none
Bitlocker and safe mode issues. RRS feed

  • Question

  • I am unable to boot in safe mode with Bitlocker enabled.

    We require a ID card with a cert and it requires pin at login. This is enforced in the build. They have an account on the computer but the ID card is enforced and will log them in with there profile when used. I have tools that if they Utilized a VPN connection I could run an exemption for the user to log in using a username and password they are provided. The only workaround for this if they are not on the domain or are not able to login to the domain is I can change it in the registry or just provide them with a "cached" log in where they just can log in after I get in safe mode. The issue Im having is getting to "advanced startup options" using the F8 key at bootup. It seems that bitlocker is coming up and not allowing F8 to be pressed fast enough to get to the option. This is the best way for me to walk the user through it. Is there some other way I can boot into safe mode besides using this option? I have no way to get passed the login screen without this, of course there should be a local admin account on the computer but I do not have access to this account. Anything will help, thank you.

    Wednesday, February 1, 2017 3:27 PM

All replies

  • Hi, 

    Here are the steps you need to take if you need to start your Windows OS in “Safe Mode” when the drive is protected with BitLocker.

    • First, be sure you have your BitLocker recovery key handy. This is NOT your PIN. This is a LONG series of numbers.
    • Before the screen appears prompting for the BitLocker PIN, press [F8] (maybe repeatedly).
    • If you pressed [F8] early enough, you will get a warning message.
    • After supplying the BitLocker recovery key, you will be prompted with booting options, including the various safe modes.

    In addition, we can try to configure safe mode by MSconfig in normal mode, then configure normal startup by MSconfig back once you have done your settings in Safe mode: 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, February 2, 2017 4:43 PM
    Owner
  • So you're telling me no matter what I do, I will never be able to go into safe mode without my bitlocker recovery ID even If I can clear the bit locker screen when I boot. Nice thinking Microsoft.

          Also, If you read my post I put "It seems that bit locker is coming up and not allowing F8 to be pressed fast enough to get to the option" that is a clear indication that I tried to press F8 before Bitlocker comes up. Next time if you dont understand my question just ask me for more information. Your solution was about as good as asking me if I tried rebooting my machine. Thanks for the attempt though.

    Thursday, February 2, 2017 5:39 PM
  • Hi, 

    Thanks for your clarification of this question and sorry for the misunderstanding. 

    To be clear, I would like to paraphrase your question here: You would like restart into Safe mode without requiring to enter BitLocker recovery key. 

    If so, I have to say that this cannot be realized, Bitlocker is harddrive encryption, after your enable it, the boot process will be changed as POST, decryption, then OS load. 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 6, 2017 6:17 AM
    Owner
  • Hi, 

    Just check if you have taken time to check my suggestions, if there is any question, please post back here and let's discuss further on this question. 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, February 16, 2017 2:08 AM
    Owner
  • I agree. This is totally crazy and a really stupid design decision on Microsoft's part.

    Safe Mode is a diagnostic tool. I should be able to enter safe mode and decrypt my bitlocker drives in the same way I do normally... with a password or hardware key. I should not have to keep the recovery key for every bitlocker drive just so that I can use safe mode.

    What a complete disaster this is. Why does Microsoft insist on "upgrades" that just keep making the product worse and worse?

    Friday, January 25, 2019 4:26 PM