DELL asking for bitlocker key after update

Velvis

Velvis

Well-Known Member
Reaction score
44
Location
Medfield, MA
Dell laptop is asking for a bitlocker key that the owner said they no nothing about after doing updates.
After some googling it seems like its a common issue. I have tried a bunch of the solutions people said have been successful but none of them solved this particular laptop.

Anyone here run into this before?
 
Porthos said:
So you are going to make us guess what you have already tried?
Click to expand...
I've tried a bunch of things with the BIOS settings listed on Dell's website resetting the BIOS, shutting off secure boot, some command line stuff. I was hoping someone here might have a better knowledge of the issue.
 
Velvis said:
I've tried a bunch of things with the BIOS settings listed on Dell's website resetting the BIOS, shutting off secure boot, some command line stuff. I was hoping someone here might have a better knowledge of the issue.
Click to expand...
There is nothing...

Let me repeat this... There is NOTHING you can do on the machine itself once it loses the bitlocker key.

You have two paths forward, nuke the unit and set it up from scratch, ore use the recovery key buried in the user's Microsoft account.

If there was something you could do to "fix" this via some sort of security bypass, the encryption would be worthless.

And yes, Windows updates can trigger this... heck having a USB storage device attached during a reboot can trigger this. Users must have access to, and maintain their bitlocker keys. Their only other choice is to not use Windows.
 
Sky-Knight said:
There is nothing...

Let me repeat this... There is NOTHING you can do on the machine itself once it loses the bitlocker key.

You have two paths forward, nuke the unit and set it up from scratch, ore use the recovery key buried in the user's Microsoft account.

If there was something you could do to "fix" this via some sort of security bypass, the encryption would be worthless.

And yes, Windows updates can trigger this... heck having a USB storage device attached during a reboot can trigger this. Users must have access to, and maintain their bitlocker keys. Their only other choice is to not use Windows.
Click to expand...
+1
 
Bitlocker is (has been for years) enabled by default, if you sign into a computer with a Microsoft account...instead of a local user account. (Or joins Azure AD...in which case, pretty much same thing). It's part of the Out of Box setup.

Paragraph 3..."BitLocker automatic device encryption"
docs.microsoft.com

BitLocker drive encryption in Windows 10 for OEMs

OEMs can configure hardware to support Windows 10 automatic device encryption.
docs.microsoft.com

What causes some issues with residential end users, who were never aware it happened, is that for certain updates to the system, BitLocker needs to be "suspended"...for certain updates to happen. (such as TPM firmware, UEFI drivers, etc) Upon reinitialization, it can ask for it.
docs.microsoft.com

BitLocker FAQ - Windows Security

Learn more about BitLocker by reviewing the frequently asked questions.
docs.microsoft.com

When BitLocker gets initially turned on during the OOBE...it FORCED you to save the keys somewhere. To a removable disk for example, or...to your Microsoft account. It will not proceed until one of those is satisfied. So..the end users do have the key somewhere. They just forgot what they did.

Likely will find it at account.microsoft.com logging in via browser,

Finding your BitLocker recovery key in Windows - Microsoft Support

Learn different ways to locate your BitLocker recovery key in Windows, and learn about how BitLocker might have been activated on your system.
support.microsoft.com support.microsoft.com
 
I had a Dell laptop do the same. No Microsoft account.
Did a nuke and pave.
A few weeks later customer call and let me know that they just got around to check the laptop out and it said Recycle Bin in corrupt.
Waiting for them to drop off. I think I have the solution to fix the Recycle Bin.
They are using One Drive for their data.
 
netgeek said:
I had a Dell laptop do the same. No Microsoft account.
Click to expand...

This bit is simply wrong... Windows only encrypts under very specific circumstances. And while yes you can enable bitlocker without a Microsoft account, you have to manually do so, and utterly ignore its suggestion to record the recovery key, put it on a USB drive, and keep it in a safe place to find yourself there.

I don't care what your memory says... it's wrong! And I don't say this in a hostile manner... I say this as a human being that's clicked on the stupid too. We all get tired... we all tinker... we always forget. But that's why we OneDrive all the things!
 
Porthos said:
Which is connected to a MS account.
Click to expand...

Not if it's M365 though... The M365 Business Basic and Standard do not support he use of Windows Hello for Business which does all this fun stuff. You can't login to the OS with that account. So if Windows Hello is disabled, AND you're getting OneDrive via entry level M365 subs you won't encrypt.

But it will still bug you for a PERSONAL Microsoft account. Which is a huge issue for businesses, because that machine can be encrypted by a user that's long gone...
 
So further investigation:

1) The computer is listed on her Microsoft Account but it says no keys have been saved to the account.
2) It's Windows home edition, does home even have bitlocker support?
 
Velvis said:
So further investigation:

1) The computer is listed on her Microsoft Account but it says no keys have been saved to the account.
2) It's Windows home edition, does home even have bitlocker support?
Click to expand...
Yes, and thanks to 1 that means it was linked to another account first.
 
It would not be bitlocked if it wasn't supported. Home supports a limited version of BitLocker called device encryption. It doesn't have all the management features of Bitlocker in Win 10 pro but the technology is the same. As @Sky-Knight said you have the wrong Microsoft Account. Is there more than one user? Does the owner have more than one email address? Any email can be a Microsoft Account.
 
I would think this should be a service that we should all offer, to backup encryption keys to USB for client.

Let's face it, most clients don't know about the tech details and are often unmotivated unless something bad happens which at that point they refuse to pay. Better to get them to buy insurance now than nothing.
 
You must log in or register to reply here.

Similar threads

Velvis
Dell Replaced Battery Laptop needs bitlocker key now
Replies
13
Views
973
johnrobert
johnrobert
thecomputerguy
What is the correct process to transplant an encrypted drive to an identical system?
Replies
17
Views
790
Sky-Knight
Sky-Knight
Larry Sabo
PIN (apparently) not input, but it is!
Replies
11
Views
710
Markverhyden
Markverhyden
K
Data Recover from built in NVME on Dell XPS
Replies
10
Views
992
nlinecomputers
nlinecomputers
HCHTech
Windows 11 - Outlook display issue after latest office update?
2
Replies
22
Views
1K
NETWizz
NETWizz
Back
Top