deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 13:53:39 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into sec-landing-page

Browse Source
This commit is contained in:
Justin Hall
2018-02-07 14:21:06 -08:00
parent 479c74d3f6 7eb3f6d3ef
commit 722c708bc7
52 changed files with 1461 additions and 224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
View File

@ -17,14 +17,7 @@ ms.date: 04/19/2017
This topic for the IT professional explains how BitLocker features can be used to protect your data through drive encryption.
The following sections provide information that will help you put together your basic deployment plan for implementing BitLocker in your organization:
- [Using BitLocker to encrypt volumes](#bkmk-dep1)
- [Down-level compatibility](#bkmk-dep2)
- [Using manage-bde to encrypt volumes with BitLocker](#bkmk-dep3)
- [Using PowerShell to encrypt volumes with BitLocker](#bkmk-dep4)
## <a href="" id="bkmk-dep1"></a>Using BitLocker to encrypt volumes
## Using BitLocker to encrypt volumes
BitLocker provides full volume encryption (FVE) for operating system volumes, as well as fixed and removable data volumes. To support fully encrypted operating system volumes, BitLocker uses an unencrypted system volume for the files required to boot, decrypt, and load the operating system. This volume is automatically created during a new installation of both client and server operating systems.
@ -182,8 +175,9 @@ Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Window
</tr>
</tbody>
</table>
 
### Encrypting volumes using the manage-bde command line interface
## <a href="" id="bkmk-dep3"></a>Encrypting volumes using the manage-bde command line interface
Manage-bde is a command-line utility that can be used for scripting BitLocker operations. Manage-bde offers additional options not displayed in the BitLocker control panel. For a complete list of the options, see [Manage-bde](http://technet.microsoft.com/library/ff829849.aspx).
Manage-bde offers a multitude of wider options for configuring BitLocker. This means that using the command syntax may require care and possibly later customization by the user. For example, using just the `manage-bde -on` command on a data volume will fully encrypt the volume without any authenticating protectors. A volume encrypted in this manner still requires user interaction to turn on BitLocker protection, even though the command successfully completed because an authentication method needs to be added to the volume for it to be fully protected.
@ -240,9 +234,8 @@ A common protector for a data volume is the password protector. In the example b
manage-bde -protectors -add -pw C:
manage-bde -on C:
```
## <a href="" id="bkmk-dep3"></a>Using manage-bde to encrypt volumes with BitLocker
### Encrypting volumes using the BitLocker Windows PowerShell cmdlets
## <a href="" id="bkmk-dep4"></a>Encrypting volumes using the BitLocker Windows PowerShell cmdlets
Windows PowerShell cmdlets provide an alternative way to work with BitLocker. Using Windows PowerShell's scripting capabilities, administrators can integrate BitLocker options into existing scripts with ease. The list below displays the available BitLocker cmdlets.
<table>
@ -442,9 +435,7 @@ Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup "<SID>
```
> **Note:**  Active Directory-based protectors are normally used to unlock Failover Cluster enabled volumes.
 
## <a href="" id="bkmk-dep4"></a>Using PowerShell to encrypt volumes with BitLocker
### Checking BitLocker status
## <a href="" id="bkmk-dep5"></a> Checking BitLocker status
To check the BitLocker status of a particular volume, administrators can look at the status of the drive in the BitLocker control panel applet, Windows Explorer, manage-bde command line tool, or Windows PowerShell cmdlets. Each option offers different levels of detail and ease of use. We will look at each of the available methods in the following section.

7
windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
View File

@ -100,15 +100,16 @@ Before you create a thorough BitLocker recovery process, we recommend that you t
1. Click the **Start** button, type **cmd** in the **Start Search** box, right-click **cmd.exe**, and then click **Run as administrator**.
2. At the command prompt, type the following command and then press ENTER:
`manage-bde -forcerecovery <Volume>`
`manage-bde -forcerecovery <BitLockerVolume>`
**To force recovery for a remote computer**
1. On the Start screen, type **cmd.exe**, and then click **Run as administrator**.
2. At the command prompt, type the following command and then press ENTER:
`manage-bde. -ComputerName <ComputerName> -forcerecovery <Volume>`
`manage-bde. -ComputerName <RemoteComputerName> -forcerecovery <BitLockerVolume>`
> **Note:**  *ComputerName* represents the name of the remote computer. *Volume* represents the volume on the remote computer that is protected with BitLocker.
> **Note:**  Recovery triggered by `-forcerecovery` persists for multiple restarts until a TPM protector is added or protection is suspended by the user.
 
## <a href="" id="bkmk-planningrecovery"></a>Planning your recovery process