locked
Accessing Bitlocker-encrypted boot drive RRS feed

  • Question

  • New PC, which leads me to ask this question:

    My old PC was non-CPM, so encrypting the system drive required entering a password. When my old PC crashed (motherboard died), it was simply a matter of plugging in my old drive, entering the password, and accessing the data I needed.

    The new PC is TPM, so the question becomes: what happens if/when the same thing happens? The computer dies making it impossible to turn off encryption before trying to access the drive on another computer? How does that work? Is it just a matter of unlocking it with the recovery key?

    Tuesday, January 23, 2018 2:58 PM

All replies

  • Hi,

    The recovery key is the last way to unlock the drive, you can use it to unlock BitLocker.

    If you have forgotten the recovery key, you are not able to decrypt and access the drive, that is the sole purpose of BitLocker.

    Thank you for understanding.

    Best regards,

    Tao


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Tony_Tao Wednesday, January 31, 2018 8:56 AM
    Wednesday, January 24, 2018 5:45 AM
  • If you use BL with TPM, the way it is intended to be used (TPM-only or TPM+PIN), then you need the recovery key to access it on different computers or from boot media.

    If you choose to add an additional password (TPM+password, not to be confused with TPM+PIN), you can use that password as you used it before. However, using a PIN would be safer unless you use a really long and complex password.

    So the recommendation is: use the recovery key or, and that is the best idea, add a startup key to your device (a usb based .bek file), that can simply be read from a USB drive to access your encrypted drive.

    • Proposed as answer by Ronald Schilf Wednesday, January 31, 2018 1:09 PM
    Wednesday, January 24, 2018 6:30 PM