Unlock-BitLockerVolume

Windows: Unlocks a BitLocker-encrypted volume

Script

#Requires -Version 5.1
#Requires -Modules BitLocker

[CmdletBinding()]
Param (
    [Parameter(Mandatory = $true)]
    [string]$MountPoint,

    [Parameter(ParameterSetName = 'Password')]
    [securestring]$Password,

    [Parameter(ParameterSetName = 'RecoveryPassword')]
    [securestring]$RecoveryPassword,

    [Parameter(ParameterSetName = 'RecoveryKey')]
    [string]$RecoveryKeyPath,

    [string]$ComputerName = $env:COMPUTERNAME,

    [pscredential]$Credential
)

Process {
    try {
        $scriptBlock = {
            Param($Drive, $Pass, $RecPass, $KeyPath, $SetName)
            $params = @{
                'MountPoint'  = $Drive
                'Confirm'      = $false
                'ErrorAction'  = 'Stop'
            }
            if ($SetName -eq 'Password') {
                $params.Add('Password', $Pass)
            }
            elseif ($SetName -eq 'RecoveryPassword') {
                $plainRecPass = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($RecPass))
                $params.Add('RecoveryPassword', $plainRecPass)
            }
            elseif ($SetName -eq 'RecoveryKey') {
                $params.Add('RecoveryKeyPath', $KeyPath)
            }

            Unlock-BitLocker @params
            Get-BitLockerVolume -MountPoint $Drive | Select-Object MountPoint, VolumeStatus, ProtectionStatus
        }

        if ($ComputerName -ne $env:COMPUTERNAME) {
            $invokeParams = @{
                'ComputerName' = $ComputerName
                'ScriptBlock'  = $scriptBlock
                'ArgumentList' = @($MountPoint, $Password, $RecoveryPassword, $RecoveryKeyPath, $PSCmdlet.ParameterSetName)
                'ErrorAction'  = 'Stop'
            }
            if ($null -ne $Credential) {
                $invokeParams.Add('Credential', $Credential)
            }

            $result = Invoke-Command @invokeParams
        }
        else {
            $result = &$scriptBlock -Drive $MountPoint -Pass $Password -RecPass $RecoveryPassword -KeyPath $RecoveryKeyPath -SetName $PSCmdlet.ParameterSetName
        }

        $output = [PSCustomObject]@{
            MountPoint       = $result.MountPoint
            VolumeStatus     = $result.VolumeStatus
            ProtectionStatus = $result.ProtectionStatus
            ComputerName     = $ComputerName
            Action           = "VolumeUnlocked"
            Timestamp        = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
        }

        Write-Output $output
    }
    catch {
        throw
    }
}

Customize

MountPoint string

Specifies the drive letter or mount point (e.g., "D:").

Password securestring

Specifies a secure string used as the volume password.

RecoveryPassword securestring

Specifies the 48-digit recovery password as a string.

RecoveryKeyPath string

Specifies the path to a recovery key file (.bek).

ComputerName string

Specifies the name of the target computer. Defaults to the local computer.

env string

Credential pscredential

Specifies a PSCredential object for remote connection.