Computers are Being Encrypted by Bitlocker- Do This or Lose Your Data!

Below is aggregated feed-back & recommendations based on subscribers & our experience. ******************************************************************** #1 Make sure you have a current local backup of all data & a cloud backup. Ideally you have file history backup turned on also. ***Overall Advice:*** There is no good answer to this, except maybe move to a different operating system. You can use info in the video disable BitLocker, but some subsequent event may still activate it on your system. My best advice is to get a MS outlook account & use it for your login. Activate bitlocker and store the key. Why? A known state for the computer is better than an unknown state. If you don't log into Windows with a MS account, you could inadvertently be using a MS service and MS will activate Bitlocker. At that point you won't know where the key is located. Crazy hugh? Thank you MS. In theory using a local account could (not guaranteed ) keep BitLocker off the computer. ***What you need to know about a MS account:*** You may have a Microsoft (MS) account & not know it. If you signed up for any cloud services (Like Teams) with MS you would have linked a MS account or if your work/school linked you to any cloud based services this would have activated Azure AD tied to a MS account. This account could hold your key. Please take this seriously & check your system to see if Bitlocker is activated. It will only take one system update, hardware change, or bios update to activate this potential blue screen of death on your computer. Your computer could be tied to someone else that used a MS account on the computer. Or any other MS account service. Normally MS doesn't allow Bitlocker to become activated unless the OS has used a MS account on the computer in some way. Please review if possibly someone else used a MS account on your computer. Good info on Reddit: www.reddit.com/r/WindowsHelp/comments/pr3rqr/bitlo… A "Microsoft account" is a very vague term. One account will allow you access to certain Microsoft services, whereas another will not. How do you check this? There are at least 4 different ways to log into a Microsoft account: account.microsoft.com/ myaccount.microsoft.com/ mysignins.microsoft.com/ azure.microsoft.com/en-ca/account ***BitLocker Commands*** learn.microsoft.com/en-us/windows-server/administr… a) Will give the status of BitLocker Protection on the drive Manage-bde -status c: b) Will unlock the drive if locked, otherwise will return an error Manage-bde -unlock c: -rp "Your Recovery Key no quotes" c) Will disable BitLocker Protection on your drive Manage-bde -protectors -disable c: d) Will give you the Drive ID & the Drive ID Password/BitLocker Key manage-bde -protectors -get c: ***BitLocker Blue Screen of death...things you can try:*** 1. In BIOS go to security disable secure boot and restart 2. At Bitlocker recovery screen press escape then skip drive 2.1 Troubleshoot/Advanced Options - Select System Restore 2.2 Troubleshoot/Advanced Options - Select Go Back to previous build 2.3 Select Troubleshoot - Select Reset PC & Keep Files 2.4 Troubleshoot/Advanced Options - Select System Image Recovery (if you have one...may need to insert Bootable media to complete) ***Have BitLocker Key but auto repair keeps looping...Possible Solution:*** manage-bde is the command for managing Bitlocker Drive Encryption Change your drive letter below if it is not C: 1. Let it loop....At the recovery screen, prese "Esc" for more recovery options 2. Press skip drive on next screen 3. Select Troubleshoot 4. Select Advanced Options 5. Select Command Prompt 6. Check Drive Status type inside the quotes "Manage-bde -status c:" - Should indicate protection status is on 7. Type "Manage-bde -unlock c: -rp 123456-789123-456789-123456-789123-456789-123456-789123" - Should indicate drive is unlocked 8. Type "Manage-bde -protectors -disable c:" to disable BitLocker - You should be able to reboot the drive without Bitlocker @CraftsBayou @CyberMedics but what about when you have the correct key it tries to diagnose and then do an auto repair that keeps looping? @carinyaenterprise9674 @CyberMedics Had the same problem, Could not even do the reinstallation. Luckily I could do a reinstall via ASUS - lost all data though. Was about to get M365 but no - will look for other options now. Not a cent towards MS from me. Thanks for the video, though. It helped me to understand it all some more. Question: If I switch off the device encryption you mention at 3:42 will it get permanently rid of the need to put the key in? ***How to format a drive encrypted with Bitlocker?*** @-stayinzambia8950 7 months ago can i do a fresh installation of windows 11 on the bit-locked system drive to replace the old one since it has been bit-locked and i have no recovery key for it？ please note - i cannot log on the system since when asked to enter PIN, letter cannot be entered. @CyberMedics 7 months ago This answer if from Super User: superuser.com/questions/408809/how-to-format-a-dri…. It was voted the most useable. I have not done this myself, but it seems logical. Let me know what you find out. Hope you gave the video a thumbs up. Thanks for commenting & subscribing to the channel. Super User Answer "Press SHIFT-F10 or hit 'repair' in from the Windows installation to open up the command line, then execute the diskpart command and delete the partition, e.g.: list disk, select disk 0 or any other identifying the correct disk, list partition, select partition 1, or the encrypted one , in case there are multiple partitions, then delete partition override. You can then resume the install procedure normally to repartition and format the drive." ***Trusted Platform Module Discussion*** MS What is TPM? support.microsoft.com/en-us/topic/what-is-tpm-705f… From Microsoft: TPM is used to improve the security of your PC. It's used by services like BitLocker drive encryption, Windows Hello, and others, to securely create and store cryptographic keys, and to confirm that the operating system and firmware on your device are what they're supposed to be, and haven't been tampered with. @AndreiSimion-hw6qr 8 months ago In one of your previous clips you said they tpm will give you extra safety. I have one drive encrypted without tpm and it says that I don't have tpm 1.2 enabled. Went to bios (asus) and I had the discrete tpm option enabled. The other option is ftpm and when selected it prompts me a message about 2.0 amd agesa. By enabling this will get the 1.2 in windows? Will there be any compatibility issues? I am on win 10 @CyberMedics 8 months ago First thing is to make sure you have a local backup of all data & a cloud backup. Ideally you have file history backup turned on in windows also. Here are useful links for your review: premioinc.com/blogs/blog/differences-between-ftpm-… learn.microsoft.com/en-us/windows/security/informa… support.microsoft.com/en-us/windows/update-your-se… learn.microsoft.com/en-us/windows/security/informa… Here is my conclusion from reviewing this. FTPM enabled will give you the best chance of having the highest level of TPM protection on an Window 10 computer. This allows the manufacturer to upgrade BIOS firmware TPM. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 are supported. Short answer: I believe enabling the FTPM will give you a minimum of TPM 1.2. There may be a BIOS update that would allow you to run TPM 2.0. Please validate all your Bitlocker keys, because any of these changes could activate the Bitlocker Key recovery. @CyberMedics thanks for your kindness. do you recommend removing the recovery key for better safety? (eg I don't think i will ever forget my password and I find it pointless having a recovery key when it could decrease the safety) Reply @CyberMedics 8 months ago @AndreiSimion-hw6qr Bitlocker encryption is implemented in conjunction with TPM to enhance the security of your computer. It is a layer of protection at the hardware level that protects against cyber attacks. I don't recommend turning it off.

