none
Generate recovery key with BEK file

    Question

  • Hi,

    I am working in a scenario where I have TPM enable laptops and i have to save the recovery key in a secured network share. I have achieved this and now the bek file is getting saved in the network share.

    Here my question is that how can i generate a recovery key using the BEK file if the TPM will be lost. I do not have to save any info in AD.

     

     


    Thanks Chandan
    Tuesday, January 17, 2012 10:48 AM

Answers

  • Hi,

     

    You can  recovery keys (bek) files on a USB device and use it to boot to Windows if BitLocker goes in a recovery mode. But you cannot use bek file to recover recovery key.

    proper Recovery Key may look like this:

    528748-036938-506726-199056-621005-314512-037290-524293

    And a .BEK file with a name that looks like this:

    3926293F-E661-4417-A26C-C52286C5F149.BEK

    But they seems cannot transfer with each other.

     

     

    Regards,

    Leo   Huang

     

     


    Leo Huang

    TechNet Community Support

    • Proposed as answer by Gaurav Ranjan Thursday, January 19, 2012 9:31 AM
    • Marked as answer by Chandan Omkar Thursday, January 19, 2012 9:35 AM
    Thursday, January 19, 2012 8:25 AM
    Moderator
  • thanks for the reply. I got it working by the same.

    copy the recovery key onto a USB drive and make the machine boot. It will not ask for the PIN and machine will take the BEK file from the USB and will load the OS. Then after you can reset the PIN for the TPM.

     


    Gaurav Ranjan
    • Marked as answer by Chandan Omkar Thursday, January 19, 2012 9:34 AM
    Thursday, January 19, 2012 9:33 AM

All replies

  • i am also searching a solution for the same issue. please post it if you will get any..it will be highly appreciated....

    Thanks


    Gaurav Ranjan
    Tuesday, January 17, 2012 11:45 AM
  • Hi,

     

    You can  recovery keys (bek) files on a USB device and use it to boot to Windows if BitLocker goes in a recovery mode. But you cannot use bek file to recover recovery key.

    proper Recovery Key may look like this:

    528748-036938-506726-199056-621005-314512-037290-524293

    And a .BEK file with a name that looks like this:

    3926293F-E661-4417-A26C-C52286C5F149.BEK

    But they seems cannot transfer with each other.

     

     

    Regards,

    Leo   Huang

     

     


    Leo Huang

    TechNet Community Support

    • Proposed as answer by Gaurav Ranjan Thursday, January 19, 2012 9:31 AM
    • Marked as answer by Chandan Omkar Thursday, January 19, 2012 9:35 AM
    Thursday, January 19, 2012 8:25 AM
    Moderator
  • thanks for the reply. I got it working by the same.

    copy the recovery key onto a USB drive and make the machine boot. It will not ask for the PIN and machine will take the BEK file from the USB and will load the OS. Then after you can reset the PIN for the TPM.

     


    Gaurav Ranjan
    • Marked as answer by Chandan Omkar Thursday, January 19, 2012 9:34 AM
    Thursday, January 19, 2012 9:33 AM