Jan 25 2020 09:15 PM
Hi all,
I just enabled and completed Bitlocker encryptoni on C: on a Win 10 Pro machine, remotely. I saved the bitlocker key file just in case. In order to maintain remote access over the long term, I want to ensure the computer does not prompt a user for any kind of key, I just need it to boot to Windows as normal. I'vec had users in the past, where BitLocker was on, be prompted by it at times, for no known reason. I really do not need the hassle, so I'm trying to determine how to be sure of this, yet can't.
In Bitlocker under Control Panel, if I click the option (paraphrasing as it's not in front of me right now) "change how driver is unlocked at startup".
If I go into this, the only available options is to set a PIN, the other two options are greyed out.
Do I even want to enable anything in here? I suppose I need to read up on this a bit more but would appreciate the straight up advice on how to avoid users being prompted, ever, ideally.
Jan 25 2020 09:48 PM
You can try either suspending or disable then re-enable:
Suspend:
Or
Disable/Enable:
In elevated PoSh window:
<for remote establish a session 1st>
manage-bde -protectors -disable c:
reboot
manage-bde -protectors -enable c:
reboot
Jan 27 2020 10:52 AM
Oh so do you mean that suspending or disabling might make those other 2 options available to toggle? That's logical I agree so I'll test that out, however my goal is to avoid enabling any features that result in users having to interact at boot time to allow booting to occur. It seems all of these 3 options in some way will ask a user to interact, which means, if I'm using remote access, I'll lock myself out by rebooting.
All I do know is that after enabling and finishing the Bitlocker encryption, I rebooted once, and did not get locked out so it means by default there are no prompts on boot, so that's good.
Now I suppose what I need to understand is why Bitlocker would have any reason to prompt a user on boot, be it triggered by an event, or periodic by design like after certain more intrusive Windows Updates perhaps. *shrug8
Jul 08 2020 09:04 PM
@ViProCon Hey mate, I just came across your question - did you get this sorted?
Turn TPM 1.2 on in the BIOS Security settings. That'll do the trick.
Jul 09 2020 07:47 AM
Jul 09 2020 07:50 AM
Nov 14 2022 04:38 PM
@david kay I am facing the problem of a lost recovery key, I am ready to wipe the entire device, however not being able to get through the BitLocker Lock. What can I do?