Here’s a very quick post, if you are not using MBAM and don’t have access to your Active Directory and want to recover your BitLocker key for whatever reason you can quickly do as follows within Windows:-
Open an Administrative Command Prompt and type the following
manage-bde -protectors c: -get
replace the drive letter C: with whatever drive is encrypted.
you’ll see output something like this
BitLocker Drive Encryption: Configuration Tool version 6.2.9200
Copyright (C) 2012 Microsoft Corporation. All rights reserved.Volume C: [OSDisk]
All Key ProtectorsTPM: ID: {37CE71B7-8FE4-4CA9-9637-42516F599C02}
Numerical Password: ID: {31514A2F-147C-478C-B6A2-618CD6F66653}
Password:
249238-002442-716694-646503-010879-234894-155485-185372
To save your recovery key to a network share use the following script (thanks Klaas)
manage-bde -protectors -add c: -recoverykey c:
And below is the script… modify to suit your network share names…
net use Driverletter Networkshare /user:domain\username password
md driveletter\bitlockerkeys\%computername%
attrib -h -s c:\*.bek
move c:\*.bek driveletter\bitlockerkeys\%computername%
job done
Note: If you have simply locked yourself out of your laptop and don’t know what the BitLocker recovery key is then you can retrieve it using your Microsoft Hotmail account at the following URL http://go.microsoft.com/fwlink/p/?LinkId=237614
cheers
niall
niall, what if you get “ERROR: an attempt to access a required source was denied.” what’s the next step??
hi .me saifi from pakistan.i changed my bitlocker pasword. And forgog.i have recovery key but inside the same drive that is locked.what can i do.i also remember previous passwords.
if the recovery key is not backed up somewhere that you can access then you are out of luck,
Hi Niall,
Sorry if this is the wrong place to put queries, but figured it fitted with this article.
We’ve got a deployment via SCCM/Task Sequence which enables bitlocker. In 90+% of machines, there’s absolutely no problem.
We’re finding a small subset of machines, however, are not getting bitlocker keys. They have a TPM key, however no numerical password – and therefore no method of recovery. Going to manage bitlocker shows that there’s no keys for it to manage.
Our fix is simply to enable it manually, but being absolutely intrigued I’m trying to track down a root cause. Any suggestions on logs or places to look that may show why some machines are fine and some aren’t?
Thanks!
how are you enabling bitlocker ? using the built in step or via a script ? do you have any logs from one of the machines that has failed ? are you continuing on error on your enable bitlocker step ? I wouldn’t do that because you could end up with BitLocker failing …
Hi, I am Ashish
I hv got a serious problem with my pendrive
i got a bitlocker encryption on my pendrive, then i tried to decrypt it.
but while decryption, i unplugged my pendrive out from USB port. (The decryption was not complete at that time).
After that, i plugged it back, then it asked me for a password.
i entered the password, but it displayed that “the entered password is incorrect”.
The i chose option and entered the 48 digit recovery key, that i was having in an another drive.
but it displayed that “the Recovery Key is incorrect.”
i matched the Key Identification number also, it was same. But then also it displayed that “the recovery key is incorrect.”
then i used the method given by you ABOVE !,
the ADMINISTRATIVE COMMAND PROMPT says —
” AN ATTEMPT TO ACCESS THEA REQUIRED RESOURCE WAS DENIED.
CHECK THAT YOU HAVE ADMINISTRATIVE RIGHTS ON THE COMPUTER. “.
Now what to do????
Please help me out for this situation, i will be thankful to you…
i just want my pendrive decrypted, with or without data saved in it….. Huh
must reply ..
waiting 4 ur reply !!!
when you want to open command prompt Right click on that and open as administrater hope your adminitrative Rights problem will be solved
Hi Niall,
I access bitlocker with my Navy Issued CAC card, I had to get a new card because the old one expired now bitlocker does see my new CAC card. I have been looking for the printed version of my recovery key but can’t find it. Is there a way to get bitlocker to reconize my new CAC card.
Thank you for your assistance..
