manage-bde -on Volume {-RecoveryPassword|-rp} NumericalPassword {-RecoveryKey|-rk} PathToExternalKeyDirectory {-StartupKey|-sk} ...

Windows 7

manage-bde -on Volume
        [{-RecoveryPassword|-rp} [NumericalPassword] ]
        [{-RecoveryKey|-rk} PathToExternalKeyDirectory]
        [{-StartupKey|-sk} PathToExternalKeyDirectory]
        [{-Certificate|-cert} {-cf PathToCertificateFile|
                               -ct CertificateThumbprint}]
        [{-TPMAndPIN|-tp}]
        [{-TPMAndStartupKey|-tsk} PathToExternalKeyDirectory]
        [{-TPMAndPINAndStartupKey|-tpsk} -tsk
            PathToExternalKeyDirectory]
        [{-Password|-pw}]
        [{-EncryptionMethod|-em}
            {aes128_diffuser|
             aes256_diffuser|
             aes128|
             aes256}]
        [{-SkipHardwareTest|-s}]
        [{-DiscoveryVolumeType|-dv} {FAT32|[none]|[default]}]
        [{-ComputerName|-cn} ComputerName]
        [{-?|/?}] [{-Help|-h}]

Description:
    Encrypts the volume and turns BitLocker protection on. Use parameters to
    add key protectors for the encryption key. These protectors unlock access
    to BitLocker-encrypted data. Automatically adds a TPM protector to the OS
    volume if your computer has a supported TPM. For the OS volume, encryption
    begins on the next restart, after a hardware test.

Parameter List:
    Volume      Required. A drive letter followed by a colon. Example: "C:"
    -RecoveryPassword or -rp
                Adds a Numerical Password protector. Required to begin
                encryption if one has not already been added. Leave the
                argument blank to generate a random numerical password
                (recommended). These passwords have special format
                requirements. Provide any argument such as "?" to read the
                requirements.
    -RecoveryKey or -rk
                Adds an External Key protector for recovery. Optional. Provide
                the absolute directory path where the file containing the
                randomly-generated external key will be saved. Example: "E:"
    -StartupKey or -sk
                Adds an External Key protector for startup. Required if the
                computer does not have a supported TPM and one has not already
                been added. To use a startup key, the saved external key file
                must be located on the root directory of a USB flash drive.
                Since both the -RecoveryKey and -StartupKey parameters produce
                External Key protectors, the saved files can be used
                interchangeably.
    -Certificate or -cert
                Adds a public key protector for the data volume. The user's
                certificate store is queried for a valid BitLocker
                certificate. If exactly one certificate is found, the
                certificate is used as the BitLocker encryption certificate.
                If two or more certificates are found the operation will fail
                and the thumbprint of a valid BitLocker certificate should be
                specified. Optional. Provide the location of a valid
                certificate file or provide the certificate thumbprint of a
                valid BitLocker certificate that will be present locally in
                the certificate store.
    -TPMAndPIN or -tp
                Adds a TPM And PIN protector for the OS volume. Optional.
                You will be prompted for a 4-20 digit numeric PIN that must be
                typed each time the computer starts. Since TPM-only protection
                overrides this protector, any TPM protector on the computer is
                removed and replaced.
    -TPMAndStartupKey or -tsk
                Adds a TPM And Startup Key protector for the OS volume.
                Optional. To use a startup key, the saved file must be located
                on the root directory of a USB flash drive. Since TPM-only
                protection overrides this protector, any TPM protector on the
                computer is removed and replaced.
    -TPMAndPINAndStartupKey or -tpsk
                Adds a TPM And PIN And Startup Key protector for the OS volume.
                TPM-only, TPM And PIN, and TPM And Startup Key protectors on
                the volume are removed.
    -Password or -pw
                Adds a password key protector for the data volume. Optional.
                You will be prompted for a password to turn on BitLocker on
                the device.
    -EncryptionMethod or -em
                Configures the encryption algorithm and key size used for an
                unencrypted volume. Choose between AES 128 bit with Diffuser
                ("aes128_diffuser"), AES 256 bit with Diffuser
                ("aes256_diffuser"), AES 128 bit ("aes128"), or AES 256 bit
                ("aes256"). Unless otherwise specified, AES 128 bit with
                Diffuser is used to encrypt the disk.
    -SkipHardwareTest or -s
                Begins encryption without a hardware test. Optional. If not
                specified, you must restart and pass a hardware test before
                encryption will begin on the OS volume. The test checks
                whether the TPM works as expected and whether the computer can
                read an external key file from a USB drive during boot.
    -DiscoveryVolumeType or -dv
                Define the file system to use for the discovery volume.
                A native BitLocker volume ("[none]") is not recognized by
                earlier versions of Windows; the data is not accessible and
                the OS might offer to format the drive.
                The discovery volume is an overlay that is recognized by
                earlier versions of Windows. It also provides an application 
                to provide access to the encrypted data.
                If this parameter is not specified or "[default]" a FAT32 
                discovery volume is used if the volume contains a FAT 
                file system.
    -ComputerName or -cn
                Runs on another computer. Examples: "ComputerX", "127.0.0.1"
    -? or /?    Displays brief help. Example: "-ParameterSet -?"
    -Help or -h Displays complete help. Example: "-ParameterSet -h"

Examples:
    manage-bde -on C: -RecoveryPassword
    manage-bde -on C: -RecoveryKey e:\ -RecoveryPassword
    manage-bde -on C: -rp -rk "f:\Folder" -SkipHardwareTest
    manage-bde -on C: -rp -StartupKey "f:\\"
    manage-bde -on C: -rp -TPMAndPIN -em aes128_diffuser
    manage-bde -on E: -rp -Certificate -cf "C:\File Folder\Filename.cer"
    manage-bde -on E: -pw

manage-bde -changepin Volume {-ComputerName|-cn} ComputerName {-?|/?} {-Help|-h} Description: Modifies PIN for a volume. ... manage-bde -lock Volume {-ForceDismount|-fd} {-ComputerName|-cn} ComputerName {-?|/?} {-Help|-h} Description: Prevents access ... manage-bde -off Volume {-ComputerName|-cn} ComputerName {-?|/?} {-Help|-h} Description: Decrypts the volume and turns BitLocker ... manage-bde -on Volume {-RecoveryPassword|-rp} NumericalPassword {-RecoveryKey|-rk} PathToExternalKeyDirectory {-StartupKey|-sk} ... manage-bde -on Volume {-RecoveryPassword|-rp} NumericalPassword {-RecoveryKey|-rk} PathToExternalKeyDirectory {-StartupKey|-sk} ... manage-bde -pause Volume {-ComputerName|-cn} ComputerName {-?|/?} {-Help|-h} Description: Pauses encryption or decryption. ... manage-bde -protectors -adbackup Volume -ID KeyProtectorID {-ComputerName|-cn} ComputerName {-?|/?} {-Help|-h} Description: ... manage-bde -protectors -add Volume {-ForceUpgrade} {-RecoveryPassword|-rp} NumericalPassword {-RecoveryKey|-rk} PathToExternalKeyDirectory ... manage-bde -protectors -add Volume {-RecoveryPassword|-rp} NumericalPassword {-RecoveryKey|-rk} PathToExternalKeyDirectory ...