manage-bde -on Volume {-RecoveryPassword|-rp} NumericalPassword {-RecoveryKey|-rk} PathToExternalKeyDirectory {-StartupKey|-sk} ...

manage-bde -on Volume
        [{-RecoveryPassword|-rp} [NumericalPassword] ]
        [{-RecoveryKey|-rk} PathToExternalKeyDirectory]
        [{-StartupKey|-sk} PathToExternalKeyDirectory]
        [{-Certificate|-cert} {-cf PathToCertificateFile|
                               -ct CertificateThumbprint}]
        [{-TPMAndPIN|-tp}]
        [{-TPMAndStartupKey|-tsk} PathToExternalKeyDirectory]
        [{-TPMAndPINAndStartupKey|-tpsk} -tsk
            PathToExternalKeyDirectory]
        [{-Password|-pw}]
        [{-ADAccountOrGroup|-sid} {SID|domain\user|domain\group} [-service]}]
        [{-UsedSpaceOnly|-used}]
        [{-EncryptionMethod|-em}
            {aes128|
             aes256}]
        [{-SkipHardwareTest|-s}]
        [{-Synchronous|-sync}]
        [{-DiscoveryVolumeType|-dv} {FAT32|[none]|[default]}]
        [{-ForceEncryptionType|-fet} {Hardware|Software}]
        [{-RemoveVolumeShadowCopies|-rvsc}]
        [{-ComputerName|-cn} ComputerName]
        [{-?|/?}] [{-Help|-h}]

Description:
    Encrypts the volume and turns BitLocker protection on. Use parameters to
    add key protectors for the encryption key. These protectors unlock access
    to BitLocker-encrypted data. Automatically adds a TPM protector to the OS
    volume if your computer has a supported TPM. For the OS volume, encryption
    begins on the next restart, after a hardware test.

Parameter List:
    Volume      Required. A drive letter followed by a colon,
                a volume GUID path or a mounted volume. Example: "C:",
                \\?\Volume{26a21bda-a627-11d7-9931-806e6f6e6963}\ or
                "C:\MountVolume"
    -RecoveryPassword or -rp
                Adds a Numerical Password protector. Required to begin
                encryption if one has not already been added. Leave the
                argument blank to generate a random numerical password
                (recommended). These passwords have special format
                requirements. Provide any argument such as "?" to read the
                requirements.
    -RecoveryKey or -rk
                Adds an External Key protector for recovery. Optional. Provide
                the absolute directory path where the file containing the
                randomly-generated external key will be saved. Example: "E:"
    -StartupKey or -sk
                Adds an External Key protector for startup. Required if the
                computer does not have a supported TPM and one has not already
                been added. To use a startup key, the saved external key file
                must be located on the root directory of a USB flash drive.
                Since both the -RecoveryKey and -StartupKey parameters produce
                External Key protectors, the saved files can be used
                interchangeably.
    -Certificate or -cert
                Adds a public key protector for the data volume. The user's
                certificate store is queried for a valid BitLocker
                certificate. If exactly one certificate is found, the
                certificate is used as the BitLocker encryption certificate.
                If two or more certificates are found the operation will fail
                and the thumbprint of a valid BitLocker certificate should be
                specified. Optional. Provide the location of a valid
                certificate file or provide the certificate thumbprint of a
                valid BitLocker certificate that will be present locally in
                the certificate store.
    -TPMAndPIN or -tp
                Adds a TPM And PIN protector for the OS volume. Optional.
                You will be prompted for a 4-20 digit numeric PIN that must be
                typed each time the computer starts. Since TPM-only protection
                overrides this protector, any TPM protector on the computer is
                removed and replaced.
    -TPMAndStartupKey or -tsk
                Adds a TPM And Startup Key protector for the OS volume.
                Optional. To use a startup key, the saved file must be located
                on the root directory of a USB flash drive. Since TPM-only
                protection overrides this protector, any TPM protector on the
                computer is removed and replaced.
    -TPMAndPINAndStartupKey or -tpsk
                Adds a TPM And PIN And Startup Key protector for the OS volume.
                TPM-only, TPM And PIN, and TPM And Startup Key protectors on
                the volume are removed.

manage-bde -changepin Volume {-ComputerName|-cn} ComputerName {-?|/?} {-Help|-h} Description: Modifies PIN for a volume. ... manage-bde -lock Volume {-ForceDismount|-fd} {-ComputerName|-cn} ComputerName {-?|/?} {-Help|-h} Description: Prevents access ... manage-bde -off Volume {-ComputerName|-cn} ComputerName {-?|/?} {-Help|-h} Description: Decrypts the volume and turns BitLocker ... manage-bde -on Volume {-RecoveryPassword|-rp} NumericalPassword {-RecoveryKey|-rk} PathToExternalKeyDirectory {-StartupKey|-sk} ... manage-bde -on Volume {-RecoveryPassword|-rp} NumericalPassword {-RecoveryKey|-rk} PathToExternalKeyDirectory {-StartupKey|-sk} ... manage-bde -pause Volume {-ComputerName|-cn} ComputerName {-?|/?} {-Help|-h} Description: Pauses encryption, decryption, ... manage-bde -protectors -adbackup Volume -ID KeyProtectorID {-ComputerName|-cn} ComputerName {-?|/?} {-Help|-h} Description: ... manage-bde -protectors -add Volume {-ForceUpgrade} {-RecoveryPassword|-rp} NumericalPassword {-RecoveryKey|-rk} PathToExternalKeyDirectory ... manage-bde -protectors -add Volume {-RecoveryPassword|-rp} NumericalPassword {-RecoveryKey|-rk} PathToExternalKeyDirectory ...