BitLocker is Microsoft’s solution to providing full disk encryption. While setting up BitLocker and encrypting your disk you probably want to check and view the progress and see the current status, as it can take quite a long time depending on the size and speed of your disk.
Here we cover how to view the current BitLocker status in both the graphical user interface, and with PowerShell.
View BitLocker Status – GUI
The current status of BitLocker can usually be viewed through the graphical user interface (GUI), however in my experience occasionally this did not appear during the encryption/decryption process, or it would disappear completely. Below is an example of the BitLocker status in the GUI.
As shown it simply shows the current progress, which may be all you want to know, however with the help of PowerShell we can also view the current status in additional to more useful information.
View BitLocker Status – PowerShell
With the help of PowerShell we can quickly and easily view the BitLocker status information of a disk by running the below command. Note that your PowerShell session will need to be running with administrative rights for this to work.
manage-bde -status
By default this will display the BitLocker status for all disks, however you can also specify a specific disk afterwards as shown below.
PS C:\windows\system32> manage-bde -status c: BitLocker Drive Encryption: Configuration Tool version 10.0.10011 Copyright (C) 2013 Microsoft Corporation. All rights reserved. Volume C: [Windows] [OS Volume] Size: 237.72 GB BitLocker Version: 2.0 Conversion Status: Decrytpion in Progress Percentage Encrypted: 7.2% Encryption Method: AES 128 Protection Status: Protection Off Lock Status: Unlocked Identification Field: Unknown Key Protectors: Numerical Password TPM And PIN
In this example we are currently in the process of decrypting a Windows 10 operating system drive, when the above command was run only 7.2% was left to be decrypted. The disk was encrypted with AES 128 as this is the default BitLocker setting, so to change this to AES 256 BitLocker first must be disabled which will decrypt the disk.
The next example was run on an external USB hard drive. The conversion status shows as fully encrypted and the percentage encrypted displays as 100%, confirming that the disk encryption has completed.
PS C:\windows\system32> manage-bde -status g: BitLocker Drive Encryption: Configuration Tool version 6.1.7601 Copyright (C) Microsoft Corporation. All rights reserved. Volume G: [Elements] [Data Volume] Size: 931.51 GB BitLocker Version: Windows 7 Conversion Status: Fully Encrypted Percentage Encrypted: 100% Encryption Method: AES 256 Protection Status: Protection On Lock Status: Unlocked Identification Field: None Automatic Unlock: Disabled Key Protectors: Numerical Password Password
The conversion status could alternatively be listed as “Used Space Only Encrypted” when percentage encrypted reaches 100%, this is because BitLocker has the option of encrypting only used data which will be a lot faster to complete as there is less of the disk to encrypt but can be less secure, or full disk encryption which will encrypt the whole disk regardless of which parts are in use.
While the manage-bde executable itself is not a PowerShell cmdlet (you can run it in command prompt if you like), we can view similar information regarding the status of the volume with Get-BitLockerVolume, as shown below. This shows us that the encryption percentage of volume C it at 100% as it’s completed.
PS C:\WINDOWS\system32> Get-BitLockerVolume C: ComputerName: Computer VolumeType Mount CapacityGB VolumeStatus Encryption KeyProtector AutoUnlock Protection Point Percentage Enabled Status ---------- ----- ---------- ------------ ---------- ------------ ---------- ---------- OperatingSystem C: 167.24 FullyEncrypted 100 {Password, RecoveryPas... On
You can find the rest of the BitLocker specific PowerShell cmdlets here.
Summary
These PowerShell examples clearly show the additional useful information that you can get regarding the status of BitLocker , compared to the simple GUI option. In either case we can easily and quickly view the current BitLocker status of a disk.
As you’ve seen, there is a progress bar GUI. This is nice because it gives you a constant view of the current percentage while you do other work. The PS command line requires you to constantly execute to see status. Since I know the GUI exists, I’d like to know how to view it. Any ideas?
I’ve not yet found how to willingly bring it back.
To start up the BitLocker Drive Encryption dialog that shows you the percentage you have to run fvenotify.exe. I have found that most of the time the process is already running but not showing in the notification area. If you kill the process through task manager and run fvenotify again it will bring up the status dialog.
Ah great, thanks for letting us know!
Hi, I tried fvenotify.exe but its not working. I mean nothing came up. I can open BitLocker encryption dialogs but unable to track the status in numeral value. Can you please help me here?
run this command in cmd :
1) to kill fvenotify.exe process :
taskkill /f /im fvenotify.exe
2) run it back :
fvenotify.exe
it should works
Wow….
Manage-bde is a PowerShell command.
Seriously?
Seems that author has little knowledge about this topic.
No where in the post did I claim it was a PowerShell command, no where is manage-bde referred to as a PowerShell cmdlet. I am simply using PowerShell to run the executable, this is encouraged by Microsoft as command prompt is considered old news. Perhaps next time read the whole post :)
Then what this is? “View BitLocker Status – PowerShell”
You indirectly suggested there that manage-bde is a PowerShell thing while its not.
Why aren’t you providing information about PS module for BL nor appropriate commandlets?
https://technet.microsoft.com/en-gb/itpro/powershell/windows/bitlocker/bitlocker
I was simply using PowerShell to run it, sorry if it was unclear, I’ve updated it to mention the cmdlet as well. A more constructive post like this originally would have been more useful than your original one.
Why does Manage-BDE feel the need to correct or pick holes in what Jarrod was saying!!!?? What a joke….He gave you a means of viewing the progress. Are you that insecure that you feel the need to try and unravel his work and appear to be more knowledgeable then him, because it didn’t, it made you look stupid. No wonder people in IT have a reputation
Agreed!! The solution Jarrod provided was perfect. Simple and effective. Well Done!!!!!!
Worked for me, thanks.
Thank you!!
I was able to access the BitLocker Encryption Status window using the taskkill command mentioned by farah. Thank you, Jarrod, for getting the discussion started.
Great to hear! Cheers đź‘Ť
If you look in the Taskbar tray there is an icon with a hard drive and keys symbol. Hovering the mouse over it displays the encryption status and clicking it will bring up the GUI BitLocker bar. (I’m on Win 10 v809).
I have seen the same in the tray, but lets say the scenario is you are doing this to a remote computer via powershell and want to see the progress of the remote computer’s decryption process. How do you pull that into a progress bar or GUI.
Easy batch file for admins who want a nice easy file to look through. Just set this up at one of my clients AD Networks, worked like a charm:
Setup a .cdm file, dump it into the netlogon folderscript:
echo Computer:%ComputerName% with username:%username% – Bitlocker check of drive C: >> “\\server\share\folder\BitlockerCheck.log”manage-bde -status c: >> “\\server\share\folder\BitlockerCheck\BitlockerCheck.log”
Make sure everyone has access to share path (domain users)Edit Group Policy for the container you want it to run in (default domain policy should never be touched, if you want everyone, make a new policy at the top and name it Bitcloker status check).Go to User Configuration – Policies – Windows Settings – Scripts Right-click Logon, properties, Add – browse to \\dcname\netlogon\filename.cmdclick OK, after about 15 minutes (without a forced gpupdate) the file will start populating as users logon/logoff.
On Non-BitLocker computers, it will show the computer name and user with no info.May be cumbersome on very large networks, but you could break out Gp script by OU and separate files as most large companies don’t have everyone in one container.