V/r
Ben
hi Ben,
i’ve no idea what a CAC card is, but you should check with your network administrator to see if the BitLocker key is stored in Active Directory, if it is then it’s easy to find.
Thanks for the quick reply. A CAC Card is actually just a smart card. For some reason the Gov’t calls them CAC Cards to get us all confused. Anyway the certificates on my smart card expired and I had to get a new one and now BitLocker does not reconize/see my smart card.
have you asked your AD administrator yet if they back up your smart card certificates to AD ? I would check there first, i assume you havn’t backed up the old certs yourself ? – see here for details http://technet.microsoft.com/en-us/library/dd875530%28v=ws.10%29.aspx
Actually had the same problem myself, and i found a solution to it, maybe you will find it interesting, you can find it on my blog.
Windows 7 BitLocker
Hey ncbrady,
I get this:
What do I do now?
http://imgur.com/kZAWqFM this
back up the recovery key file (.bek) as you may need it later to recover the drive – see http://technet.microsoft.com/en-us/library/ee523219%28v=ws.10%29.aspx
Hi there I recently re-downloaded windows 7 on my computer and didn’t even realize that doing this would lock me out of my external hard drive with bitlocker. Is there anyway to unlock it now. The only thing I have is the “full bit-locker recovery key identification” but I don’t have the actual recovery key. Thanks for your time.
Thanks for this. I had to do a system image recovery from a BitLocker To Go drive. I had the drive password, but Windows 8.1 RE is not smart enough to take it – it needs the recovery key.
Using this helped me pull it using another machine, then I could proceed with a restore.
Hi dear
I have windows 8. I make a password on my two drive with bitlocker and save the keys on my microsoft account. and now I forget the password and when I went to my account I just find the one keys on my account. two of my drive have same password. now I can open one of my drive. if I find the password of my account that have the key I can open the other drive.
How can I find the password when we have recovery key?
I find the password id and numerical password
C:\Windows\system32>manage-bde -protectors -add h: -recoverykey h:
BitLocker Drive Encryption: Configuration Tool version 6.2.9200
Copyright (C) 2012 Microsoft Corporation. All rights reserved.
Key Protectors Added:
Saved to directory h:
External Key:
ID: {A631BD73-E1C2-4468-868F-633CB89BAB99}
External Key File Name:
A631BD73-E1C2-4468-868F-633CB89BAB99.BEK
C:\Windows\system32>manage-bde -protectors h: -get
BitLocker Drive Encryption: Configuration Tool version 6.2.9200
Copyright (C) 2012 Microsoft Corporation. All rights reserved.
Volume H: [Rezazy-HDD]
All Key Protectors
Password:
ID: {7652F6CE-D88C-476C-B39D-D28175795000}
Numerical Password:
ID: {FDF0E831-353F-48C5-9F3A-C9C03E0CEA78}
Password:
106007-591283-270710-254309-670945-631730-606342-502788
External Key:
ID: {A631BD73-E1C2-4468-868F-633CB89BAB99}
External Key File Name:
A631BD73-E1C2-4468-868F-633CB89BAB99.BEK
Hi dear
I have windows 10.
I find the password id and numerical password
Microsoft Windows [Version 10.0.10586]
(c) 2015 Microsoft Corporation. All rights reserved.
C:\Windows\system32>manage-bde -protectors D: -get
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Volume D: [Label Unknown]
All Key Protectors
Numerical Password:
ID: {7601E5E2-6BF8-43E9-85E5-E703FDBDC86A}
Password:
ID: {BDC9BEB5-AB77-47FA-950E-CD9A14FB7079}
C:\Windows\system32>Microsoft Windows [Version 10.0.10586]
‘Microsoft’ is not recognized as an internal or external command,
operable program or batch file.
C:\Windows\system32>(c) 2015 Microsoft Corporation. All rights reserved.
2015 was unexpected at this time.
C:\Windows\system32>
C:\Windows\system32>C:\Windows\system32>manage-bde -protectors D: -get
‘C:\Windows\system32’ is not recognized as an internal or external command,
operable program or batch file.
