How can I locate Bitlocker key in OEM refurb HP laptop?

Topic

New Reply

Some of you may remember me from this thread: https://www.askwoody.com/forums/topic/preparing-computer-for-bios-update-from-within-windows-10-disabling-bitlocker/.

After extensive reading/research, how to create a Bitlocker key remained a mystery because of Bitlocker’s supposedly not being installed on Windows 10 Home machines. Then I thought that the key might already exist somewhere in my machine, because it’s an OEM refurb. BTW, it’s not in my email, any of my files, or printed out somewhere, as all the solutions for Win 10 Home maddeningly suggested.

Any thoughts on how to create/find the recovery key?

Reply | Quote

Replies

Tried OneDrive? (https://onedrive.live.com/recoverykey)

Why Microsoft stores your Windows 10 Device Encryption Key to OneDrive

P.S. It’s called Device Encryption on Windows 8/10 Home, not BitLocker strictly speaking.

1 user thanked author for this post.

Hamsa Vicerra

Reply | Quote

Oh yeah, I checked on all that too. It’s not stored in my Microsoft account, and there’s nothing in either Settings or System Information about device encryption or anything similar. Everything’s toeing the HP party line, that there’s no Bitlocker or device encryption in their computers. So I can’t remove the recovery key or generate a new one either, because the necessary settings and buttons don’t exist.

I think what I’ll do is remind my friend next-door, the IT guy-turned-electrician, that last week he said he’d look into it, because I could tell when he was on his way out the door that he’d already forgotten and was focused on how to break into my laptop so he could install the memory upgrade. It took major surgery.

Reply | Quote

Make an image backup using one of the 3rd party backup apps.
Boot from the backup recovery USB.
Delete the partitions on the disk.
Restore the image.

You should now have a non bitlockered installation.

Note: I have not tested this so no guarantees.

cheers, Paul

1 user thanked author for this post.

Hamsa Vicerra

Reply | Quote

Try these methods : https://www.m3datarecovery.com/bitlocker-recovery/bitlocker-recovery-key.html

Reply | Quote

Have a read of ‘all’ the pages (16 at the time of posting) in this link:

BitLocker: need a key but I never installed it

https://www.dell.com/community/Windows-10/BitLocker-need-a-key-but-I-never-installed-it/td-p/6019486

It refers to Dell owners.
There are solutions, potential solutions and one thing in common is that there are many angry folks out there where this issue is being reported, or has been reported in the past, from a number of different machine make owners. Dell, HP, Microsoft to name but three.

Hamsa – Not sure while you created another thread for the same issue.

1 user thanked author for this post.

Hamsa Vicerra

Reply | Quote

Thank you for that truly frightening thread. This is this the thread I posted before this:

Some of you may remember me from this thread: https://www.askwoody.com/forums/topic/preparing-computer-for-bios-update-from-within-windows-10-disabling-bitlocker/.

Related issue, but not the same :-).

Reply | Quote

Hamsa Vicerra wrote:

Everything’s toeing the HP party line, that there’s no Bitlocker or device encryption in their computers.

That’s definitely not what HP says:

HP PCs – BitLocker Encryption Is Enabled by Default

BitLocker Encryption is enabled, by default, on computers that support Modern Standby. This is true regardless of the Windows 10 version (Home, Pro, etc.) is installed.

It is vital that you back up your BitLocker recovery key, and that you know how to retrieve it. Do not rely on keeping the key solely on the computer. If you cannot access the key when needed, you will lose access to all data on encrypted drives.

NOTE: One routine reason for needing the BitLocker recovery key is in case of performing updates that affect the TPM data, including BIOS updates.

See the following HP Knowledge Base article on how to tell if your drives or devices are encrypted and on saving and retrieving your BitLocker key.

HP PCs – BitLocker Encryption Is Enabled by Default

Reply | Quote

[Hamsa Vicerra]

I’m sorry to say I was already well aware of all the above. My laptop doesn’t support Modern Standby. I’m not sure why that is. About toeing the HP party line, I actually did know that too, my only excuse is that it was tired and I was late and I kinda, well, forgot.

• This reply was modified 4 years, 2 months ago by Hamsa Vicerra.
• This reply was modified 4 years, 2 months ago by Hamsa Vicerra. Reason: Correct 2 mistakes

1 user thanked author for this post.

b

Reply | Quote

What is the current status of your issue?
Are you locked out of your machine because you don’t have a key?
Is Bitlocker active?
Can you disable it in the settings?
If you can disable it, you don’t need a recovery key.

