IT tutorials

Windows 7 : BitLocker (part 3) - How to Manage BitLocker Keys on a Local Computer, How to Recover Data Protected by BitLocker

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
1/4/2014 8:40:48 PM

4. How to Manage BitLocker Keys on a Local Computer

To manage keys on the local computer, follow these steps:

  1. Open Control Panel and click the System And Security link. Under BitLocker Drive Encryption, click the Manage BitLocker link.

  2. In the BitLocker Drive Encryption window, click Manage BitLocker.

Using this tool, you can perform the following actions (which vary depending on the authentication type chosen):

  • Save Or Print Recovery Key Again Provides the following options:

    • Save The Recovery Key To A USB Flash Drive

    • Save The Recovery Key To A File

    • Print The Recovery Key

  • Duplicate The Startup Key When you use a USB startup key for authentication, this allows you to create a second USB startup key with an identical key.

  • Reset The PIN When you use a PIN for authentication, this allows you to change the PIN.

To manage BitLocker from an elevated command prompt or from a remote computer, use the Manage-bde tool, which replaces the Manage-bde.wsf script in Windows Vista. For example, to view the current BitLocker configuration, run manage-bde –status. The following example demonstrates the configuration of a computer with one decrypted data drive and one encrypted system drive:

manage-bde -status
BitLocker Drive Encryption: Configuration Tool version 6.1.7600
Copyright (C) Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume E: [Flash]
[Data Volume]
Size: 0.12 GB
BitLocker Version: None
Conversion Status: Fully Decrypted
Percentage Encrypted: 0%
Encryption Method: None
Protection Status: Protection Off
Lock Status: Unlocked
Identification Field: None
Automatic Unlock: Disabled
Key Protectors: None Found
Volume C: []
[OS Volume]
Size: 126.90 GB
BitLocker Version: Windows 7
Conversion Status: Fully Encrypted
Percentage Encrypted: 100%
Encryption Method: AES 128 with Diffuser
Protection Status: Protection On
Lock Status: Unlocked
Identification Field: None
Key Protectors:
External Key
Numerical Password

For detailed information about how to use Manage-bde, run manage-bde -? at a command prompt.

5. How to Recover Data Protected by BitLocker

When you use BitLocker to protect the system partition, the partition will be locked if the encryption key is not available, causing BitLocker to enter recovery mode. Likely causes of the encryption key not being available include:

  • One of the boot files is modified.

  • BIOS is modified and the TPM disabled.

  • The TPM is cleared.

  • An attempt is made to boot without the TPM, PIN, or USB key being available.

  • The BitLocker-encrypted disk is moved to a new computer.

After the drive is locked, you can boot only to recovery mode, as shown in Figure 3. On most keyboards, you can use the standard number keys from 0–9. However, on some non-English keyboards, you need to use the function keys by pressing F1 for the digit 1, F2 for the digit 2, and so on, with F10 being the digit 0.

Gaining access to a BitLocker-encrypted drive by typing a 48-character recovery password

Figure 3. Gaining access to a BitLocker-encrypted drive by typing a 48-character recovery password

If you have the recovery key on a USB flash drive, you can insert the recovery key and press the Esc key to restart the computer. BitLocker reads the recovery key automatically during startup.

If you cancel out of recovery, the Windows Boot Manager might provide instructions for using Startup Repair to fix a startup problem automatically. Do not follow these instructions; Startup Repair cannot access the encrypted volume. Instead, restart the computer and enter the recovery key.

As a last resort, you can use the BitLocker Repair Tool (Repair-bde) to help recover data from an encrypted volume. The BitLocker Repair Tool was a separate download for earlier versions of Windows, but it is included in Windows 7 and Windows Server 2008 R2.

You can use the BitLocker Repair Tool to copy the decrypted contents of an encrypted volume to a different volume. For example, if you have used BitLocker to protect the D:\ data volume and the volume has become corrupted, you might be able to use the BitLocker Repair Tool to decrypt the contents and copy them to the E:\ volume, if you can provide a recovery key or password. The following command would attempt this:

repair-bde D: E: -RecoveryPassword 111111-222222-333333-444444-5555555-6666666-7777777-

You can also attempt to repair a volume without copying the data by using the –NoOutputVolume parameter, as the following command demonstrates:

repair-bde C: -NoOutputVolume -RecoveryKey D:\RecoveryKey.bek

If the system volume becomes corrupted, you can start Windows 7 Setup from the Windows 7 DVD, start the repair tools, and open a command prompt to run the BitLocker Repair Tool. Alternatively, you could attempt to mount the volume to a different computer and run the BitLocker Repair Tool.



Because it can be difficult or impossible to recover a corrupted BitLocker-protected drive, it's especially important to back up BitLocker-protected drives regularly. Note, however, that your backups might not be encrypted by default. This applies to system image backups, as well. Although system image backups make a copy of your entire disk, BitLocker functions at a lower level than system image backups. Therefore, when system image backup reads the disk, it reads the BitLocker-decrypted version of the disk.

- Windows 7 : BitLocker (part 2) - How to Enable BitLocker Encryption
- Windows 7 : BitLocker (part 1) - How to Use BitLocker with TPM Hardware
- Windows 7 : Encrypting File System (part 3) - How to Recover to an EFS-encrypted File Using a Data Recovery Agent
- Windows 7 : Encrypting File System (part 2) - How to Grant an Additional User Access to an EFS-encrypted File , How to Import Personal Certificates
- Windows 7 : Encrypting File System (part 1) - How to Encrypt a Folder with EFS, How to Create and Back Up EFS Certificates
- Windows 7 : How to Troubleshoot Authentication Issues (part 3) - How to Troubleshoot an Untrusted Certification Authority
- Windows 7 : How to Troubleshoot Authentication Issues (part 2) - How to Use Auditing to Troubleshoot Authentication Problems
- Windows 7 : How to Troubleshoot Authentication Issues (part 1) - Identifying Logon Restrictions
- Windows 7 : Authenticating Users - How to Use Credential Manager
- Windows 7 : Changing the Default Connection, Managing Multiple Internet Connections
Top 10
Technology FAQ
- Microsoft ebs security server configuration
- IIs7 on Windows server 2003
- How to Configure Failover Clusters With Win 2008 Server R2?
- Windows 2008 Network Load Balancing
- Windows Server 2008 - Group Policy Management - Remove Computer Management
- Remove shortcuts possibility in a web page or to put in favorite
- HTA Dynamic Drop Down List
- IIS host header and DNS
- VMware or MS Virtual Server?
- Adobe Acrobat 9 inserting tab pages
programming4us programming4us