Events
19 May, 18 - 23 May, 00
Calling all developers, creators, and AI innovators to join us in Seattle @Microsoft Build May 19-22.
Register todayProtectKeyWithExternalKey method of the Win32_EncryptableVolume class
The ProtectKeyWithExternalKey method of the Win32_EncryptableVolume class secures the volume's encryption key with a 256-bit external key. This external key can be used to recover from the authentication failures of other key protectors (for example, TPM).
Use the SaveExternalKeyToFile method to save this external key to a file. USB memory devices that contain this external key can be used as a startup key or a recovery key when the computer starts.
A key protector of type "External Key" is created for the volume.
uint32 ProtectKeyWithExternalKey(
[in, optional] string FriendlyName,
[in, optional] uint8 ExternalKey[],
[out] string VolumeKeyProtectorID
);
-
FriendlyName [in, optional]
-
Type: string
A string that specifies a user-assigned identifier for this key protector. If this parameter is not specified, a blank value is used.
-
ExternalKey [in, optional]
-
Type: uint8[]
An array of bytes that specifies the 256-bit external key used to unlock the volume.
If no external key is specified, one is randomly generated. Use the GetKeyProtectorExternalKey method to obtain the randomly generated key.
-
VolumeKeyProtectorID [out]
-
Type: string
A unique string identifier used to manage an encrypted volume key protector.
If the drive supports hardware encryption and BitLocker has not taken band ownership, the ID string is set to "BitLocker" and the key protector is written to per band metadata.
Type: uint32
This method returns one of the following codes or another error code if it fails.
| Return code/value | Description |
|---|---|
|
The method was successful. |
|
The ExternalKey parameter is provided but is not an array of size 4. |
|
The volume is locked. |
|
BitLocker is not enabled on the volume. Add a key protector to enable BitLocker. |
Managed Object Format (MOF) files contain the definitions for Windows Management Instrumentation (WMI) classes. MOF files are not installed as part of the Windows SDK. They are installed on the server when you add the associated role by using the Server Manager. For more information about MOF files, see Managed Object Format (MOF).
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows Vista Enterprise, Windows Vista Ultimate [desktop apps only] |
| Minimum supported server |
Windows Server 2008 [desktop apps only] |
| Namespace |
Root\CIMV2\Security\MicrosoftVolumeEncryption |
| MOF |
|