Reply | Quote

[Hamsa Vicerra]

Machine’s fine so far and I’m not locked out. I can’t disable Bitlocker because my machine denies it has it and so lacks the various settings that would let me disable it. I’m trying to discover how to find the key so I don’t get locked out after I install the latest update. As to whether Bitlocker’s active, that’s the one that has me slightly nuts. See this thread:

Some of you may remember me from this thread: https://www.askwoody.com/forums/topic/preparing-computer-for-bios-update-from-within-windows-10-disabling-bitlocker/.

 

• This reply was modified 4 years, 2 months ago by Hamsa Vicerra.

Reply | Quote

You are in a bit of a predicament.
As you are now, Bitlocker is not available because it isn’t present on your system.
If you update the BIOS to allow the OS 20H2 update, you *may be locked out of the machine as the updated BIOS somehow activates a ‘dormant’ Bitlocker and you have no recovery keys.
*I say may, because you don’t know for sure. However, you/we do know now that others going down the BIOS update route can & do get locked out.

You could do nothing/don’t update the W10 version and stay as you are and that would leave you relatively safe in terms of not being locked out.
What is your current W10 version out of interest?

The warning dialog box you have seen says the BIOS is not compatible with Windows 10, but if you are already using a version of Windows 10, then that warning isn’t exactly true to its wording.

I have Bitlocker available and active on the machine I’m using now.
I know the status of Bitlocker in terms of what drives are encrypted and locked.
To check, I can right click the Start Button > Click ‘Command Prompt (Admin)’ or ‘Windows Powershell (Admin)’ > Accept the prompt then type:

manage-bde -status

. . . . then press the Enter key.
This will show if Bitlocker is active or present in your case.
Below is a section of the above showing some of the Bitlocker protected drives I have.
Give it a try. I suspect it won’t show Bitlocker as you don’t have it.

2 users thanked author for this post.

Hamsa Vicerra, wavy

Reply | Quote

Yes, you’ve got my situation exactly. I’m currently using v. 1809. It would be fine with me to continue with that version, although going forward I’d be kind of worried about security, or is that only addressed in the patches?

I tried using Administrator: Command Prompt to see if Bitlocker is enabled or not, but frustratingly (again!) my request was denied because I’m not an Admin, only I am but I don’t know how to convince the computer of that. Interestingly enough, I saw Bitlocker Settings when I was rummaging around in Settings, but when I clicked on it my click wouldn’t register. Am I right in suspecting that meant the link didn’t lead anywhere? (I don’t know the technicalese for that.) If so, wouldn’t that mean that Bitlocker isn’t present and I don’t need to worry about a key?

Reply | Quote

Hamsa Vicerra wrote:

my request was denied because I’m not an Admin

Can you post the exact message?

To test if your disk is encrypted, boot from a Linux live USB (or your backup recovery USB) and try to view the disk. If it’s encrypted you should be able to see the disk but not any data.

cheers, Paul

1 user thanked author for this post.

Hamsa Vicerra

Reply | Quote

This was the exact message: An attempt to access a required resource was denied.

Check that you have administrative rights on the computer.

If there’s a way to correct my computer’s misunderstanding and I discover that Bitlocker’s not present, I wouldn’t still need to check if my disk’s encrypted, would I?

Reply | Quote

Can you boot from a Linux Live USB / Windows recovery USB and view the disk partitions?
An encrypted disk will show the C: partition as full, no free space. The EFI partition should be about 100MB and 99% free.

cheers, Paul

Reply | Quote

Theoretically yes. I have Idrive and could create a recovery USB with that, but it’s in my mind as a last resort because I’ve never done it before and the prospect’s somewhat overwhelming. Also, I use Dragon NaturallySpeaking, and doing anything other than dictating is often a multi-command process, so it takes me at least 4 or 5 times as long to complete one step as it does someone holding a mouse. It doesn’t make a task easier or harder, just more tedious.

Reply | Quote

When checking the Bitlocker Status, you sure you have typed the correct wording in (Admin) Command Prompt – note the gap between e and -status?
The image below shows- manage-bde -status – in both Command Prompt (1) and (Admin) Command Prompt (2).
The test machine image below does not have Bitlocker as it is a Windows 10 Home version.

2 users thanked author for this post.

wavy, Hamsa Vicerra

Reply | Quote

Also, any idea why the computers not recognizing my Admin status? Is there any way to correct that?

Reply | Quote

Not sure what you mean by this?

