Recovery keys are used to recover your endpoint data in case of hardware malfunction and also as an alternate means of login when the traditional authorization fails. Apart from being a workaround, BitLocker recovery key could be perceived as a gateway to access the drives, when the said drive become inaccessible.
What are the ways to retrieve recovery keys?
There are two ways the recovery key can be found:
- Endpoint Central
- Active Directory Users And Computers
Steps to retrieve BitLocker recovery keys using Endpoint Central
To find recovery key using this method, the recovery key identifier of the specific machine has to be obtained first.
The following steps guide you in finding the recovery key identifier:
Step 1: Under BitLocker Management in the Endpoint Central console, navigate to Managed Computers from the Insights tab.
Step 2: Select the pertinent Computer Name, where the Recovery Key ID is displayed.
Step 3: Once found, either select or copy the recovery key ID and navigate to the Retrieve Recovery Key under Recovery Key tab.
Step 4: Enter and select the relevant recovery key ID from the drop-down. Note: Selecting the recovery key identifier as shown in the STEP 3 would lead to the same page.
Step 5: Select on Show key to display the recovery key.
You have successfully obtained the recovery key using the Endpoint Central console.
Steps to retrieve BitLocker recovery keys using the Active Directory Users and Computers (ADUC)
Active Directory Users And Computers console enables admins to manage their active directory objects. It can be used as a Remote Server Administration tool (RSAT) to find the recovery key directly from a Windows machine.
The following steps guide you in finding the recovery key and password ID of a specific managed computer:
Step 1: Open the Active Directory Users And Computers console.
Step 2: Open the Properties tab of the managed computer.
Step 3: Click on BitLocker Recovery. The BitLocker recovery key and Password ID of the computer will be displayed.
You have successfully found the Recovery key of a Windows machine using ADUC.
Download a 30-day free trial and try it out for yourself!
List of ManageEngine BitLocker Management documentation
- BitLocker Management
- BitLocker overview
- BitLocker Encryption Pre-requisites
- Complete feature list
- How to create a BitLocker management policy
- How to automate BitLocker deployment for encryption
- Frequently asked questions
For more information on the new Endpoint Security suite products including BitLocker Management, refer here.
FAQs
To unlock a BitLocker-encrypted drive:
- Open File Explorer.
- Right-click the BitLocker-encrypted drive and select Unlock Drive.
- Enter your BitLocker password ***** recovery key.
- Click Unlock.
How to unsuspend BitLocker? ›
From the Control Panel menu, click on “System and Security”. From the System and Security menu, click on “BitLocker Drive Encryption”. Under “Operating system drive”, select “Resume protection”.
Why am I being asked for my BitLocker key? ›
Windows will require a BitLocker recovery key when it detects a possible unauthorized attempt to access the data. This extra step is a security precaution intended to keep your data safe and secure.
How do I remove BitLocker encryption from a drive? ›
- Type and search [Manage BitLocker] in the Windows search bar①, then click [Open]②.
- Click [Turn off BitLocker]③ on the drive that you want to decrypt. ...
- Confirm whether you want to decrypt your drive, then select [Turn off BitLocker]④ to start turning off BitLocker, and your drive will not be protected anymore.
How do I force BitLocker to unlock? ›
To unlock their drives, users must open “This PC” (or “My Computer”, depending on the version of Windows), right-click on the encrypted drive icons with the locked yellow padlock icon, click "Unlock Drive" and provide the Password.
What triggers BitLocker to lock? ›
The BitLocker recovery key prompt can be triggered by a variety of reasons, including hardware changes, software updates (especially if BIOS update is involved), etc. It is not necessarily alarming. The recent security update can be definitely a trigger here as well.
How do I get my computer out of BitLocker mode? ›
To exit the BitLocker recovery screen, you will need to enter the recovery key. The recovery key is a 48-digit code that was provided to you when you first enabled BitLocker on your device. If you don't have the recovery key, you can't enter the drive.
How long is the BitLocker lockout? ›
Standard user lockout duration (set to 8 hours) Standard user individual lockout threshold (set to 20) Standard user total lockout threshold (set to 20)
How long does BitLocker stay suspended? ›
Specify zero to suspend protection indefinitely until you resume it by using the Resume-BitLocker cmdlet.
Why did my computer do BitLocker? ›
If you experiences that the computer shows BitLocker recovery screen after power on, it means that the HDD/SDD has been encrypted. (HDD/SDD is locked.) Once PC hardware components have been replaced or BIOS settings have been changed, all may cause system shows BitLocker recovery screen after power on.
Here are the steps to do so:
- Go to the Microsoft BitLocker Recovery Keys page (https://account.microsoft.com/devices/recoverykey).
- Sign in with the Microsoft account that you used to set up BitLocker on your LG gram laptop.
- Enter the recovery key ID that is displayed on the BitLocker screen.
What is the command to unlock BitLocker? ›
If the status is returned as locked, you must use the following command to unlock it using your recovery password: manage-bde -unlock c: -rp your 48-digit recovery password.
Is it possible to unlock BitLocker without a key? ›
If you don't have the BitLocker password and recovery key, you may need to format the drive to remove the encryption, or use the third-party tools, such as Passware Kit, Elcomsoft Forensic Disk Decryptor, and Elcomsoft Distributed Password Recovery.
What if I forgot my BitLocker password? ›
To recover BitLocker, a user can use a recovery password, if available. The BitLocker recovery password is unique to the device it was created on, and can be saved in different ways. Depending on the configured policy settings, the recovery password can be: Saved in Microsoft Entra ID, for Microsoft Entra joined.
How to unlock drive locked by BitLocker without recovery key? ›
Unlocking BitLocker without your password and recovery key can be very challenging. If you forget your password, you can use your recovery key to unlock your BitLocker drive. If you can't remember the password and don't have access to the recovery key, the only remaining solution is to simply format the entire drive.
How to unlock a USB drive with BitLocker? ›
Click on “System and Security” in the Control Panel and then click on “BitLockerDrive Encryption.” There is a list of removable drives called “BitLocker To Go.” Find the protected drive you want and click or tap on it. Then, click on the “Unlock drive” link next to it.
How do you unlock the drive with a password in BitLocker? ›
After BitLocker has prepared the USB drive, the wizard prompts you to Choose how you want to unlock the drive. Tick the Use a password to unlock the drive checkbox and type in and retype a password, then click Next. encrypted drives with full read/write access.
Why do I suddenly have BitLocker? ›
The PC may display a BitLocker recovery screen after it has been returned from a service center where hardware components have been replaced. This may also happen after BIOS settings have been changed.