Solved

Can a Windows 7 WSUS update cause prompt for bitlocker recovery key

Posted on 2014-12-09
4
1,689 Views
Last Modified: 2016-02-21
Hi Experts,
Requiring your advise, running with Windows 7 x64 Ultimate in our environment, and we encrypting HDD's using bitlocker, recently some desktop machines built using SCCM is prompting for a bitlocker recovery key post installation,
Our build process involves deployment of image using SCCM 2012, post build the HDD encrypts and windows updates get's applied to workstations via WSUS, a claim was made that a recent Microsoft update has caused this behaviour (IE: prompt for bit locker recovery key)
our WSUS is only configured to download critical OS and Office updates, nothing hardware specific,
In your expert opinion, do u think this behaviour could have been triggered by a windows update?
0
Comment
Question by:craigleenz
  • 2
  • 2
4 Comments
 
LVL 53

Expert Comment

by:McKnife
ID: 40488684
Hi.

No, I am sure it won't have been a windows update. Our whole network is bitlocked for more than half a year now and we install updates on all machines as soon as they come out. Never did it happen.

Whenever I have seen that (yes I have, but it was with vista many years ago), it turned out to have been something else, mostly people having played with BIOS settings - the TPM chip does not like that.
0
 

Author Comment

by:craigleenz
ID: 40489314
Thanks,the articles I come across also doesn't seem to indicate it's an windows update, but I guess I'd need to something that definitivevely rules this out as the cause
0
 
LVL 53

Accepted Solution

by:
McKnife earned 500 total points
ID: 40489866
Ok, would it be enough to rule it out theoretically?
Because there's a list that shows what triggers the recovery key prompt.
http://blogs.technet.com/b/askcore/archive/2010/08/04/issues-resulting-in-bitlocker-recovery-mode-and-their-resolution.aspx
Updates are nowhere to be seen...but in the question at the very end. ;-)
More here: http://technet.microsoft.com/en-us/library/hh831507.aspx
"What causes BitLocker to start into recovery mode when attempting to start the operating system drive?"
many hints.

Another hint is this: if you use a tpm, the TPM monitors some things. If one of those is changed, the recovery password is being asked for. Those so-called PCRs are listed here: http://technet.microsoft.com/de-de/library/ee706521(v=ws.10).aspx (search for pcr inside that website).

No, definitely not updates.
0
 

Author Closing Comment

by:craigleenz
ID: 40501437
thanks
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now