To run Command Prompt as admin you need to right click the menu item and select Run as administrator.
As Moonshine’s screenshot shows, it has the word Administrator in the title when you get it right.

cheers, Paul

1 user thanked author for this post.

Hamsa Vicerra

Reply | Quote

When I use Command Prompt Admin to try to check the status or presence of Bitlocker, even though I’m an Admin-the only one in fact-the command prompt screen displays this message: An attempt to access a required resource was denied. Check that you have administrative rights on on the computer.  (Yes, I’m typing the command exactly as shown.)

 

Reply | Quote

Yes, I typed it exactly as shown.

Reply | Quote

Hamsa Vicerra wrote:

even though I’m an Admin

Being Admin and running as Admin are not the same. Run CMD as Admin.

1 user thanked author for this post.

Hamsa Vicerra

Reply | Quote

OK thanks, I finally got it through the block of wood that is my head. There is no Bitlocker, no encryption, no key, no nothing, only a lot of relief. Now I just have to see if I can update the BIOS.

Reply | Quote

Now I just have to see if I can update the BIOS

Just remember, updating the BIOS is the start of the nightmare – for some!

1 user thanked author for this post.

Hamsa Vicerra

Reply | Quote

So even though CMD didn’t show Bitlocker active or present in my system, it could still be dormant-I forgot about that. Argh!

Reply | Quote

Bitlocker won’t be dormant. You have Windows Home and there is no way for you to turn BL on.

cheers, Paul

Reply | Quote

[Hamsa Vicerra]

Right, except Moonshine posted

You are in a bit of a predicament.
As you are now, Bitlocker is not available because it isn’t present on your system.
If you update the BIOS to allow the OS 20H2 update, you *may be locked out of the machine as the updated BIOS somehow activates a ‘dormant’ Bitlocker and you have no recovery keys.
*I say may, because you don’t know for sure. However, you/we do know now that others going down the BIOS update route can & do get locked out.

Cheers,
Hamsa

• This reply was modified 4 years, 1 month ago by Hamsa Vicerra.

Reply | Quote

[Moonshine]

Hamsa

It’s not easy helping from a distance, I’m sure you are aware of that, especially when you are giving us inconsistent information.

CMD didn’t show Bitlocker active or present in my system

There is no Bitlocker, no encryption, no key, no nothing. . . .

You have said previously:

. . . . Interestingly enough, I saw Bitlocker Settings when I was rummaging around in Settings. . . .

That seems rather odd if you don’t have Bitlocker available.
You say you have Windows 10 Home which doesn’t actually support the version of Bitlocker we know that exists in W10 Pro.
However, we do know that some manufacturers machines support Device Encryption, similar to Bitlocker, when the machine meets certain conditions, Modern Standby being one example.

My laptop doesn’t support Modern Standby

. . . . how do you know that – it’s easy to check?

*We know that a BIOS update in certain W10 Home OS’s can trigger a lockout on restart because Device Encryption/Bitlocker has been enabled and the necessary keys to unlock the system are not being created or made available in certain scenarios.
*This information, as you know, is available online in forums for anybody to access. I have given links to some of those forums, in this thread and a previous related thread of yours.

What I would do now, is take a System Image as insurance so you can at least access the files at a later date should you need to.
If you are genuine, I suggest you seek professional help face to face.
Explain your situation – especially the part about being potentially locked out of your machine. Show him/her the posts in this Askwoody forum so he/she can see what’s going on or what can/could/may happen to you on your machine if a BIOS update takes place.

• This reply was modified 4 years, 1 month ago by Moonshine.

Reply | Quote

I understand how the inconsistency of the statements you quoted could be concerning to you, but I’ve always been completely honest in my descriptions of my situation, which has been just as confusing to me as it has to you. I’m truly sorry if you think I’ve been in any way trolling, as I’ve always greatly appreciated all the posters attempts to help me make sense of my “predicament,” as you so aptly put it.

Yes, I checked whether my computer supports Modern Standby, and I was surprised to find that it doesn’t.

I’ll consult my next-door friend the IT guy-turned-electrician, or maybe I’ll send my laptop up to my brother, who’s been an IT professional for about 35 years, though I know if I do he’ll say, “I told you not to buy an HP!” Again, much gratitude to all who patiently shared their knowledge, and sincerest apologies to any who had reason to doubt my truthfulness.

Cheers,

Hamsa

 

Reply | Quote

Why not backup your BIOS, update to new BIOS version.
In case of problems just restore the BIOS.
https://support.hp.com/us-en/document/c02693833

1 user thanked author for this post.

Hamsa Vicerra

Reply | Quote