Solved

Bitlocker no recovery password but I have the PIN

Posted on 2016-08-30
2
104 Views
Last Modified: 2016-08-31
I have been asked to look at a laptop that uses Bit locker TPM encryption it has orange lines down the screen on boot, now I have worked out this is due to a windows update and the user can get to Windows by typing in their PIN and pressing enter. Unfortunately though the user has pressed to many incorrect keys and I am certain that it needs the recovery password which has been misplaced and isn't in AD :(

I can go to advanced options and access command prompt etc and thought I could use manage-bde -unlock as I still know the PIN but alas it doesn't work I assume to it being a PIN not a password?

Does anyone know of a way to stop the laptop asking for the recovery key and let me put in the PIN back in instead. I thought of maybe removing the CMOS or a command I can use to bypass having to enter the recovery key by using the PIN?

Thanks and the laptop is running Windows 10 x64, only one partition/drive
0
Comment
Question by:ICTIC
2 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 41777895
If the TPM is currently locked out when using BitLocker, there will be an opportunity during the boot process to either open the BitLocker recovery console or wait to reenter the PIN. Otherwise, to rest the lockout count will require the TPM owner password. See
When should I reset the TPM lockout?

The most likely scenario is that during the boot process users will notice slow response times when using a key protector—which consists of the TPM and a PIN—and entering the incorrect PIN. The system may appear to freeze for a period of time before informing the user that the incorrect PIN was entered and that the TPM is locked out. When the TPM is locked out, it is also possible that the user will enter the correct PIN, but the TPM will respond as if the incorrect PIN was entered for a period of time....Because a TPM may indefinitely store all incorrect authorization attempts sent to it, users may want to proactively reset the TPM lockout if they often mistype authorization values such as the BitLocker PIN.
https://technet.microsoft.com/en-us/library/dd851452(v=ws.11).aspx
0
 

Author Closing Comment

by:ICTIC
ID: 41778761
Found the recovery key in the end but thanks for your help
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question