ProtectKeyWithExternalKey Method
Collapse the table of content
Expand the table of content

ProtectKeyWithExternalKey method of the Win32_EncryptableVolume class

The ProtectKeyWithExternalKey method of the Win32_EncryptableVolume class secures the volume's encryption key with a 256-bit external key. This external key can be used to recover from the authentication failures of other key protectors (for example, TPM).

Use the SaveExternalKeyToFile method to save this external key to a file. USB memory devices that contain this external key can be used as a startup key or a recovery key when the computer starts.

A key protector of type "External Key" is created for the volume.


uint32 ProtectKeyWithExternalKey(
  [in, optional] string FriendlyName,
  [in, optional] uint8  ExternalKey[],
  [out]          string VolumeKeyProtectorID


FriendlyName [in, optional]

Type: string

A string that specifies a user-assigned identifier for this key protector. If this parameter is not specified, a blank value is used.

ExternalKey [in, optional]

Type: uint8[]

An array of bytes that specifies the 256-bit external key used to unlock the volume.

If no external key is specified, one is randomly generated. Use the GetKeyProtectorExternalKey method to obtain the randomly generated key.

VolumeKeyProtectorID [out]

Type: string

A unique string identifier used to manage an encrypted volume key protector.

If the drive supports hardware encryption and BitLocker has not taken band ownership, the ID string is set to "BitLocker" and the key protector is written to per band metadata.

Return value

Type: uint32

This method returns one of the following codes or another error code if it fails.

Return code/valueDescription
0 (0x0)

The method was successful.

2147942487 (0x80070057)

The ExternalKey parameter is provided but is not an array of size 4.

2150694912 (0x80310000)

The volume is locked.

2150694920 (0x80310008)

BitLocker is not enabled on the volume. Add a key protector to enable BitLocker.



Managed Object Format (MOF) files contain the definitions for Windows Management Instrumentation (WMI) classes. MOF files are not installed as part of the Windows SDK. They are installed on the server when you add the associated role by using the Server Manager. For more information about MOF files, see Managed Object Format (MOF).


Minimum supported client

Windows Vista Enterprise, Windows Vista Ultimate [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]





See also




Community Additions

© 2015 Microsoft