes key protectors for the volumes specified. To obtain a
BitLocker volume object, use the Get-BitLockerVolume cmdlet.
Required? true
Position? 1
Default value
Accept pipeline input? True (ByValue, ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
BitLockerVolume[], String[]
OUTPUTS
BitLockerVolume[]
Example 1: Remove a key protector for a volume
PS C:\\> $BLV = Get-BitLockerVolume -MountPoint "C:"
Remove-BitlockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[1]
This example removes a key protector for a specified BitLocker volume.
The first command uses Get-BitLockerVolume to obtain a BitLocker volume and store it in the $BLV variable.
The second command removes the key protector for the BitLocker volume specified by the MountPoint parameter. The command specifies the key
protector by using its ID, contained in the BitLocker object stored in $BLV.
RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/?linkid=287656
Add-BitLockerKeyProtector
Backup-BitLockerKeyProtector
Get-BitLockerVolume
SYNOPSIS
Removes a key protector for a BitLocker volume.
SYNTAX
Remove-BitLockerKeyProtector [-MountPoint] <String[]> [-KeyProtectorId] <String> [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The Remove-BitLockerKeyProtector cmdlet removes a key protector for a volume protected by BitLocker Drive Encryption.
You can specify a key protector to remove by using an ID. To add a protector, use the Add-BitLockerKeyProtector cmdlet.
If you remove all the key protectors for a BitLocker volume, BitLocker stores the data encryption key for the volume without using encryption.
This means that any user that can access the volume can read the encrypted data on the volume unless you add a key protector. Any encrypted data
on the drive remains encrypted.
We recommend you have at least one recovery password as key protector to a volume in case you need to recover a system.
For an overview of BitLocker, see BitLocker Drive Encryption Overview (http://technet.microsoft.com/en-us/libr ... 32774.aspx) on TechNet.
PARAMETERS
-KeyProtectorId <String>
Specifies the ID for a key protector or a KeyProtector object. A BitLocker volume object includes a KeyProtector object. You can specify the
key protector object itself, or you can specify the ID. See the Examples section. To obtain a BitLocker volume object, use the
Get-BitLockerVolume cmdlet.
Required? true
Position? 2
Default value
Accept pipeline input? True (ByValue, ByPropertyName)
Accept wildcard characters? false
-MountPoint <String[]>
Specifies an array of drive letters or BitLocker volume objects. The cmdlet removes key protectors for the volumes specified. To obtain a
BitLocker volume object, use the Get-BitLockerVolume cmdlet.
Required? true
Position? 1
Default value
Accept pipeline input? True (ByValue, ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
BitLockerVolume[], String[]
OUTPUTS
BitLockerVolume[]
Example 1: Remove a key protector for a volume
PS C:\\> $BLV = Get-BitLockerVolume -MountPoint "C:"
Remove-BitlockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[1]
This example removes a key protector for a specified BitLocker volume.
The first command uses Get-BitLockerVolume to obtain a BitLocker volume and store it in the $BLV variable.
The second command removes the key protector for the BitLocker volume specified by the MountPoint parameter. The command specifies the key
protector by using its ID, contained in the BitLocker object stored in $BLV.
RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/?linkid=287656
Add-BitLockerKeyProtector
Backup-BitLockerKeyProtector
Get-BitLockerVolume