BitLocker Frequently Asked Questions. | Arts & Sciences Computing (2024)

Reimaging a Bitlockered computer.

The TPM (security chip) needs to be cleared before re-imaging a previously imaged laptop (i.e. a laptop that was previously encrypted).

Also clear the TPM if you have manually decrypted a laptop (via Control Panel > BitLocker or via cmd line "manage-bde") and plan to re-encrypt it.

If your BIOS (UEFI) looks different, take a picture and post in #temp-encryption.

  • For Dells - BIOS menu may be a bit different on different model laptops:
    • Start/Restart the computer, and press F2 to enter the bios setup.
    • Click unlock and give the standard BIOS password.
    • Navigate to Settings > Security > TPM Security.
    • Note if it says "TPM" or "TPM 2"
    • Click the "Clear" radio button or checkbox.
    • If prompted about clearing the TPM chip, click yes/ok.
    • Save your changes, reboot.
    • If your BIOS has TPM 2, go back into the BIOS, click unlock, give the bios password.
    • Uncheck the box next to - TPM On
    • Save your changes, reboot.
    • Reboot to the MDT stick and re-image/provision.
  • For Lenovos
    • Start/Restart the computer, and press F1 to entire the Bios setup.
    • Navigate to the TPM menu, and select clear (needs confirmation).
    • Reboot to the MDT stick and re-image/provision.
  • For Surfaces (below worked on a Surface 4 Pro. It is also possible that some Surfaces don't need the TPM manually cleared. YMMV)
    • In Windows:
    • Go to Start > Settings > Update & Security > Windows Security > Device security. This will launch the Windows Defender Security Center.
    • Select Device Security again, and then under Security processor, select Security processor details.
    • On the next screen, select Security processor troubleshooting, and then under Clear TPM click on the Clear TPM button.
    • (if there are no TPM options in settings, that means that your TPM may be off.)
    • Reboot to the MDT stick and re-image/provision.

Mounting a BitLockered drive in WinPE (MDT Boot Environment)

  • Boot up the PC using the newest release of ourMDT USB boot image.
  • Wait for the MDT control console to launch, and press F8 and you should see a CMD prompt launch.
  • Type of the following command:
    • manage-bde -unlockc:-recoverypassword <recovery key>
    • "C:" is the volume letter you're trying to unlock/mount.

Recovering data from a BitLockered drive in PE.

**Below assumes you already have booted into the SASC MDT USB imaging environment and already followed the above instructions to unlock the BitLockered volume.

Method one (via the SASCbackup tool)

  • Insert a USB storage device large enough to hold the volume you're backing up and/or the user directory.
    • If the drive does not show up, reboot with the USB drive inserted and it will.
  • Press F8 to load the command shell (CMD), enter "menu" at the prompt, and select option 1. Follow the linked instructions above to start a backup.

Method two (Copy data to a file share or to a local USB drive)

  • Mount file share by doing one of the following.
    • Press F8 and use the following command.
      • net use * \\sharename /user:useraccountname
    • Launch explorer from the DART tools and do the following.
      • Click Tools > Map Network Drive
      • Enter required server/account information and press OK
  • From Explorer in the DART tools copy data from local machine to network share.
  • Explorer can also be used to copy data directly to an external USB drive.

How to totally Decrypt a BitLockered drive.

Method One (from an SASC MDT stick)

  • Boot up the PC usuing the newest release of ourMDT USB boot image.
  • Wait for the MDT control console to launch, and press F8 and you should see a CMD prompt launch.
  • Type the following commands ("C:" is the volume letter you're trying to unlock/mount):
    • manage-bde -unlock C: -recoverypassword <recovery key>
    • manage-bde -off C:
  • You’ll be able to see the percentage of decryption from the command line:
    • manage-bde -status

Method Two (from installed operating system)

  • In the installed operating system, open a new Explorer window.
  • Select "This PC" if its not already selected from the left hand panel.
  • Right click on the system drive (usually C) and click "Manage BitLocker." Enter your admin credentials when prompted.
  • In the subsequent window entitled "BitLocker Drive Encryption" click "Turn off BitLocker"
  • Click "Turn off BitLocker" in the notification box.

