Windows Bitlocker Explained

BitLocker is the Windows encryption technology that protects your data from unauthorized access by encrypting your drive and requiring one or more authentication factors before it will unlock it. Windows will require a BitLocker 48-digit recovery key to unlock a disk volume when it detects a possible unauthorized attempt to access the data.

Bitlocker encryption can occur if Windows detects an unauthorized login or a failing drive. Users have also reported that Bitlocker activates if an error occurs during a Windows update.

Windows Bitlocker Screen - blue

Problems can arise on personal computers if a user fails to attach a PC to a Windows account at the initial setup, thus forfeiting the creation of the Bitlocker recovery key. This is a method Microsoft uses to coerce users to create a Microsoft account.

The BitLocker key can be found by logging into the associated personal Windows account or the command prompt. Without a BitLocker key, the only way to recover the encrypted hard disk is to clean the disk and reinstall the Windows Operating System (OS). All files will be lost.

For corporate or organization accounts, the Bitlocker recovery key may be found in Active Directory or Azure Active Directory.

Real World Scenario

Troubleshooting PC laptop (Lenovo Thinkpad 3  81X8.)

Problem:

After powering on a Lenovo laptop, Windows 10 loads the blue BitLocker recovery screen, indicating the laptop’s drive is encrypted. Unfortunately, the user opted not to create or attach a Microsoft account when setting up the PC, making retrieving a  Bitlocker recovery key impossible as one was never created.

Solution:

Wiping the disk drive and performing a clean install of the OS allows for a fresh installation, but the PC’s stored data will be lost. Use the command prompt and BIOS settings to perform these actions.

  • From the Reset this PC menu => advanced options.
  • Enter from the command prompt with administrator privileges, or restart your PC (press Shift and F10 keys together during the boot process.)
  • From the command prompt, from the C: Windows\system32\ enter:
    • diskpart
    • list disk
    • select disk x (replace x with the encrypted hard disk)
    • clean
    • delete partition override
    • exit
admin command prompt. windows 11
  • On another PC, create a Windows Installation Media on a USB drive.
  • Restart your troubled PC with the USB drive.
  • If needed, load BIOS and change the boot drive order to boot with USB first.
  • Follow the Windows setup instructions.

Troubleshooting Windows installation issues.

Users often find when the PC loads using the USB Window’s installation disk, a “no disk or drives are found” message appears. If so,

  • Restart PC
  • Enter BIOS (F1 or F2)
  • Disable Secure Boot
  • Disable the VMD controller (shows hidden SATA Controller mode)
    • The VMD controller is used for RAID storage devices
  • Save settings
  • Restart the PC with Windows Installation Media USB.
  • Windows OS will then guide the user with installation and setup.

After the Windows installation has been completed:

  • Shut down the device
  • Remove the Windows Installation USB
  • Restart the PC and enter the BIOS (F1 or F2)
  • Enable Secure Boot
  • If not using RAID, leave the VMD controller disabled
  • Exit BIOS
  • Restart the computer
  • If Windows loads successfully, check for any Windows updates

Tips:

  • Important: Set up a Microsoft Account to allow for the creation of an iCloud login. This is a valuable tool used in cases where the computer password is changed or Bitlocker encryption becomes enabled by the infiltration of unwanted parties or hackers.
  • Preventative protection: Purchase and install reputable Anti-virus software to monitor the device for known vulnerabilities. 

Credits for reinstalling Windows on a Bitlocker drive: