If you are locked out of your BitLocker-protected machine, you should be given a prompt to input your recovery key. However, if this prompt asks for a key that you don’t have, follow these steps to unlock your device:
1. “BitLocker Recovery” prompt displays a Key ID you don’t have when attempting to boot your PC.
2. Press ESC for more recovery options.
3. Select “Skip this drive.”
4. Select “Troubleshoot.”
5. Select “Advanced options.”
6. Select “Command prompt.”
7. Enter the following at the command prompt:
manage-bde –unlock c: XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX manage-bde –protectors –disable c:
Keep in mind that the XXXXX values should be a valid BitLocker numeric password from any of the key IDs on your machine. You can run the following command to obtain a list of key IDs on the machine:
manage-bde –protectors –get c:
8. Close the command prompt and select “Continue – Exit and continue to Windows 10.” Once you are logged into your machine, open Manage BitLocker (Control Panel > System and Security > BitLocker Drive Encryption) and completely decrypt the machine by turning BitLocker off. After the machine is completely decrypted, you can then re-enable BitLocker and Encrypt your machine to your desired specifications.
- BitLocker will be re-enabled automatically after the next reboot, unless “-rebootcount X” args are specified…
- “-rebootcount 0” disables BitLocker indefinitely, and must be explicitly re-enabled through the “-enable” command
- “-rebootcount 3” will disable BitLocker for the next 2 reboots, then re-enable BitLocker automatically after the 3rd reboot.
- The “-disable” and “-enable” commands operate on BitLocker keys, not BitLocker encryption. Thus, the “-disable” command makes BitLocker keys readable by anyone, bypassing any boot prompt. However, BitLocker encryption is still active, and both existing and new data written to the disk are still encrypted.
- Running “-enable” restores normal BitLocker operation. Keys will subsequently be needed to access the drive.
- The “-enable” and “-disable” commands do not create or delete keys.
DriveStrike provides BitLocker integration with easy key management through our web console. See our BitLocker Encryption page for more information, and view our Windows installation guide to set up DriveStrike on your Windows machines. Start a free trial to begin protecting your Windows devices today, and feel free to contact us if you have any questions.
Start Your Free 30 Day Trial
Each day brings new device security challenges, so your organization needs simple and wide-reaching solutions to combat those challenges. DriveStrike is here to help you protect your most critical data with premium quality endpoint security. Start a free trial with DriveStrike today, and contact us if you need any assistance. Our team is always ready to answer your questions.