This seems to be the most frequent post on the Windows 7 Security forum over on Technet. So I figured it would make a good topic for a blog post. Here’s a few scenarios I have read about, if you have more please comment.
So probably the most common is a user has encrypted their drive with Bitlocker. Not using an MBAM setup but rather the Bitlocker which ships with Windows Vista or Windows 7. They may have stored it on a CD\DVD or USB key and lost it or possibly even mistakenly stored it on the very drive they are now locked out of. So can it be recovered? Yes, here’s how. Firstly did you know you can boot into the machine if you simply reverse whatever action was made to prompt for the recovery in the first place. Below is the list of possible reasons. So if the user made a change to the BIOS you can simply go in and change it back. If the TPM was deactivated, activate it again. If there’s a Windows bootable DVD in the DVD drive, remove it and reboot. You should now be able to get into the machine. If you have successfully got into the machine and still need to make that BIOS change you are advised to browse to Bitlocker options in Control Panel and Suspend Bitlocker first, then when the change has been completed. Resume.
So what if you can log into the machine just fine and it’s not as much of an urgency but you have lost your recovery key and are worried that if your machine requires it you will be locked out? You can get a copy of your recovery key by going to Bitlocker Options within the Control Panel and clicking Manage. Once there you should get a prompt to save as or print the recovery key for your drive.
So what if you have MBAM set up but you can’t find your recovery key within AD? First you should ensure that the machine you are using to view AD is setup correctly to view the Bitlocker recovery key. You first need to ensure you have installed the RSAT tools ( DOWNLOAD ) You then need to ensure you have enabled the feature for this in Program and Features in Windows. You can find this by browsing to appwiz.cpl, and clicking on the Features on the left of the window. Once there expand the views within Remote Server Administration Tools and Ensure you have selected the Bitlocker Recovery Key Viewer. If you already have that installed and still can’t see it in Computer object within AD. Read On.
It’s possible the machine was actually encrypted with the locally installed Bitlocker rather than through MBAM which resulted in the recovery key not being stored in AD. To store it retroactively you can run the following Powershell command on the machine: manage-bde -protectors -adbackup C: -id {recoveryGUID}
If none of this applies to you. You’ve lost your key and cannot get into your machine at all. There’s no easy way to say this. Well, you’re out of luck I’m afraid. As of this post, there’s no way that I know of to get a recovery key to get back in. Your next option would be to do a network boot if you can. If you work in an enterpise which has the ability to deploy an Operating System you can request or re-build your machine by doing a PXE boot and rebuilding with the image on the network. Bitlocker should not stop you from doing this. Your machine will then see the entire drive. You can possibly then use some recovery tools yourself to recover any critical data that may be missing. e.g. GetDataBack.
Update: If you can’t recover your drive, you may want to check out this helpful video that one of the commenter posted:
https://www.youtube.com/watch?v=0npTlOq6q_0
Best of Luck
