Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

4137

October 30th, 2018 09:00

W10 Bitlocker and Dell Motherboard Repair

I have a 7490 with W10 and Bitlocker enabled and a dead HDMI port. Pretty sure the Dell tech is going to replace the motherboard as part of the process to fix the HDMI port.

I can't imagine Bitlocker is going to be very happy when it suddenly sees a whole new motherboard. I don't want to lock my user out of their data after the repair. Any idea what my steps are to prevent that, or how Bitlocker will behave with a whole motherboard replacement?

 

9 Legend

 • 

14K Posts

October 30th, 2018 22:00

I've had to do this.  It's not a big deal as long as you're prepared for it.  So on that note:

Absolutely make sure you've backed up your Recovery Key.  You should of course have already done that when you first set up BitLocker, but you will absolutely need it when your motherboard is replaced because the new motherboard's TPM won't have the decryption key for your hard drive.  Then you need to delete the existing TPM protector from your Windows partition and create a new one, since that causes Windows to embed a decryption key into the new TPM so you don't have to keep entering that every time you boot your system.  If you're even slightly comfortable with command line, you can open an elevated Command Prompt and enter the commands below.  If not, you can decrypt and re-encrypt your entire drive, but that will obviously take longer.

Commands:
Manage-bde -protectors -delete c: -type TPM
Manage-bde -protectors -add c: -type TPM

2 Intern

 • 

157 Posts

November 1st, 2018 08:00

Fantastic, that is exactly the advice I've been looking for.

Our Bitlocker keys are stored in AD, but I'll run another backup of the key from the Bitlocker control panel just to double check. Appreciate the response!

1 Rookie

 • 

4 Posts

August 9th, 2022 07:00

In case anyone else is looking, you can also find recovery keys in your Microsoft account. Of course if it was used on the device.

2 Intern

 • 

157 Posts

August 9th, 2022 09:00

Only if you've enabled Bitlocker when logged in with a Microsoft account. In a AD or Azure domain joined situation, none of the users will have a a Microsoft account, and Bitlocker wouldn't be enabled from a typical user account anyway (you'd enable it from GP or an admin account). So there'd be no way to associate a Bitlocker code with a Microsoft account.

But for home users with MS accounts I do believe you have the option to store the Bitlocker key in there.

No Events found!

Top