[SOLVED] Bitlocker Recovery Key Req'd After Mobo Replacement

[Pork Chop]

Solution: customer was able to retrieve their BitLocker Key via their Microsoft Account


-------------------------
Got a Dell laptop that I changed the mobo on due to having graphic artifacts. Now it wants the BitLocker Recovery Key. Customer was unaware that it was active and has no idea about the key. Put original mobo back in and it still wants the key. What to do?

 

[phaZed]

Unfortunately... unless he or you have the key, it's blow-it-away time.

You can try ands see if it was uploaded to his MS account.

 

[HCHTech]

You've bumped into the precise reason for Bitlocker to exist, albeit you were using a non-nefarious practice to hit that wall.

It has always seemed to me to be a PROBLEM with Bitlocker to NOT ask for a key on every boot, but I guess folks would hate it that way. With the default way that Bitlocker works, the TPM chip is entering your key for you on normal bootup.

You can change how Bitlocker works (there are tutorials out there) so that it does ask on every boot, then use a USB drive to provide the key, but this is probably overkill for the average user. For everyone else, you just have to educate them that the only scenario Bitlocker is protecting against is someone pulling the drive to access the data.

 

[britechguy]

The craze for encrypting anything and everything is something we need to educate against doing.

There is no rational reason for virtually any user (including business users, but I at least get why an "all versus selecting" approach is better there) to encrypt every blessed thing on any device. It's a recipe for heartache and I've seen or heard about exactly this sort of scenario more times than I can count.

Encryption should be exercised with both forethought and the record keeping needed to gain access later. Encrypting a file or folder is one thing, but encrypting drives is just asking for eventual trouble when it's just not needed. Music collections, pictures, most documents, etc., just do not need to be encrypted because they pose no security threat were they to be stolen somehow.

It comes back to, "Tool to task," and not applying tools where there is no reason to do so.

 

[Sky-Knight]

Encrypting everything is fine, it just means you need a good backup solution in place too.

But yeah, disaster recovery is a process, not a product no matter how much the market wants it to be otherwise.

 

[britechguy]

Encrypting everything is fine, it just means you need a good backup solution in place too.

Serious question because I don't know the actual answer: If you backup a "Bitlockered" drive, whether by image or clone, is the result not also "Bitlockered," too?

It would only make sense to me that it would be. And then it's a vicious circle as far as needing to know the key, which is almost invariably the thing that causes the misery.

 

[mikeroq]

Serious question because I don't know the actual answer: If you backup a "Bitlockered" drive, whether by image or clone, is the result not also "Bitlockered," too?

It would only make sense to me that it would be. And then it's a vicious circle as far as needing to know the key, which is almost invariably the thing that causes the misery.

If you backup a Bitlocker drive from Windows (lets assume it's the C drive) and do a file backup the files are not encrypted.
If you sector by sector backup the drive it will be encrypted.

 

[Markverhyden]

Serious question because I don't know the actual answer: If you backup a "Bitlockered" drive, whether by image or clone, is the result not also "Bitlockered," too?

It would only make sense to me that it would be. And then it's a vicious circle as far as needing to know the key, which is almost invariably the thing that causes the misery.

As far as I've seen no backup of an FDE drive is encrypted if it's done from a live file system. All file decryption is done on the fly so, by definition, the file(s) are decrypted when touched by any software. And I'd be leery of doing sector by sector images of FDE's. Sometimes signatures are based on the drive hardware itself. So changing the drive may prevent unlocking it.

 

[Sky-Knight]

Serious question because I don't know the actual answer: If you backup a "Bitlockered" drive, whether by image or clone, is the result not also "Bitlockered," too?

It would only make sense to me that it would be. And then it's a vicious circle as far as needing to know the key, which is almost invariably the thing that causes the misery.

If you attempt to access the data without the decryption key, it's encrypted. But, any backup software operating from Windows has to have the decryption key otherwise Windows itself wouldn't be running.

Which means no, the backup isn't encrypted unless the backup itself is configured to do so.

 

[Pork Chop]

Customer was able to retrieve the BitLocker Key via their Microsoft Account

 

[Markverhyden]

Customer was able to retrieve the BitLocker Key via their Microsoft Account

That used up their good luck for a month. No point in buying any lottery tickets until Feb.