C:\Windows\system32>BitLocker Drive Encryption: Configuration Tool version 10.0.10011
‘BitLocker’ is not recognized as an internal or external command,
operable program or batch file.
Now what shoud i do?
try typing in the commands correctly otherwise you’ll get the output you are seeing
please help
volum c: label unknow
all key protectors
numerical password
id:{A735E020-E32E-47C2-8895-70EE916C510E}
TPM:
ID: {6190BC03-8370-4595-A4CC-1B66D5263F88}
PCR VALIDATION PROFILE:
7, 11
i have win 10
didn’t you see the note ?
Note: If you have simply locked yourself out of your laptop and don’t know what the BitLocker recovery key is then you can retrieve it using your Microsoft Hotmail account at the following URL http://go.microsoft.com/fwlink/p/?LinkId=237614
Hi,
I just used bitlocker to one of my drives and when I am trying to unlock it the password I have used is showing as incorrect. I have tried with my recovery key also. The same result.
I have used with the command prompt also. It showing as error with the recoverykey.
what should I do?? The data on the drive is very important for me.
Hello All,
Firstly, thank you for the info posted here. It provide me with a big boost in troubleshooting my issue.
I wanted to ask here because this is where I started troubleshooting the issue I’m having with a USB removable drive that was somehow encrypted/locked by Bitlocker To Go. I say somehow because I never remember being prompted like I was for the OS drive to encrypt my removable USB drives. Maybe the
somehow” is a clue?!
Another key piece of info is that it was Symantec Endpoint Encryption that facilitated the encryption of the OS drive. SEE is installed by my company by policy. Since my company, Veritas, used to be Symnatec I even contacted a few SEE support guys who say that the issue is with Bitlocker and not SEE. Although like I mentioned, I was never prompted to encrypt the removable USB drives.
Here’s what I’ve tried so far;
1. I ran the protectors get command mentioned above
c:\Windows\System32>manage-bde -protectors g: -get
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Volume G: [Label Unknown]
All Key Protectors
Numerical Password:
ID: {27319850-4EB5-42AC-9BA5-1C0CCB997EE7}
External Key:
ID: {A4A49BE5-70A4-4388-8B2F-8C13B1CA765C}
External Key File Name:
A4A49BE5-70A4-4388-8B2F-8C13B1CA765C.BEK
Unlike when I run the same for the OS drive, the password is never displayed in the aforementioned. This happens for all drives listed under Bitlocker To Go. I’m trying to understand why the password isn’t being displayed for these drives.
QUESTIONS:
Is this because it’s encrypted/locked by Bitlocker To Go in particular?
Are there any manage-bde command syntax/flags to get this info?
Is it because these drives were locked by Bitlocker To Go via some other Windows process/user that I cannot get the password?
2. Fwiw, I ran manage-bde -unlock g: -sid and -pw with all of the SIDs and passwords that have logged on to the laptop.
3. I ran the protectors add command (a few times) mentioned above Note: There’s a removable USB drive (f:) that I can connect and it doesn’t get encrypted/locked.
c:\Windows\System32>manage-bde -protectors -add g: -recoverykey f:
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
ERROR: An error occurred (code 0x80070057):
The parameter is incorrect.
c:\Windows\System32>manage-bde -protectors -add g: -recoverypassword f:
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
ERROR Cannot specify multiple volumes
c:\Windows\System32>manage-bde -protectors -add g: -cert f:
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
ERROR Cannot specify multiple volumes
Note: I tried the shorten (rk and rp) in the commands with the same results
QUESTIONS:
Are there any manage-bde command syntax/flags to get this info?
Can anybody help me from here? I cannot seem to get beyond this point. Any help would be appreciated, especially since the two removable USB drives contain data both work-related and personal.
Regards, Jimmy
So, if I forgot to mention, I’m trying to “export” out the numerical password, recovery password, etc. from the locked drives to another drive in order to apply when unlocking the locked drives 🙂
Ok I am having what seem the same issues as many others. I have Key ID but never got at recovery key. I alleged the command prompt but it keeps letting me the drive I am trying to access is locked and must unlock it before accessing commands. I feel trapped with this same software and can’t figure out any way to get around it. Any help?
