Decrypting a Bitlocker HDD connected to SATA USB cable
Comments
-
Only works if the guys on the ground IE the desktop support guys, are allowed access to TPM management. Last two places I worked wouldn't allow that and these were large organisations.
It's possible but the eality is the permissions that the various depts are given are not always the ones that allow you to do everything.0 -
Later I will be able to test accessing the HDD in question,ChuckMountain wrote: »Sorry but you are giving really bad advice here yes its possible to recover bitlocker drives. That's the whole point of the recovery key, the 48 numeric character one :cool:
The TPM effectively prevents you from entering this information each time, it doesn't store additional information that is required to unlock the drive.
Motherboard failure is quite common in large organisations in laptops due to the wear and tear they get.
Have a look at some threads here on Technet or Google it
https://social.technet.microsoft.com/Forums/windows/en-US/d7be2e19-3eb2-4e7f-8d6a-c7f0f5474b93/bitlocker-new-motherboard-replacement?forum=w7itprosecurity
That's on Windows 7 and it was a damn sight harder back then.
Bitlockered on W10, on a different W10 machine.
The upshot so far seems: W7 with cannot access a W10 Bitlockered drive, even though the expected Key prompt pops up when I try.
Absolutely nothing on MS's site to warn about or explain this.
So a typical scenario may be: I got an upgrade to W10, expected or not, it disabled my machine, then had to roll back to W7 and expected to be able to at least retrieve my data...0 -
In enterprise environment we use group policy to force bitlocker no NOT use TPM for the reasons given above0
-
Later I will be able to test accessing the HDD in question,
Bitlockered on W10, on a different W10 machine.
The upshot so far seems: W7 with cannot access a W10 Bitlockered drive, even though the expected Key prompt pops up when I try.
Absolutely nothing on MS's site to warn about or explain this.
So a typical scenario may be: I got an upgrade to W10, expected or not, it disabled my machine, then had to roll back to W7 and expected to be able to at least retrieve my data...
No you are right nothing obvious on MS website to warn you.
I suppose its like an analogy of the enigma machine, the 1st generation ones encrypted the data and you needed the same key to get the message back.
However later they invented an even better enigma machine and that would had extra ciphers. The early one would have not have been able to decode messages from those. Potentially same with Windows 10 vs 7.0 -
-
unforeseen wrote: »Only works if the guys on the ground IE the desktop support guys, are allowed access to TPM management. Last two places I worked wouldn't allow that and these were large organisations.
It's possible but the eality is the permissions that the various depts are given are not always the ones that allow you to do everything.
If you take out a drive out of a machine that has been bitlocker encrypted and have the long 48 digit recovery key that is the same as the identified key you will be able to unlock on another machine. If it is the same or later version of Windows OS.
If you're IT department have locked down functions that's not going to help you necessarily but it doesn't stop the underlying technology.0 -
We use the TPM chip, and we just set up our protectors and push our recovery passwords in to the AD Computer object and recover them when required using the Bitlocker tab in ADUC.0
-
Confirmed, Ive now tested it and can access the drives data from a different W10 machine using the saved key.ChuckMountain wrote: »If you take out a drive out of a machine that has been bitlocker encrypted and have the long 48 digit recovery key that is the same as the identified key you will be able to unlock on another machine. If it is the same or later version of Windows OS.
If you're IT department have locked down functions that's not going to help you necessarily but it doesn't stop the underlying technology.
The fail that will waste a few peoples time is that when attempting the same thing on a W7 machine, no warning comes up about incompatibility of Bitlocker version. Just a wrong password message and a link to unhelpful MS articles.
I wouldnt be surprised if somewhere theres a method for opening from W7 using a software utility, but again the documentation is vague.0 -
Good glad you got sorted.
I am surprised there is no mention of version differences on MS.
Especially given your scenario of rolling back from W10 which I would have thought a reasonable amount of people would do and some of those will have bitlocker.
I guess its a bit like my analogy of engima or similar to when you download drivers you need the right version for Windows.
The only other thing could be if Bitlocker generated a different recovery key on different versions.... Am assuming you copied and pasted the key on Win 7 box as it easy to get one of the 48 digits wrong
Windows 7 and Bitlocker were a pain most things were manual including the TPM, now in Windows 10 its fully managed with additional features etc.0 -
I was careful that the complete plaintext key got pasted into the field on W7.
Well you live & learn stuff...0
This discussion has been closed.
Categories
- All Categories
- 343.1K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.6K Spending & Discounts
- 235.1K Work, Benefits & Business
- 607.8K Mortgages, Homes & Bills
- 173K Life & Family
- 247.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards