Windows BitLocker CLI cheat sheet

This post is just a simple cheat sheet for using BitLocker on a Windows Computer.
Turn Bitlocker ON or OFF and set a pre-boot PIN code.

Start cmd with elevated permissions to run the manage-bde command.

Turn on encryption and create a recovery password:
manage-bde –on C: -recoverypassword
Store the recovery password on a safe place to prevent data loss and reboot the computer.

Check encryption status of the disks:
manage-bde –status

Ask PIN code before booting Windows
To be asked for a PIN before booting Windows we have to do more than the manage-bde command.
Start:
gpedit.msc
Go to:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
Edit:
Require Additional Authentication at Startup
Set (see image below):
Require Startup PIN With TPM
After that:
manage-bde -protectors -add c: -TPMAndPIN
And enter the desired PIN code.

That's it!

Turn off encryption on disk C:
manage-bde –off C:

The gpedit.msc setting:

Sources:

• https://technet.microsoft.com/nl-nl/library/ff829873(v=ws.11).aspx
• https://www.howtogeek.com/262720/how-to-enable-a-pre-boot-bitlocker-pin-on-windows/