Ok just ran the manage-bde -protectors x: -get and got
The Bitlocker Drive and copyright messages and be low that received
Numerical password
ID: and then letters and numbers
TPM:
ID and again letters and numbers
pRC Validation Profile:
7,11
So question is the recovery passcode is all numeric but the ones recovered are numbers and letters when and how to I know which is correct and how do I get the all numberical one?
well on my Surface Pro 4, which has three discs, one internal SSD, one Micro SD card and an external USB disc connected. The internal SSD is the only drive that is protected by BitLocker. Manage-bde -status reveals this:
C:\WINDOWS\system32>manage-bde -status
BitLocker Drive Encryption: Configuration Tool version 10.0.15007
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [Windows]
[OS Volume]
Size: 236.84 GB
BitLocker Version: 2.0
Conversion Status: Used Space Only Encrypted
Percentage Encrypted: 100.0%
Encryption Method: AES 128
Protection Status: Protection On
Lock Status: Unlocked
Identification Field: Unknown
Key Protectors:
TPM
Numerical Password
and to reveal the Recovery Password you use manage-bde -protectors -get as shown below:
C:\WINDOWS\system32>manage-bde -protectors -get c:
BitLocker Drive Encryption: Configuration Tool version 10.0.15007
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Volume C: [Windows]
All Key Protectors
TPM:
ID: {5CF6194D-5085-4DE9-AFF5-3109CAF0C5FC}
PCR Validation Profile:
7, 11
(Uses Secure Boot for integrity validation)
Numerical Password:
ID: {D0DD2882-64FB-4D60-9AC9-D97AE30F4E53}
Password:
254771-168344-315458-177188-674377-037092-224455-431189
so to unlock this BitLockered drive you’d use the password starting with 254771.
Does this match your scenario and if not, what exactly is your issue (be descriptive…)
Hi ncbrady,
in your last comment here:
Numerical Password:
ID: {D0DD2882-64FB-4D60-9AC9-D97AE30F4E53}
Password:
254771-168344-315458-177188-674377-037092-224455-431189
so to unlock this BitLockered drive you’d use the password starting with 254771.
how did you got the password itself?
254771-168344-315458-177188-674377-037092-224455-431189
I only got the numerical password.
Thanks in advance.
hi, i got the numerical password by typing the following as administrator on the bitlockered computer
manage-bde -protectors -get c:
Hi nebrady,
I’m getting the numerical password section but it’s only showing the ID. There is no password displayed. My external drive is definitely locked though because it asks me for a bitlocker 48 digit key when I plug it in. Can you please advise? Thank you.
can you paste out what you are seeing exactly, or show a screenshot.
My work computer won’t let me on this website and I can’t paste a picture of the screen from my phone.
It’s showing the external key section – which has ID and External Key File Name.
Under it, it shows the Numerical Password section with just the ID.
well take a photo of it with your phone and post it or email it to me (niall@windows-noob.com) or give me more info, I can’t help you otherwise..
Just emailed it to you.
Was this issue resolved after he sent you a picture of the email? I have the same exact issue on my surface pro. I got the bit locker recovery screen. I don’t have the key backed up or linked to an outlook email. I tried using the command prompt but like this guy it doesn’t show me the password, only the IDs.
i don’t recall, but if you have a surface pro, and you’ve not got a backup of the bitlocker password, and you don’t have the device linked to any MS account then you are not in a good state…
Was this issue resolved after he sent you a picture of the email? I have the same exact issue on my surface pro. I got the bit locker recovery screen. I don’t have the key backed up or linked to an outlook email. I tried using the command prompt but like this guy it doesn’t show me the password, only the IDs.
TPM NOT FOUND ON THIS COMPUTER
CAN YOU HELP
with what exactly ? if you need help you really should provide details about what your problem is, what you have tried to solve it etc..
