Solved

Can a Windows 7 WSUS update cause prompt for bitlocker recovery key

Posted on 2014-12-09
4
2,007 Views
Last Modified: 2016-02-21
Hi Experts,
Requiring your advise, running with Windows 7 x64 Ultimate in our environment, and we encrypting HDD's using bitlocker, recently some desktop machines built using SCCM is prompting for a bitlocker recovery key post installation,
Our build process involves deployment of image using SCCM 2012, post build the HDD encrypts and windows updates get's applied to workstations via WSUS, a claim was made that a recent Microsoft update has caused this behaviour (IE: prompt for bit locker recovery key)
our WSUS is only configured to download critical OS and Office updates, nothing hardware specific,
In your expert opinion, do u think this behaviour could have been triggered by a windows update?
0
Comment
Question by:craigleenz
  • 2
  • 2
4 Comments
 
LVL 54

Expert Comment

by:McKnife
ID: 40488684
Hi.

No, I am sure it won't have been a windows update. Our whole network is bitlocked for more than half a year now and we install updates on all machines as soon as they come out. Never did it happen.

Whenever I have seen that (yes I have, but it was with vista many years ago), it turned out to have been something else, mostly people having played with BIOS settings - the TPM chip does not like that.
0
 

Author Comment

by:craigleenz
ID: 40489314
Thanks,the articles I come across also doesn't seem to indicate it's an windows update, but I guess I'd need to something that definitivevely rules this out as the cause
0
 
LVL 54

Accepted Solution

by:
McKnife earned 500 total points
ID: 40489866
Ok, would it be enough to rule it out theoretically?
Because there's a list that shows what triggers the recovery key prompt.
http://blogs.technet.com/b/askcore/archive/2010/08/04/issues-resulting-in-bitlocker-recovery-mode-and-their-resolution.aspx
Updates are nowhere to be seen...but in the question at the very end. ;-)
More here: http://technet.microsoft.com/en-us/library/hh831507.aspx
"What causes BitLocker to start into recovery mode when attempting to start the operating system drive?"
many hints.

Another hint is this: if you use a tpm, the TPM monitors some things. If one of those is changed, the recovery password is being asked for. Those so-called PCRs are listed here: http://technet.microsoft.com/de-de/library/ee706521(v=ws.10).aspx (search for pcr inside that website).

No, definitely not updates.
0
 

Author Closing Comment

by:craigleenz
ID: 40501437
thanks
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question