Changing the BitLocker password

You can change the recovery password without decrypting in one of two ways 1) using the manage-bde tool or 2) using the Win32_EncryptableVolume WMI interface. The first method doesn't require any programming/scripting so we'll go that route.

Assume X: is the BitLocker protected drive you want to change recovery password for.

1. Open an elevated cmd prompt
2. Type manage-bde X: -protectors -get -type RecoveryPassword
3. Locate the protector you want to cycle (probably the only one displayed) and copy its ID field (including the curly braces).
4. Type manage-bde X: -protectors -delete -id [paste the ID you copied]
5. Type manage-bde X: -protectors -add -rp [optionally specify the new 48-digit password or enter nothing to have it randomly generated for you]

And you're done! You've changed your recovery password.

Note: If you get an error when you try to delete the recovery password, this is likely because a recovery password is required by Group Policy on your system. To get around this, first suspend BitLocker with manage-bde X: -protectors -disable then after you've added the new recovery password, resume protection with manage-bde X: -protectors -enable.