How and When to suspend BitLocker on a local volume.

When you should suspend BitLocker.

  • When updating system firmware (bios)
  • Upgrading or replacing system hardware.
  • Upgrading operating system.

** Bitlocker automatically returns to the locked state after the next reboot after being suspended.

How to suspend BitLocker.

  • In the installed operating system, in this case Windows10 open a new Explorer window.
  • Select "This PC" if its not already selected from the left hand pannel.
  • Right click on the system drive (usually C) and click "Manage BitLocker." Enter your admin credentials when prompted
  • In the subsequent window entitled "BitLocker Drive Encryption" click "Suspend Protection"
  • Click "Yes" in notification box.
BitLocker Frequently Asked Questions. | Arts & Sciences Computing (2024)
Top Articles
What Are Unstoppable Domains And Should You Use Them?
Everything You Need to Know About Bonds
$4,500,000 - 645 Matanzas CT, Fort Myers Beach, FL, 33931, William Raveis Real Estate, Mortgage, and Insurance
Sdn Md 2023-2024
Overton Funeral Home Waterloo Iowa
Sound Of Freedom Showtimes Near Governor's Crossing Stadium 14
Part time Jobs in El Paso; Texas that pay $15, $25, $30, $40, $50, $60 an hour online
Kaydengodly
Davante Adams Wikipedia
Edible Arrangements Keller
ATV Blue Book - Values & Used Prices
Assets | HIVO Support
Mzinchaleft
Craighead County Sheriff's Department
Huntersville Town Billboards
Eine Band wie ein Baum
Menards Eau Claire Weekly Ad
Doublelist Paducah Ky
Www.dunkinbaskinrunsonyou.con
About My Father Showtimes Near Copper Creek 9
Il Speedtest Rcn Net
Restaurants In Shelby Montana
Wonder Film Wiki
Effingham Daily News Police Report
Delete Verizon Cloud
John Deere 44 Snowblower Parts Manual
Paradise Point Animal Hospital With Veterinarians On-The-Go
Uno Fall 2023 Calendar
Barbie Showtimes Near Lucas Cinemas Albertville
Parent Management Training (PMT) Worksheet | HappierTHERAPY
Khatrimmaza
Luciipurrrr_
Robot or human?
Exploring The Whimsical World Of JellybeansBrains Only
Oreillys Federal And Evans
PA lawmakers push to restore Medicaid dental benefits for adults
Final Exam Schedule Liberty University
KITCHENAID Tilt-Head Stand Mixer Set 4.8L (Blue) + Balmuda The Pot (White) 5KSM175PSEIC | 31.33% Off | Central Online
Stafford Rotoworld
Kelley Blue Book Recalls
Columbia Ms Buy Sell Trade
Aurora Il Back Pages
Emily Tosta Butt
Executive Lounge - Alle Informationen zu der Lounge | reisetopia Basics
Menu Forest Lake – The Grillium Restaurant
Ups Customer Center Locations
25 Hotels TRULY CLOSEST to Woollett Aquatics Center, Irvine, CA
Secrets Exposed: How to Test for Mold Exposure in Your Blood!
The top 10 takeaways from the Harris-Trump presidential debate
Makes A Successful Catch Maybe Crossword Clue
Mkvcinemas Movies Free Download
Latest Posts
Article information

Author: Catherine Tremblay

Last Updated:

Views: 6114

Rating: 4.7 / 5 (47 voted)

Reviews: 86% of readers found this page helpful

Author information

Name: Catherine Tremblay

Birthday: 1999-09-23

Address: Suite 461 73643 Sherril Loaf, Dickinsonland, AZ 47941-2379

Phone: +2678139151039

Job: International Administration Supervisor

Hobby: Dowsing, Snowboarding, Rowing, Beekeeping, Calligraphy, Shooting, Air sports

Introduction: My name is Catherine Tremblay, I am a precious, perfect, tasty, enthusiastic, inexpensive, vast, kind person who loves writing and wants to share my knowledge and understanding with you.