locked
Decrypt Bitlocker encryption RRS feed

  • Question

  • Dear,

    i have issue that i want to Decrypt Bitlocker encryption drive of Windows Server 2008 R2 NTFS partition.

    No password No Recovery Key :(

    any solution or suggestion.

    Wednesday, January 27, 2016 3:58 PM

Answers

  • It is not possible decrypt bitlocker without a recovery key. If you're not using a startup key/pin, you can try to gain access to the key with a cold boot attack. 

    Mike Crowley | MVP
    My Blog -- Baseline Technologies

    • Proposed as answer by Mike Crowley Thursday, January 28, 2016 3:49 AM
    • Marked as answer by Mary Dong Tuesday, February 16, 2016 8:56 AM
    Thursday, January 28, 2016 3:49 AM
  • OP is clearly confusing various concepts already (RAID also has nothing to do with this). Bitlocker encrypts the whole disk, including the operating system. The concept of an "administrator" is operating system specific and is not relevant when discussing the nature of bitlocker. Once a drive is encrypted, that data is protected against anyone without the key. The OS you choose, be it WinPE, Windows 7, Linux or one you invented yourself is an irrelevant detail.

    Mike Crowley | MVP
    My Blog -- Baseline Technologies

    • Proposed as answer by Mary Dong Monday, February 15, 2016 1:48 AM
    • Marked as answer by Mary Dong Tuesday, February 16, 2016 8:56 AM
    Wednesday, February 10, 2016 2:43 PM

All replies

  • It is not possible decrypt bitlocker without a recovery key. If you're not using a startup key/pin, you can try to gain access to the key with a cold boot attack. 

    Mike Crowley | MVP
    My Blog -- Baseline Technologies

    • Proposed as answer by Mike Crowley Thursday, January 28, 2016 3:49 AM
    • Marked as answer by Mary Dong Tuesday, February 16, 2016 8:56 AM
    Thursday, January 28, 2016 3:49 AM
  • Hi abdullah altaf,

    Thanks for your post.

    As far as I know, there's no build-in method to Decrypt Bitlocker encryption drive without password and recovery.

    If you have already started the computer, please backup all the data on the drive.

    Best Regards,

    Mary Dong


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, January 28, 2016 4:29 AM
  • I think solution is Elcomsoft Forensic Disk Decryptor (https://www.elcomsoft.com/efdd.html) ?

    Thursday, January 28, 2016 7:06 AM
  • I think solution is Elcomsoft Forensic Disk Decryptor (https://www.elcomsoft.com/efdd.html) ?

    No, as you can see on the page you linked - this tool requires the key. If OP suspects his key is retrievable from a non-encrypted location, the tool you linked assists with utilizing it.

    Mike Crowley | MVP
    My Blog -- Baseline Technologies

    Thursday, January 28, 2016 2:25 PM
  • Hi.

    Please let's step back. What do you have? "i have issue that i want to Decrypt Bitlocker encryption drive"

    What does that mean? Does that thing boot or not? Normally, Servers are being used with TPM protectors alone and would boot hands-free. That would mean, anyone able to logon can read the data and, if he is an admin, can decrypt the drive without knowing the key.

    Thursday, January 28, 2016 7:28 PM
  • Dear,

    Complete details are:

    Raid level 1
    Windows Server 2008 R2
    NTFS partition with 780GB of size
    Bitlocker encryption enabled
    No password No Recovery Key

    Friday, January 29, 2016 6:19 AM
  • If you are not using a start-up PIN, bitlocker was not deployed securely and is therefore susceptible to a cold boot attack, which you can easily learn about on youtube, etc.

    Mike Crowley | MVP
    My Blog -- Baseline Technologies

    Friday, January 29, 2016 10:09 PM
  • You didn't answer my questions, yet.

    Again:

    Does it boot?

    Do you have administrative rights?

    If both answers are "yes", then you would be able to decrypt the drive simply by clicking on it and selecting "manage bitlocker" and then turn off.

    Monday, February 1, 2016 8:34 AM
  • yes the server is boot and on, only one drive is Bitlocker encryption

    yes i am administrator

    Tuesday, February 9, 2016 5:12 AM
  • So why can't you decrypt it? Administrators may decrypt.
    Tuesday, February 9, 2016 8:27 AM
  • So why can't you decrypt it? Administrators may decrypt.
    Bitlocker decryption has nothing to do with administrative privileges, unless you're talking about a drive that is already unlocked. As I mentioned above, you must have the key. OP seems to be having a hard time explaining his situation. At this point, he needs to probably contact Microsoft support.

    Mike Crowley | MVP
    My Blog -- Baseline Technologies



    • Edited by Mike Crowley Wednesday, February 10, 2016 2:21 PM
    Wednesday, February 10, 2016 2:14 PM
  • "Bitlocker decryption has nothing to do with administrative privileges" - Mike, then try to decrypt without administrative privs - won't work, even with the recovery key. Sure, we can use WinPE, where this won't matter.
    Wednesday, February 10, 2016 2:35 PM
  • OP is clearly confusing various concepts already (RAID also has nothing to do with this). Bitlocker encrypts the whole disk, including the operating system. The concept of an "administrator" is operating system specific and is not relevant when discussing the nature of bitlocker. Once a drive is encrypted, that data is protected against anyone without the key. The OS you choose, be it WinPE, Windows 7, Linux or one you invented yourself is an irrelevant detail.

    Mike Crowley | MVP
    My Blog -- Baseline Technologies

    • Proposed as answer by Mary Dong Monday, February 15, 2016 1:48 AM
    • Marked as answer by Mary Dong Tuesday, February 16, 2016 8:56 AM
    Wednesday, February 10, 2016 2:43 PM