Solved

Bitlocker no recovery password but I have the PIN

Posted on 2016-08-30
2
80 Views
Last Modified: 2016-08-31
I have been asked to look at a laptop that uses Bit locker TPM encryption it has orange lines down the screen on boot, now I have worked out this is due to a windows update and the user can get to Windows by typing in their PIN and pressing enter. Unfortunately though the user has pressed to many incorrect keys and I am certain that it needs the recovery password which has been misplaced and isn't in AD :(

I can go to advanced options and access command prompt etc and thought I could use manage-bde -unlock as I still know the PIN but alas it doesn't work I assume to it being a PIN not a password?

Does anyone know of a way to stop the laptop asking for the recovery key and let me put in the PIN back in instead. I thought of maybe removing the CMOS or a command I can use to bypass having to enter the recovery key by using the PIN?

Thanks and the laptop is running Windows 10 x64, only one partition/drive
0
Comment
Question by:ICTIC
2 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 41777895
If the TPM is currently locked out when using BitLocker, there will be an opportunity during the boot process to either open the BitLocker recovery console or wait to reenter the PIN. Otherwise, to rest the lockout count will require the TPM owner password. See
When should I reset the TPM lockout?

The most likely scenario is that during the boot process users will notice slow response times when using a key protector—which consists of the TPM and a PIN—and entering the incorrect PIN. The system may appear to freeze for a period of time before informing the user that the incorrect PIN was entered and that the TPM is locked out. When the TPM is locked out, it is also possible that the user will enter the correct PIN, but the TPM will respond as if the incorrect PIN was entered for a period of time....Because a TPM may indefinitely store all incorrect authorization attempts sent to it, users may want to proactively reset the TPM lockout if they often mistype authorization values such as the BitLocker PIN.
https://technet.microsoft.com/en-us/library/dd851452(v=ws.11).aspx
0
 

Author Closing Comment

by:ICTIC
ID: 41778761
Found the recovery key in the end but thanks for your help
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question