Unsolved
2 Posts
0
762
Bitlocker locked and cannot get key XPS13
OK please help. Friend of mine has a Dell XPS13, Windows 10 according to the box. All of a sudden the drive is locked with bitlocker and he doesn't have a recovery key saved. First, I am in America, he is in South Africa so I can't get to it physically. That being said, he sent me the screen prints and his microsoft id and password. I sign in and go to the website indicated. I get access denied. I am trying this on a different windows 10 computer. He has never done anything with the bitlocker so doesn't have the key. He has had it worked on a couple times by the university. I tried to get him to get to a C prompt via advanced startup (to enter the command to bypass bitlocker) but he cannot get to that either. Can anyone assist me with ids or even better a solution? Why is it access denied from microsoft? Because it was done under a different user? Thoughts? Suggestions?? Thank you!!!
nyc10036
4 Operator
4 Operator
•
5.6K Posts
0
March 18th, 2020 07:00
If it has been worked on by the university, then it their property. They need to fix it. Not you!
.
jphughan
9 Legend
9 Legend
•
14K Posts
0
March 18th, 2020 08:00
@Purell even if you could get to Command Prompt, you won't be able to simply bypass BitLocker. If it were that simple, then people who stole BitLockered laptops could simply bypass encryption that way. If BitLocker is prompting you for a Recovery Key, then you'll need to provide it. Dell for a while now has shipped systems with BitLocker pre-configured in such a way that if you choose to link your Windows logon to your Microsoft account, then your Recovery Key is backed up to your Microsoft account in the cloud and BitLocker is fully enabled. This is true even on Windows 10 Home systems that don't normally allow BitLocker but that do offer a version with a reduced feature set that includes support for encrypting the OS partition (when certain hardware requirements are met) but not other volumes such as external storage.
As for why this suddenly started happening, BitLocker's normal mode is to store the decryption key in the TPM, which automatically provides it during startup after performing a "platform integrity check" to confirm that no hardware or firmware changes have been made that might represent a security threat to the system. If you're seeing a Recovery Key prompt now, it means that either something has changed that has caused the platform integrity check to fail, or else something has happened to the TPM such that it no longer has the key. The former can be caused by updating (or downgrading) your BIOS or changing certain BIOS settings. The latter can be caused in some cases by TPM firmware updates and of course by manually clearing the TPM. If the cause is the former, then in theory whatever change caused the platform integrity check to start failing could be reversed, in which case the TPM would start releasing the key again. If you want the TPM to "trust" the new configuration, then you'd have to enter the Recovery Key once, and after that it would "re-seal" to the new system configuration. If the TPM no longer has the key for some reason, then your only option is to provide the Recovery Key unless maybe the university added an "external key protector" that would allow them to decrypt it as well using a decryption key that they would have stored. But if you don't have a way to unlock the drive, then the data on it would effectively be irrecoverably lost.
I would work on why you're getting an "Access Denied" error trying to access the BitLocker Recovery Key area of this person's Microsoft account.
Purell
2 Posts
0
March 19th, 2020 15:00
Thank you. I was finally able to talk to Microsoft. They have changed the location of the bitlocker key to the one drive account of the user signed in. Now, this didn't help me because someone else must have logged on to this machine in fixing it and that is how the bitlocker got turned on.