none
Bitlocker issues in business enviroment

    Question

  • We´re piloting Windows 7 for 50 users and I applied bitlocker during machine installation. Password recovery keys are written in AD fine. Bitlocker advanced tools are not installed. The problem is that some of users have been reporting that bitlocker sometimes requires recovery password during the startup. I know theoretically, why this usually happends but is there any way to track down the real reason for bitlocker requiring recovery password?

    Another question - is there anyway to provide user rights to suspend and decrypt the system drive?


    • Edited by yannara Thursday, March 22, 2012 6:44 AM
    Thursday, March 22, 2012 6:43 AM

Answers

  • Try the steps here:

    1. Suspend Bitlocker drive encryption by typing "manage-bde -protectors -disable c:” from an elevated command prompt.

    2. Go into the BIOS and change the Boot Order so the OS HDD is first in the list.

    By default from most hardware vendors, the HDD is not the first boot device.

    If you have a laptop with a docking station, make sure that it is plugged into the docking station, in order to make sure that the external devices presented by the docking station are present in BIOS.

    3. Boot into the Operating System and run "manage-bde -protectors -enable c:"

    For more information, please refer to: http://blogs.technet.com/b/askcore/archive/2010/08/04/issues-resulting-in-bitlocker-recovery-mode-and-their-resolution.aspx

    Regards,
    Miya


    Miya Yao

    TechNet Community Support

    Thursday, March 22, 2012 9:17 AM
    Moderator

All replies

  • Try the steps here:

    1. Suspend Bitlocker drive encryption by typing "manage-bde -protectors -disable c:” from an elevated command prompt.

    2. Go into the BIOS and change the Boot Order so the OS HDD is first in the list.

    By default from most hardware vendors, the HDD is not the first boot device.

    If you have a laptop with a docking station, make sure that it is plugged into the docking station, in order to make sure that the external devices presented by the docking station are present in BIOS.

    3. Boot into the Operating System and run "manage-bde -protectors -enable c:"

    For more information, please refer to: http://blogs.technet.com/b/askcore/archive/2010/08/04/issues-resulting-in-bitlocker-recovery-mode-and-their-resolution.aspx

    Regards,
    Miya


    Miya Yao

    TechNet Community Support

    Thursday, March 22, 2012 9:17 AM
    Moderator
  • Thanks! To prevent all the bitlocker recovery password requests, I think that I need to:

    - disable USB as a boot device in bios

    - set system hdd to a first boot device

    We had an intresting case going on, where users complained about bitlocker recovery password request after they plug-in a desktop printer. It turned out, that this pronter had a build-in memory with driver included, and a our Win7 laptops actually tried to boot from it while system startup.

    Monday, April 02, 2012 2:56 PM
  • Is there any way to dig up the real reason for Bitlocker asking recovery password through some logs? I need to see a real cause, what device had launched the bitlocker to go for recovery mode.
    Thursday, April 26, 2012 7:13 AM
  • Did you ever find an answer to this?  I am also seeing some spurious Recovery Key requests during Bitlocker testing and would like to know more about what is causing them.
    Monday, February 24, 2014 7:28 PM
  • Did you ever find an answer to this?  I am also seeing some spurious Recovery Key requests during Bitlocker testing and would like to know more about what is causing them.

    No, still the question remains, how do dig up the real reason "online"? In event viewer is a Bitlocker node located, perhaps that could help?
    Tuesday, February 25, 2014 7:52 AM