Solved

BitLocker Recovery Key File

Posted on 2014-03-04
9
6,106 Views
Last Modified: 2016-09-29
Hi,

 I enabled BitLocker on some computers with Windows Ultimate 7.
 These computers don't have TPM, so I had to make changes to GPEDIT to make it work with USB flash drive. Each time I encrypted the hard drive, it created "BitLocker Recovery Key file" in TXT.
  I like to understand when/how these keys are used.
  So far what understand is this. I intentionally took the USB flash drive out of the computer and restarted it. Then the computer prompted for 48 digit key - BitLocker Recovery Key, I entered: 712921-100232-438999-066539-157036-381612-571373-133782 and it continued to load OS.

But when do I use and what is the purpose of:

Recovery key identification: E8AACEDF-41E8-49
Full recovery key identification: E8AACEDF-41E8-49BD-9188-00E58F51EFA9


BitLocker Recovery Key E8AACEDF-41E8-49BD-9188-00E58F51EFA9.txt
-------------- Contents --------------------------
BitLocker Drive Encryption Recovery Key

The recovery key is used to recover the data on a BitLocker protected drive.

To verify that this is the correct recovery key compare the identification with what is presented on the recovery screen.

Recovery key identification: E8AACEDF-41E8-49
Full recovery key identification: E8AACEDF-41E8-49BD-9188-00E58F51EFA9

BitLocker Recovery Key:
712921-100232-438999-066539-157036-381612-571373-133782
-------------- Contents --------------------------
0
Comment
Question by:sglee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 88

Accepted Solution

by:
rindi earned 153 total points
ID: 39903666
If the OS crashes or you re-install it, you would need the USB stick in order to be able to access the encrypted files again.

You would also need it if the user account is deleted and doesn't exist anymore. A new user account gets a unique ID which is different from the original one, even if the name and password are the same. Encryption is tied to the original unique user account.
0
 

Author Comment

by:sglee
ID: 39903921
What is the purpose of :
Recovery key identification: E8AACEDF-41E8-49
Full recovery key identification: E8AACEDF-41E8-49BD-9188-00E58F51EFA9
0
 
LVL 88

Expert Comment

by:rindi
ID: 39904080
That is to identify which key is needed. You can have several keys on such a USB stick. Check part 6 onward in the Link below:

http://www.eightforums.com/tutorials/21433-bitlocker-recovery-unlock-drive-windows-8-a.html?filter[1]=Security%20System%20Tools
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 55

Assisted Solution

by:McKnife
McKnife earned 152 total points
ID: 39904207
Bitlocker uses so-called "protectors". Those can be the TPM, the TPM and the PIN together, or a password, or the startup key on USB or diskette. You can have multiple protectors. To identify, what drive is being talked about and what protector, this ID is used. It's unique.
0
 

Author Comment

by:sglee
ID: 39905292
Say I have a PC with a 2nd internal HD and a couple of external USB hard drives. I like to encrypt two internal hard drives and two external USB hard drives.  With that:
(1) Can I store "Startup Key" for each hard drive during the encryption process in one USB flash drive?
0
 
LVL 55

Expert Comment

by:McKnife
ID: 39906065
Yes, you can.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 39920829
By the way, the selected answer is incorrect. The usb drive is a startup key, that's not the recovery key, don't confuse it. Also wrong: bitlocker encryption is never tied to any  user account, this is not EFS.
0
 

Expert Comment

by:Sidharth Abi
ID: 41822578
My Bitlocker recovery key Id start in 7E4FC9E5 please could u say full recovery key
0
 
LVL 55

Expert Comment

by:McKnife
ID: 41822634
Sidhart, ask your own question and describe your situation.
No one here or at Microsoft has your key, sorry. It might have been saved online, or to a file or printed, that's all. Online (just in case it was saved online): https://onedrive.live.com/recoverykey
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question