The following steps detail how to change your Bitlocker recovery key without decrypting the data on the hard drive.
NOTE: These instructions assume the BitLocker protected drive is the C:\ drive
- Open an elevated cmd prompt (From the Start menu, right click on ‘Command Prompt’ and select ‘Run as administrator’)
- Run the following command:
-
manage-bde C: -protectors -get -type RecoveryPassword
- Locate the protector you want to cycle (probably the only one displayed) and copy its ID field (including the curly braces) – tip: to copy you can right-click on the window, select the text then right-click again.
- Run the following command, including the ID you copied in the previous step
-
manage-bde C: -protectors -delete -id [paste the ID you copied here]
- The old recovery key has now been removed, you now need to create a new one
- Run the following command (leave last section blank to automatically generate a new key)
-
manage-bde C: -protectors -add -rp [optionally specify the new 48-digit password or enter nothing to have it randomly generated for you]
And you’re done! You’ve changed your recovery password.