Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@. Skimlinks & other affiliated links are turned on

Search
  • FIRST POST
    • buglawton
    • By buglawton 9th Apr 18, 4:45 PM
    • 7,302Posts
    • 3,754Thanks
    buglawton
    Decrypting a Bitlocker HDD connected to SATA USB cable
    • #1
    • 9th Apr 18, 4:45 PM
    Decrypting a Bitlocker HDD connected to SATA USB cable 9th Apr 18 at 4:45 PM
    If I try to open my old windows 10 Bitlocker-encrypted hard drive via the SATA adapter cable from the original machine (a Windows laptop 10, now on SSD), I can simply paste in the key and open the external drive.

    On a different (Windows 7) machine I am told that the key is incorrect. In both cases the same correct encrypted volume ID is shown.

    Any explanation?
Page 1
    • unforeseen
    • By unforeseen 9th Apr 18, 5:17 PM
    • 2,514 Posts
    • 3,204 Thanks
    unforeseen
    • #2
    • 9th Apr 18, 5:17 PM
    • #2
    • 9th Apr 18, 5:17 PM
    On your original machine there is an entry in the TPM system for the HDD as it was an internal drive so all matches.

    A different machine, even another win 10 one will have problems because there is no TPM entry for it. because it is Bitlockered as an internal drive then Bitlocker expects to see a TPM entry.

    I suggest you decrypt it on your original machine and re encrypt using Bitlocker to go. That should allow you to use it on other machines
    Last edited by unforeseen; 09-04-2018 at 5:20 PM.
    • AndyPix
    • By AndyPix 9th Apr 18, 5:58 PM
    • 3,404 Posts
    • 2,575 Thanks
    AndyPix
    • #3
    • 9th Apr 18, 5:58 PM
    • #3
    • 9th Apr 18, 5:58 PM
    ^^ Great answer


    Basically when you encrypt the drive and generate a key, part of that key is kept on the TPM chip inside the computer.
    Running with scissors since 1978
    • buglawton
    • By buglawton 9th Apr 18, 7:03 PM
    • 7,302 Posts
    • 3,754 Thanks
    buglawton
    • #4
    • 9th Apr 18, 7:03 PM
    • #4
    • 9th Apr 18, 7:03 PM
    Thanks guys, I never realised that Bitlockered HDDs are keyed to their original machines. So if your PC with an encrypted drive fails completely, you cant retrieve your data. In that respect Ive been living with a false sense of security.
    • unforeseen
    • By unforeseen 9th Apr 18, 9:02 PM
    • 2,514 Posts
    • 3,204 Thanks
    unforeseen
    • #5
    • 9th Apr 18, 9:02 PM
    • #5
    • 9th Apr 18, 9:02 PM
    Thanks guys, I never realised that Bitlockered HDDs are keyed to their original machines. So if your PC with an encrypted drive fails completely, you cant retrieve your data. In that respect Ive been living with a false sense of security.
    Originally posted by buglawton
    Yep, motherboard failure means you lose everything. It only needs to happen once to concentrate the mind on the importance of regular backups.

    We see it in work. No matter how many times they are told that all data needs to be on the network drives they still insist on saving it to the desktop risking not only loss due to hardware failure but also profile corruption.
    • joeypesci
    • By joeypesci 9th Apr 18, 9:04 PM
    • 492 Posts
    • 178 Thanks
    joeypesci
    • #6
    • 9th Apr 18, 9:04 PM
    • #6
    • 9th Apr 18, 9:04 PM
    On your original machine there is an entry in the TPM system for the HDD as it was an internal drive so all matches.

    A different machine, even another win 10 one will have problems because there is no TPM entry for it. because it is Bitlockered as an internal drive then Bitlocker expects to see a TPM entry.

    I suggest you decrypt it on your original machine and re encrypt using Bitlocker to go. That should allow you to use it on other machines
    Originally posted by unforeseen
    Nice. Even I didn't know that.
    • buglawton
    • By buglawton 9th Apr 18, 9:41 PM
    • 7,302 Posts
    • 3,754 Thanks
    buglawton
    • #7
    • 9th Apr 18, 9:41 PM
    • #7
    • 9th Apr 18, 9:41 PM
    On MS website, its ambiguous:

    https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions
    Can I access my BitLocker-protected drive if I insert the hard disk into a different computer?

    Yes, if the drive is a data drive, you can unlock it from the BitLocker Drive Encryption Control Panel item just as you would any other data drive by using a password or smart card. If the data drive was configured for automatic unlock only, you will have to unlock it by using the recovery key. The encrypted hard disk can be unlocked by a data recovery agent (if one was configured) or it can be unlocked by using the recovery key.

    I guess it hangs on the definition of what is a data drive.
    • ChuckMountain
    • By ChuckMountain 9th Apr 18, 10:27 PM
    • 96 Posts
    • 24 Thanks
    ChuckMountain
    • #8
    • 9th Apr 18, 10:27 PM
    • #8
    • 9th Apr 18, 10:27 PM
    Sorry but you can open an encrypted Bitlocker drive on another machine. You don't even have to have TPM enabled (or present).

    You do of course need the right key, the really long numeric one.

    I suspect the problem you are seeing is you are trying on Windows 7 vs Windows 10. If it has been encrypted on Windows 10 then try it on another Windows 10 laptop or machine.
    • ChuckMountain
    • By ChuckMountain 9th Apr 18, 10:30 PM
    • 96 Posts
    • 24 Thanks
    ChuckMountain
    • #9
    • 9th Apr 18, 10:30 PM
    • #9
    • 9th Apr 18, 10:30 PM
    Yep, motherboard failure means you lose everything. It only needs to happen once to concentrate the mind on the importance of regular backups.

    We see it in work. No matter how many times they are told that all data needs to be on the network drives they still insist on saving it to the desktop risking not only loss due to hardware failure but also profile corruption.
    Originally posted by unforeseen
    I think you need a new IT department in that case ...

    It would be a bit a real challenge if broken hardware caused complete lock out.

    So long as the key is saved, which is a challenge if you let the users do Bitlocker themselves then you can unlock it on a different device same OS. That's why if you do into a network environment you should do it with Bitlocker managed centrally, that way somebody forgets it you still have a secure backup.

    I am looking at a encrypted drive at the moment from a different machine. It prompts me for the key to unlock ...
    • unforeseen
    • By unforeseen 10th Apr 18, 6:06 AM
    • 2,514 Posts
    • 3,204 Thanks
    unforeseen
    If you replace the motherboard you will not get back into the HDD no matter how many recovery keys you have.

    Bitlocker is controlled centrally so keys are not a problem
    • ChuckMountain
    • By ChuckMountain 10th Apr 18, 9:04 AM
    • 96 Posts
    • 24 Thanks
    ChuckMountain
    If you replace the motherboard you will not get back into the HDD no matter how many recovery keys you have.

    Bitlocker is controlled centrally so keys are not a problem
    Originally posted by unforeseen
    Sorry but you are giving really bad advice here yes its possible to recover bitlocker drives. That's the whole point of the recovery key, the 48 numeric character one

    The TPM effectively prevents you from entering this information each time, it doesn't store additional information that is required to unlock the drive.

    Motherboard failure is quite common in large organisations in laptops due to the wear and tear they get.

    Have a look at some threads here on Technet or Google it

    https://social.technet.microsoft.com/Forums/windows/en-US/d7be2e19-3eb2-4e7f-8d6a-c7f0f5474b93/bitlocker-new-motherboard-replacement?forum=w7itprosecurity

    That's on Windows 7 and it was a damn sight harder back then.
    • unforeseen
    • By unforeseen 10th Apr 18, 11:27 AM
    • 2,514 Posts
    • 3,204 Thanks
    unforeseen
    Only works if the guys on the ground IE the desktop support guys, are allowed access to TPM management. Last two places I worked wouldn't allow that and these were large organisations.


    It's possible but the eality is the permissions that the various depts are given are not always the ones that allow you to do everything.
    • buglawton
    • By buglawton 10th Apr 18, 12:19 PM
    • 7,302 Posts
    • 3,754 Thanks
    buglawton
    Sorry but you are giving really bad advice here yes its possible to recover bitlocker drives. That's the whole point of the recovery key, the 48 numeric character one

    The TPM effectively prevents you from entering this information each time, it doesn't store additional information that is required to unlock the drive.

    Motherboard failure is quite common in large organisations in laptops due to the wear and tear they get.

    Have a look at some threads here on Technet or Google it

    https://social.technet.microsoft.com/Forums/windows/en-US/d7be2e19-3eb2-4e7f-8d6a-c7f0f5474b93/bitlocker-new-motherboard-replacement?forum=w7itprosecurity

    That's on Windows 7 and it was a damn sight harder back then.
    Originally posted by ChuckMountain
    Later I will be able to test accessing the HDD in question,
    Bitlockered on W10, on a different W10 machine.

    The upshot so far seems: W7 with cannot access a W10 Bitlockered drive, even though the expected Key prompt pops up when I try.
    Absolutely nothing on MS's site to warn about or explain this.

