Why only Recovery Key option available to unlock password protected bitlocker drive from Hiren boot DVD?

ki_2004 · Jan 20, 2024

Dear All,

I have searched the net and asked Bard but it seems they are not able to understand my query. I hope you, the humans and experts will have better understanding.
It seems protection is strong and this post is more of learning, there's no pressing issue but I tried something to check if that can work, as such!

My company windows 10 laptop that runs Win 10 enterprise OS has bitlocker encryption enabled on all drives. When laptop boots I have to enter the bitlocker password (This is provided by IT admin and I of course know it) to decrypt the system and then I get the usual windows login prompt.

What I did is boot externally thru Windows PE based rescue disk like Hiren Boot DVD or Gandalf’s Win 10 rescue disk and tried to unlock the bitlocker drive. But now it only asks for Recovery Key. The password option is not available at all.

I also tried manage-bde -unlock c: -pw but after I enter the password, it does not unlock the drive.

So it seems somewhere only recovery key option is set may be in GP?
But when booted from within, it correctly asks for password.
Does anyone have any idea why?

Bard says

TPM Reliance: BitLocker typically relies on the Trusted Platform Module (TPM) chip, a hardware component that securely stores encryption keys, for unlocking drives with a password. However, WinPE often doesn't have access to the TPM, necessitating alternative unlocking methods.

Thank you.
BR
ki_2004

Chuck · Jan 20, 2024

"Does anyone have any idea why?"

Bitlocker is protecting itself from unauthorized tampering? ( That's you. )

Jimmy Collaros · Jan 20, 2024

I am not an expert but it seems something happened to your password.
When you setup Bitlocker for first time it gives you a recovery key in case something happen with the password.
Do you have the recovery key? Perhaps it will unlock the password and you will create a new one.

Toxined · Jan 20, 2024

Chuck said:
"Does anyone have any idea why?"

Bitlocker is protecting itself from unauthorized tampering? ( That's you. )

Same thought came to my mind...

Jimmy Collaros said:
I am not an expert but it seems something happened to your password.
When you setup Bitlocker for first time it gives you a recovery key in case something happen with the password.
Do you have the recovery key? Perhaps it will unlock the password and you will create a new one.

Absolutely this is the case....

Cyler · Jan 20, 2024

Should I spoil it or let people chat? Chuck is actually very close

Jimmy Collaros · Jan 20, 2024

Cyler said:
Should I spoil it or let people chat? Chuck is actually very close

I think the 2 answers given are enough. What else can be added?
But @ki_2004 has not answered yet. Let's wait for his answer.

Cyler · Jan 20, 2024

Jimmy Collaros said:
I think the 2 answers given are enough. What else can be added?
But @ki_2004 has not answered yet.

Jimmy, when a question is asked, what matters is if someone gave the right answer and not the number of answers. I would not answer the way I did if any the answers were right/complete.
As I said Chuck was close and sadly you were wrong, as the user asked something completely different. I was just trying to be polite.

ki_2004 · Jan 20, 2024

Thank you all.
I guess may be I did not explain it enough. I will try again. I already have the legit password. There's no recovery key, it never was maintained by IT admin.
I am just trying to unlock the drive thru Hiren Boot DVD and I thought it will ask for password, but only option is enter recovery key.

I do not know if this action comes under tampering, when you know the password and you have not fiddled with it in anyway like brute force etc,

Cyler · Jan 20, 2024

If BitLocker detects a recovery environment such as WinPE It won't accept passwords/Pins/TPM but rather asks only the recovery key. You can't even use different Windows installations unless you are part of a domain, without a recovery key first. After all, that is the point of encrypting hard drives. If it was that easy to bypass any encryption, there would be no point in using it. Only the original windows that enabled Bitlocker and its recovery environment can use the Bitlocker password, anything else needs the recovery key.

This is why @Chuck was very close cause using a different OS even if it was Windows PE can be considered tampering tho is a bit broad term.

ki_2004 · Jan 20, 2024

Strangely my experiments in VM show that it works! That is, the VM Windows 10 that is bitlocker encrypted does ask for password when booted thru external Win PE disks and I can unlock the drive with password. May be domain is not involved in VM tests.

Cyler · Jan 20, 2024

Yes, the network admin actually sets those parameters. Also, remember it is different when you encrypt the OS drive and different if you encrypt any other drive (and especially removable devices or VHD volumes) and also different if it uses the TPM chip of the laptop and/or network locks. If you can since you too like experiments, hook the laptop encrypted disk as external in that VM and give it a try.

ki_2004 · Jan 20, 2024

@Cyler Thanks.
Yes, I experimented with OS drive in VM as such, not other data drives. So it seems something else set by admin is in effect!
As such I have full access to laptop as I know the bitlocker password but I won't open it to remove the drive as I may then be violating company policies.
Nevertheless, it was just a try! I have nothing further. This thread may be closed.
Thanks all.