My cousin recently used CCleaner on his windows 10 notebook. upon completion, it will no longer boot up.
I have attempted to recover the device using a number of methods but most are blocked by a message saying that the drive is locked -and asking for a bitlocker key
When questioned, he is adamant that he has never accessed bitlocker and has no idea what it is. He has never used it or setup a password for it
When I use the command ‘manage-bde -protectors -get c:’ above, I get;
Numerical Password:
ID: {A full code}
TPM:
ID:{A full code}
PCR Validation Profile:
7, 11
As mentioned, the device will not boot up, there was no password set yet the device seemingly has been locked down by bitlocker
Having also followed the link http://go.microsoft.com/fwlink/p/?LinkId=237614
and logged in, it takes him to his one drive – yet there is no where to look for the key [key ID is known] amongst his stored personal files or a place for us to look to recover it
have you come across anything similar? The device is effectively a brick at this point as the drive is locked down and therefore cannot be formatted by the external USB Win10 media
I am aware if I remove it from the notebook and mount the drive there may be another method of recovery, but unless I have exhausted all other possibilities I would rather stay away from that solution
thanks in advance ncbrady
his computer is bitlockered, and it’s odd that it isn’t listed under the go.microsoft.com link, however have you seen this faq does it help ?
https://support.microsoft.com/en-us/help/17133/windows-8-bitlocker-recovery-keys-frequently-asked-questions
Morning,
thank you for the reply and wanted to close this off by saying that I have recovered the hdd and it is all working great
the http://go.microsoft.com/fwlink/p/?LinkId=237614 link when he used it was on his smart phone which did not work as expected – he passed the details to me and I used it from my desktop and it worked immediately, straight to the long password
the step details provided above worked to the point originally mentioned where it did not actual show the password but I would assume that this was a fault with bitlocker kicking in without permission since he is still adamant that he has never activated it or set such a long numerical password – potentially a CCleaner deletion of some file?
The main thing is, once the password was recovered it unlocked the drive and could then boot normally.
thank for your assistance, its always good to have a response and know there is help out there
Mark
glad you got it working !
Hi Brady,
My password for log in on WIN 10 expired and i dont remenber since i always log in with fingerprint. I tried some workarounds with cmd to reset the password, but since the disk is protected by bitlocker i can access. I dont have the key since its a company laptop, and i doubt that the IT guys have since their first solution proposal to this situation was to format the PC and install everything again – solution which i tried to avoid. Plus, i doubt that they had created an microsoft account.
Therefore, there is any way that i can retrieve the key that might be inside the disk? there is any way to extract files from the disk? I have the typical ID’s that Bitlocker screen presents – that might help?
Thank you very much in advance for your feedback.
Rui
if you forgot the password then login using your fingerprint….
🙂
as soon as i tried to login with the fingerprint a message appears:
“Your password has expired. To change your password, sign in with password instead of PIN”. Tried also the PIN and the same message appears.
Any thoughts on my questions?
Thanks!
Rui
is this computer joined to a domain ?
if you mean that if is linked to an Microsoft account, no, it isnt. However, has the disk with Bitlocker.
if you mean that if is linked to an Microsoft account, no, it isnt. However, has the disk with Bitlocker.
so it’s a work computer but not joined to a domain ? then there’s not a lot anyone can do to help you, if you don’t remember your own password and it’s bitlockered, and if your fingerprint cannot log you in then you are stuck…
hi ncbrady
I had saved recovery key in a cd and it is corrupt now and also Don t have password.
When I entering command as you say then password id and numerical Id are coming but not the password.What should I do?Thanks in advance
if you cannot find your recovery key then there’s not a lot you can do except verify if your key is stored in your microsoft account
hi ncbrady,
When I use the command ‘manage-bde -protectors -get c:’ above, I get;
Numerical Password:
ID: {A full code}
TPM:
ID:{A full code}
PCR Validation Profile:
7, 11
Its not giving me any 48 digit password. Can you please help?
hi, can you show me a screenshot of what you do see ?