Thursday, July 28, 2016

How to Recover Your Files From a BitLocker-Encrypted Drive

When you are hit by need to recover a drive from a BitLocker encryption, you need a key. Time to use Microsoft:

Microsoft’s BitLocker encryption always forces you to create a recovery key when you set it up. You may have printed that recovery key, written it down, saved it to a file, or stored it online with a Microsoft account. If your BitLocker drive isn’t unlocking normally, the recovery key is your only option.

There are many reasons you may get locked out of your hard drive–maybe your computer’s TPM is no longer unlocking your drive automatically, or you forget a password or PIN. This will also be necessary if you want to remove a BitLocker-encrypted drive from a computer and unlock it on another computer. If the first computer’s TPM isn’t present, you’ll need the recovery key.

First, Find Your Recovery Key

If you can’t find your recovery key, try to think back to when you set up BitLocker. You were asked to either write the key down, print it out to a piece of paper, or save it to a file on an external drive, such as a USB drive. You were also given the option to upload the BitLocker recovery key to your Microsoft account online.

That key should hopefully be stored somewhere safe if you printed it to a piece of paper or saved it to an external drive.

To retrieve a recovery key you uploaded to Microsoft’s servers, visit the OneDrive Recovery Key page and sign in with the same Microsoft account you uploaded the recovery key with. You’ll see the key here if you uploaded it. If you don’t see the key, try signing in with another Microsoft account you might have used.

If there are multiple accounts, you can use the “Key ID” displayed on the BitLocker screen on the computer and match it to the Key ID that appears on the web page. That will help you find the correct key.

If your computer is connected to a domain–often the case on computers owned by an organization and provided to employees or students–there’s a good chance the network administrator has the recovery key. Contact the domain administrator to get the recovery key.

If you don’t have your recovery key, you may be out of luck–hopefully you have a backup of all your data! And next time, be sure to write down that recovery key and keep it in a safe place (or save it with your Microsoft Account).

Situation One: If Your Computer Isn’t Unlocking the Drive at Boot

Drives encrypted with BitLocker normally unlocked automatically with your computer’s built-in TPM every time you boot it. If the TPM unlock method fails, you’ll see a “BitLocker Recovery” error screen that asks you to “Enter the recovery key for this drive”. (If If you’ve set up your computer to require a password, PIN, USB drive, or smart card each time it boots, you’ll see the same unlock screen you normally use before getting the BitLocker Recovery screen–if you don’t know that password, press Esc to enter BitLocker Recovery.)

Type your recovery key to continue. This will unlock the drive and your computer will boot normally.

The ID displayed here will help you identify the correct recovery key if you have multiple recovery keys printed, saved, or uploaded online.

Situation Two: If You Need to Unlock the Drive From Within Windows

The above method will help you unlock your system drive and any other drives that are normally unlocked during the boot-up process.

However, you may need to unlock a BitLocker-encrypted drive from within Windows. Perhaps you have an external drive or USB stick with BitLocker encryption and it’s not unlocking normally, or perhaps you’ve taken a BitLocker-encrypted drive from another computer and connected it to your current computer.

To do this, first connect the drive to your computer. Open the Control Panel and head to System and Security > BitLocker Drive Encryption. You can only do this on Professional editions of Windows, as only they provide access to the BitLocker software.

Locate the drive in the BitLocker window and click the “Unlock Drive” option next to it.

You’ll be asked to enter the password, PIN, or whatever other details you need to provide to unlock the drive. If you don’t have the information, select More Options > Enter Recovery Key.

Enter the recovery key to unlock the drive. Once you enter the recovery key, the drive will unlock and you can access the files on it. The ID displayed here will help you find the correct recovery key if you have multiple saved keys to choose from.

If your computer is displaying a BitLocker error screen each time it boots and you don’t have any way of getting the recovery key, you can always use the “reset this PC” troubleshooting option to fully wipe your computer. You’ll be able to use the computer again, but you’ll lose all the files stored on it.

If you have an external drive that’s encrypted with BitLocker and you don’t have the recovery key or any other way to unlock it, you may have to do the same thing. Format the drive and you’ll erase its contents, but at least you’ll be able to use the drive again.

No comments:

Post a Comment