    So a typical scenario may be: I got an upgrade to W10, expected or not, it disabled my machine, then had to roll back to W7 and expected to be able to at least retrieve my data...
    • AndyPix
    • By AndyPix 10th Apr 18, 12:39 PM
    • 3,404 Posts
    • 2,575 Thanks
    AndyPix
    In enterprise environment we use group policy to force bitlocker no NOT use TPM for the reasons given above
    Running with scissors since 1978
    • ChuckMountain
    • By ChuckMountain 10th Apr 18, 2:22 PM
    • 96 Posts
    • 24 Thanks
    ChuckMountain
    Later I will be able to test accessing the HDD in question,
    Bitlockered on W10, on a different W10 machine.

    The upshot so far seems: W7 with cannot access a W10 Bitlockered drive, even though the expected Key prompt pops up when I try.
    Absolutely nothing on MS's site to warn about or explain this.

    So a typical scenario may be: I got an upgrade to W10, expected or not, it disabled my machine, then had to roll back to W7 and expected to be able to at least retrieve my data...
    Originally posted by buglawton
    No you are right nothing obvious on MS website to warn you.

    I suppose its like an analogy of the enigma machine, the 1st generation ones encrypted the data and you needed the same key to get the message back.

    However later they invented an even better enigma machine and that would had extra ciphers. The early one would have not have been able to decode messages from those. Potentially same with Windows 10 vs 7.
    • ChuckMountain
    • By ChuckMountain 10th Apr 18, 2:23 PM
    • 96 Posts
    • 24 Thanks
    ChuckMountain
    In enterprise environment we use group policy to force bitlocker no NOT use TPM for the reasons given above
    Originally posted by AndyPix
    Do you use USB or Network unlock in that case?

    Presumably users don't have to type in the really long key each time
    • ChuckMountain
    • By ChuckMountain 10th Apr 18, 2:25 PM
    • 96 Posts
    • 24 Thanks
    ChuckMountain
    Only works if the guys on the ground IE the desktop support guys, are allowed access to TPM management. Last two places I worked wouldn't allow that and these were large organisations.


    It's possible but the eality is the permissions that the various depts are given are not always the ones that allow you to do everything.
    Originally posted by unforeseen
    If you take out a drive out of a machine that has been bitlocker encrypted and have the long 48 digit recovery key that is the same as the identified key you will be able to unlock on another machine. If it is the same or later version of Windows OS.

    If you're IT department have locked down functions that's not going to help you necessarily but it doesn't stop the underlying technology.
    • Lorian
    • By Lorian 10th Apr 18, 2:46 PM
    • 4,303 Posts
    • 2,432 Thanks
    Lorian
    We use the TPM chip, and we just set up our protectors and push our recovery passwords in to the AD Computer object and recover them when required using the Bitlocker tab in ADUC.
    • buglawton
    • By buglawton 11th Apr 18, 7:38 AM
    • 7,302 Posts
    • 3,754 Thanks
    buglawton
    If you take out a drive out of a machine that has been bitlocker encrypted and have the long 48 digit recovery key that is the same as the identified key you will be able to unlock on another machine. If it is the same or later version of Windows OS.

    If you're IT department have locked down functions that's not going to help you necessarily but it doesn't stop the underlying technology.
    Originally posted by ChuckMountain
    Confirmed, Ive now tested it and can access the drives data from a different W10 machine using the saved key.

    The fail that will waste a few peoples time is that when attempting the same thing on a W7 machine, no warning comes up about incompatibility of Bitlocker version. Just a wrong password message and a link to unhelpful MS articles.

    I wouldnt be surprised if somewhere theres a method for opening from W7 using a software utility, but again the documentation is vague.
    • ChuckMountain
    • By ChuckMountain 11th Apr 18, 9:52 AM
    • 96 Posts
    • 24 Thanks
    ChuckMountain
    Good glad you got sorted.

    I am surprised there is no mention of version differences on MS.

    Especially given your scenario of rolling back from W10 which I would have thought a reasonable amount of people would do and some of those will have bitlocker.

    I guess its a bit like my analogy of engima or similar to when you download drivers you need the right version for Windows.

    The only other thing could be if Bitlocker generated a different recovery key on different versions.... Am assuming you copied and pasted the key on Win 7 box as it easy to get one of the 48 digits wrong

    Windows 7 and Bitlocker were a pain most things were manual including the TPM, now in Windows 10 its fully managed with additional features etc.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

879Posts Today

6,595Users online

Martin's Twitter
  • Today's twitter poll: have you ever seen a ghost?

  • RT @JohnnyMercerUK: Another important day ahead in achieving parity of esteem between mental and physical health: the breathing space schem?

  • RT @mmhpi: Third time lucky? After being delayed twice, tomorrow MPs are due to debate our #RecoverySpace proposals in parliament. @helen_u?

  • Follow Martin