Results 1 to 1 of 1
2014-01-12, 05:46 #1
- Join Date
- Dec 2013
- Thanked 3 Times in 3 Posts
Startup Recovery with Bitlocker - didn't back up Recovery Key
"I don't need that stupid Recovery Key; it'll never be necessary. I know what my Bitlocker password is because I type it every time I switch on my computer; I'm hardly likely to forget it."
Ahem. Pride goes before a fall, I believe the Book of Proverbs says...
Turns out the Recovery Key is needed in certain situations, one of them being Startup Repair. My Windows 8.1 machine didn't shut down properly, and so wanted to do an automatic repair when it next booted. I was asked for my Bitlocker password as normal when the machine booted, but the Repair process wanted the Bitlocker Recovery Key, not the password.
And guess who didn't bother backing up his Recovery Key because, after all, "it'll never be necessary..."
All is not lost, however. The Recovery Key can still be retrieved. After clicking "Skip this drive", one can get to a Command Prompt through the Troubleshoot -> Advanced options -> Command Prompt options.
Once at the Command Prompt, retrieving the Bitlocker Recovery Key is a two step process:
- Unlock the encrypted drive
- Display the encryption protectors
The Manage-bde.exe Parameter Reference came to the rescue, but still required a bit of experimentation. That page only shows the "-password" parameter in the section about enabling Bitlocker encryption, but it turns out that "-password" is supported for other functions, including "-unlock".
To unlock my drive, I typed manage-bde -unlock c: -password. The program prompted me for my password (with no visible confirmation of key presses) and then unlocked the volume.
Then, to retrieve the Recovery Key, I typed manage-bde -protectors c: -get. Hey presto! There was my 48-digit Recovery Key in all its glory. That Recovery Key has now been backed up somewhere safe, because I don't want to go through this rigmarole again.