@Purell even if you could get to Command Prompt, you won't be able to simply bypass BitLocker. If it were that simple, then people who stole BitLockered laptops could simply bypass encryption that way. If BitLocker is prompting you for a Recovery Key, then you'll need to provide it. Dell for a while now has shipped systems with BitLocker pre-configured in such a way that if you choose to link your Windows logon to your Microsoft account, then your Recovery Key is backed up to your Microsoft account in the cloud and BitLocker is fully enabled. This is true even on Windows 10 Home systems that don't normally allow BitLocker but that do offer a version with a reduced feature set that includes support for encrypting the OS partition (when certain hardware requirements are met) but not other volumes such as external storage.
As for why this suddenly started happening, BitLocker's normal mode is to store the decryption key in the TPM, which automatically provides it during startup after performing a "platform integrity check" to confirm that no hardware or firmware changes have been made that might represent a security threat to the system. If you're seeing a Recovery Key prompt now, it means that either something has changed that has caused the platform integrity check to fail, or else something has happened to the TPM such that it no longer has the key. The former can be caused by updating (or downgrading) your BIOS or changing certain BIOS settings. The latter can be caused in some cases by TPM firmware updates and of course by manually clearing the TPM. If the cause is the former, then in theory whatever change caused the platform integrity check to start failing could be reversed, in which case the TPM would start releasing the key again. If you want the TPM to "trust" the new configuration, then you'd have to enter the Recovery Key once, and after that it would "re-seal" to the new system configuration. If the TPM no longer has the key for some reason, then your only option is to provide the Recovery Key unless maybe the university added an "external key protector" that would allow them to decrypt it as well using a decryption key that they would have stored. But if you don't have a way to unlock the drive, then the data on it would effectively be irrecoverably lost.
I would work on why you're getting an "Access Denied" error trying to access the BitLocker Recovery Key area of this person's Microsoft account.
Thank you. I was finally able to talk to Microsoft. They have changed the location of the bitlocker key to the one drive account of the user signed in. Now, this didn't help me because someone else must have logged on to this machine in fixing it and that is how the bitlocker got turned on.
nyc10036
4 Operator
•
5.6K Posts
0
March 18th, 2020 07:00
If it has been worked on by the university, then it their property. They need to fix it. Not you!
.
jphughan
9 Legend
•
14K Posts
0
March 18th, 2020 08:00
@Purell even if you could get to Command Prompt, you won't be able to simply bypass BitLocker. If it were that simple, then people who stole BitLockered laptops could simply bypass encryption that way. If BitLocker is prompting you for a Recovery Key, then you'll need to provide it. Dell for a while now has shipped systems with BitLocker pre-configured in such a way that if you choose to link your Windows logon to your Microsoft account, then your Recovery Key is backed up to your Microsoft account in the cloud and BitLocker is fully enabled. This is true even on Windows 10 Home systems that don't normally allow BitLocker but that do offer a version with a reduced feature set that includes support for encrypting the OS partition (when certain hardware requirements are met) but not other volumes such as external storage.
As for why this suddenly started happening, BitLocker's normal mode is to store the decryption key in the TPM, which automatically provides it during startup after performing a "platform integrity check" to confirm that no hardware or firmware changes have been made that might represent a security threat to the system. If you're seeing a Recovery Key prompt now, it means that either something has changed that has caused the platform integrity check to fail, or else something has happened to the TPM such that it no longer has the key. The former can be caused by updating (or downgrading) your BIOS or changing certain BIOS settings. The latter can be caused in some cases by TPM firmware updates and of course by manually clearing the TPM. If the cause is the former, then in theory whatever change caused the platform integrity check to start failing could be reversed, in which case the TPM would start releasing the key again. If you want the TPM to "trust" the new configuration, then you'd have to enter the Recovery Key once, and after that it would "re-seal" to the new system configuration. If the TPM no longer has the key for some reason, then your only option is to provide the Recovery Key unless maybe the university added an "external key protector" that would allow them to decrypt it as well using a decryption key that they would have stored. But if you don't have a way to unlock the drive, then the data on it would effectively be irrecoverably lost.
I would work on why you're getting an "Access Denied" error trying to access the BitLocker Recovery Key area of this person's Microsoft account.
Purell
1 Rookie
•
2 Posts
0
March 19th, 2020 15:00
Thank you. I was finally able to talk to Microsoft. They have changed the location of the bitlocker key to the one drive account of the user signed in. Now, this didn't help me because someone else must have logged on to this machine in fixing it and that is how the bitlocker got turned on.