CoreImage - How to address BitLocker recovery


Introduction

BitLocker is a full disk encryption feature included with Microsoft's Windows operating system. It is designed to protect data by providing encryption for entire volumes. The encryption process uses an algorithm with a specific recovery key that is unique for each machine. The key specifies how information is transformed between its encrypted and decrypted states.

A Windows BitLocker recovery event is triggered when Windows detects underlying hardware changes (HITS internal link) that may indicate that the disk is no longer in its original system and should therefore be locked to avoid data exfiltration.

The BitLocker recovery portal allows authorized users, such as members of the HITS Service Desk, to retrieve recovery key information in order to quickly restore access to a machine currently in a BitLocker recovery state. The user account used to access the key as well as the reason provided are all auditable.

Instructions

In most cases, the BitLocker recovery prompt can be cleared by turning the device off and back on in a specific manner. 

  1. Power down the device.
  2. Unplug the machine from the wall.
  3. Unplug any USB Storage devices (flash drives, microphones, other devices).
  4. Hold down the power button for about 30 seconds to drain stored power from the device.
  5. Plug the device back in.
  6. Power the device back on.

This should work the majority of the time. The BitLocker recovery screen is usually caused by a false flagged hardware change, causing Windows to believe that its hardware has changed when it really has not. If you continue to get this prompt, please enter a ticket with the HITS Service Desk and provide the Key ID shown at the bottom of the message.