Solved

Can a Windows 7 WSUS update cause prompt for bitlocker recovery key

Posted on 2014-12-09
4
1,919 Views
Last Modified: 2016-02-21
Hi Experts,
Requiring your advise, running with Windows 7 x64 Ultimate in our environment, and we encrypting HDD's using bitlocker, recently some desktop machines built using SCCM is prompting for a bitlocker recovery key post installation,
Our build process involves deployment of image using SCCM 2012, post build the HDD encrypts and windows updates get's applied to workstations via WSUS, a claim was made that a recent Microsoft update has caused this behaviour (IE: prompt for bit locker recovery key)
our WSUS is only configured to download critical OS and Office updates, nothing hardware specific,
In your expert opinion, do u think this behaviour could have been triggered by a windows update?
0
Comment
Question by:craigleenz
  • 2
  • 2
4 Comments
 
LVL 54

Expert Comment

by:McKnife
ID: 40488684
Hi.

No, I am sure it won't have been a windows update. Our whole network is bitlocked for more than half a year now and we install updates on all machines as soon as they come out. Never did it happen.

Whenever I have seen that (yes I have, but it was with vista many years ago), it turned out to have been something else, mostly people having played with BIOS settings - the TPM chip does not like that.
0
 

Author Comment

by:craigleenz
ID: 40489314
Thanks,the articles I come across also doesn't seem to indicate it's an windows update, but I guess I'd need to something that definitivevely rules this out as the cause
0
 
LVL 54

Accepted Solution

by:
McKnife earned 500 total points
ID: 40489866
Ok, would it be enough to rule it out theoretically?
Because there's a list that shows what triggers the recovery key prompt.
http://blogs.technet.com/b/askcore/archive/2010/08/04/issues-resulting-in-bitlocker-recovery-mode-and-their-resolution.aspx
Updates are nowhere to be seen...but in the question at the very end. ;-)
More here: http://technet.microsoft.com/en-us/library/hh831507.aspx
"What causes BitLocker to start into recovery mode when attempting to start the operating system drive?"
many hints.

Another hint is this: if you use a tpm, the TPM monitors some things. If one of those is changed, the recovery password is being asked for. Those so-called PCRs are listed here: http://technet.microsoft.com/de-de/library/ee706521(v=ws.10).aspx (search for pcr inside that website).

No, definitely not updates.
0
 

Author Closing Comment

by:craigleenz
ID: 40501437
thanks
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question