Batch Unlock BitLocker Drives Using Windows PowerShell

Source Code to Batch Unlock BitLocker Drives

Environment: Windows Server 2022, Windows 11, Windows 10

Devices: Physical internal hard drives, USB drives, and physical hard drives mounted on RAID cards, HBA cards, or SATA expansion cards. All drives must use the same BitLocker password.

Save the code below to a file named: MountBitLockerDisk.ps1

# Check if the script is running with administrator privileges
$adminRequired = [Security.Principal.WindowsPrincipal] [System.Security.Principal.WindowsIdentity]::GetCurrent()
$isAdmin = $adminRequired.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)

if (-not $isAdmin) {
    # If not running as Administrator, relaunch the script with administrator rights
    Start-Process powershell -ArgumentList "-NoExit", "-File", $MyInvocation.MyCommand.Path -Verb RunAs
    exit
}

# If running as Administrator, continue with your operations
Write-Host "Running with Administrator privileges"
Write-Host "`n"

while ($true) {

	$selection = Read-Host "0 = Exit , 1 = Mount , 2 = Dismount"
	Write-Host "`n"

	switch ($selection) {
		'0' {
			exit
		}

		'1' {
			# Rescan plugged PnP (Plug and Play) device on Windows
			pnputil /scan-devices
			Write-Host "`n"
			# Prompt user to input the passphrase
			$KEY = Read-Host "Enter the passphrase" -AsSecureString

			# Convert the entered passphrase to SecureString
			# $SecureString = ConvertTo-SecureString $KEY -AsPlainText -Force
			$SecureString = $KEY

			# Fetch All BitLocker Driver
			$lockedDrives = Get-BitLockerVolume | Where-Object { $_.ProtectionStatus -eq 'Unknown' }

			# Unlock All Driver
			foreach ($drive in $lockedDrives) {
				Unlock-BitLocker -MountPoint $drive.MountPoint  -Password $SecureString
				# Write-Host "Unlocked: $($drive.MountPoint)"
				Write-Host "`n"
			}
		}

		'2' {

			# Fetch All BitLocker Driver
			$unlockedDrives = Get-BitLockerVolume | Where-Object { $_.ProtectionStatus -eq 'On' }

			# Lock All Driver
			foreach ($drive in $unlockedDrives) {
				Lock-BitLocker -MountPoint $drive.MountPoint -ForceDismount
				# Write-Host "Locked: $($drive.MountPoint)"
				Write-Host "`n"
			}
		}

		default {
			exit
		}
	}
}

Save the code below to a file named: MountBitLockerDisk.bat

@echo off & cls
powershell.exe -ExecutionPolicy Bypass -File "MountBitLockerDisk.ps1"
exit

Double-click to run MountBitLockerDisk.bat, select option 1 to automatically detect the BitLocker devices mounted on your system. After entering the password, all devices will be unlocked automatically.

Windows BitLocker is a robust encryption feature designed to safeguard sensitive data by encrypting entire drives. Introduced in Windows Vista, BitLocker has become an essential tool for individuals and organizations aiming to protect data from unauthorized access, particularly in cases of lost or stolen devices.

What is BitLocker?

BitLocker is a full-disk encryption solution that uses the Advanced Encryption Standard (AES) algorithm to secure data. It encrypts the entire drive, ensuring that data cannot be accessed without proper authorization. This feature is integrated into professional and enterprise editions of Windows operating systems, including Windows 10, Windows 11, and Windows Server versions.

Key Features

1. Drive Encryption: BitLocker encrypts the entire volume, including user data and system files, offering comprehensive security.
2. Transparent Operation: Once enabled and configured, BitLocker operates seamlessly in the background without significantly affecting system performance.
3. Integration with TPM: BitLocker uses the Trusted Platform Module (TPM) chip to securely store encryption keys. This adds an additional layer of protection by verifying system integrity during startup.
4. Recovery Options: In case of lost credentials or hardware changes, BitLocker provides recovery keys, which can be stored in a Microsoft account, on external media, or printed for safekeeping.
5. Network Unlock: For enterprise environments, BitLocker can unlock drives during startup when connected to a trusted network.

How BitLocker Works

When you enable BitLocker on a drive, the encryption process begins, converting data into an unreadable format. The encryption key is securely stored in the TPM chip or protected by a password, PIN, or USB key. During system startup, BitLocker verifies the integrity of the system using the TPM. If no tampering is detected, the drive is automatically decrypted, allowing normal operation.

Benefits of BitLocker

1. Data Protection: BitLocker ensures that even if a drive is removed from a device, the data remains inaccessible without the encryption key.
2. Compliance: Organizations can meet regulatory requirements for data protection by enabling BitLocker.
3. Ease of Use: BitLocker integrates seamlessly with Windows, offering a user-friendly interface and minimal setup complexity.
4. Supports External Drives: BitLocker To Go extends encryption to USB drives and external storage devices.

Limitations

Despite its benefits, BitLocker has some limitations. It is only available in professional and enterprise editions of Windows, excluding home users. Additionally, while encryption provides strong protection, it cannot prevent data breaches caused by malware or insider threats.

Use Cases

• Personal Devices: BitLocker protects personal laptops and desktops, ensuring data security in case of theft or loss.
• Enterprise Deployment: Organizations use BitLocker to secure sensitive business data and comply with data protection laws.
• Mobile Workforce: For employees working remotely, BitLocker secures data on portable devices.