This happened to me. Microsoft needs to warn users and make sure we are aware of the encryption system.

This was a great video! I really don’t mind Bitlocker, but I don’t like how it is set up. My kid has had two different Dell computers that ended up locking him out with Bitlocker. In neither case did he intend to set it up. But in the first case, we actually had to send it back to the manufacturer. No process should be so lacking in redundancies as to require that. I’m manually turning it off every PC I have as soon as I get home.

great video and information. i needed this 2 weeks ago, but now i know how to recover a client's Windows computer if it locks us out. we had to replace a motherboard in a laptop, luckily Lenovo tech told me to first turn off bitlocker or we may have to reinstall windows.

🙂 they say now its going to be on by Default? whats up with that 🤔 if i was going to encrypt i think i would prefer Veracrypt

The manage bde protectors just gives me the same key in password. I think my MS account was my school account and that's de-activated. I cant find another way to open my laptop, guess i am gonna have to format it.

I have Windows 11 Home installed on my system The previous step using "manage-bde -status" found Bitlocker was not installed on any of my drives. The response I got from: manage-bde -protectors -get c: was the following: No key protectors found. Does that mean I definitely don't have Bitlocker installed at all? Should I be concerned about the next big update where MS is going to try to install Bitlocker and encrypt my hard drive? How do I stop that from happening?

Good evening. First of all, thank you for your video! Unfortunately for me...when I try the -get C: command, the Numerical Password is NOT a numerical password. It is letters and numbers. In addition, the Bitlocker window is showing one Recovery Key ID number, while my Microsoft account shows ANOTHER Recovery ID number. Yet, both seem to have been created on the same day. I've gone through all the steps that you've mentioned, and I've taken actions such as resetting the Secure Boot Key Management to Restory Factory Settings, enabling and disabling the Secure Boot. No success! I don't have a restore point, I haven't backed up my files in a while to an external drive, and I don't have a system image to work off of. If you can think of another workaround, I'd be truly grateful! If not, well, thanks for reading this message.

What a lifesaver this video was to recover the crazy key. Recent update and bam... didn't have a clue it was setup. THANK YOU

Unfortunately for me, after upgrading my system from windows 10 to windows 11, a bios updates was also installed with the updates. I got the bitlocker blue screen. My Microsoft account shows the laptop in my profile. However, it shows that device as not having bitlocker setup on that system. So, there is no key for me to use to unlock my system. Microsoft technical support says there is nothing they can do. Because it is was windows 10 home upgraded to windows 11 Home that should mean the key is stored on the device in the TPM. Any advice on TPM sniffing, or any videos you can recommend to help me find my key?

@CyberMedics My local drive D is locked I did a CMD command to unlock and it stated that I had to do it from within my Control panel. I have access to my C drive but all my files are in my D drive. What can I do? I had no idea my computer had a Bitblocker

I have not been able to open bitlocker lock on my d drive. If opened in cmd, manage-bde -Protectors -get D: It does not show the numerical key, only the numerical password Id. And External key: ID. And without numerical password key it won't open. Please guide and help. In cmd or powershell When tried to enable Automatic Unlock . It says that it can not be done since the drive has been locked. I am stuck, I tried all the methods but none of them worked. 😥😓☹️ I have mailed you the screen shot.

What if iv never ever heard of bitlocker until 2 days ago that im locked out. I dont have key saved in ms account, how do i get in my hard drive now

Hello sir i need a big help i didnt know about a bitlock and i updated to w11 and now i dont have any recovery key setupped or i cant get command prompt please help me sooon as possible

I had this happen to me and thought my drive had failed in my Dell Inspiron 1500 series, so I replaced the drive with a new one and installed Win11. I have installed the old encrypted ssd drive into an external case in hopes of retrieving my data, have I messed up the recovery of that drive? Am I screwed so to speak by MS? The drive had a lot of business and personal data on it.

So when you activate your OEM Laptop or Tower System (1st time OOBE activation) ... Activate with a MS Account? Thus avoiding this "BTL Blue Screen" KEY Recovery issue? Alot of UTube Techies advising to AVOID the MS Account activation and just create a "Local User" account. So which option do you suggest?

Great information and strp-by-srep instructions. Too bad I didn't even know what BitLocker is, let slone that Microsoft installed it on my computer unbeknownst to me. Unfortunately, BitLocker's blue screen appeared on my laptop today l. It took me completely by surprise! Now, I'm wasting valuable time trying to figure out how the heck to get access to my own llaptop! I really appreciate your video, and I HOPE it eill be useful if I can follow these instructions on my desktop computer BEFORE Microsoft locks it up, too! 😢

Tamsak and waiting love this content bitlocker recovery

in my dell vostro 5471 window 11 home in cmd it does not recognise manage-bde -status

I think some comments were put into held for review and did not make it on the video. If you don't see your comment, please post again. Apologize for any inconvenience.