Content on a lost or stolen computer is vulnerable to unauthorized access. This can present a security risk to both people and companies. Microsoft BitLocker Administration and Monitoring (MBAM) uses BitLocker to help prevent unauthorized access by locking your computer, to help protect sensitive data from malicious users. BitLocker can also help protect data when BitLocker-protected computers are discarded or recycled.
BitLocker Drive Encryption can provide protection for any hard disk on a computer. This includes operating system drives, data drives, and removable drives (such as a USB thumb drive). BitLocker does this by encrypting the drives. Depending on how BitLocker is configured, users may have to provide a key (a password or PIN) to unlock the information that is stored on the encrypted drives.
In addition to passwords and PINs, BitLocker can use the Trusted Platform Module (TPM) chip provided in many newer computers. The TPM chip makes sure that your computer has not been tampered with before BitLocker will unlock the operating system drive. During the encryption process, you may have to enable the TPM chip. To enable the TPM chip, you will have to restart your computer and then change a setting in the BIOS, a pre-Windows layer of your computer software.
As soon as your computer is protected by BitLocker, you may have to enter a PIN or password every time that the computer wakes from hibernation or starts. The help desk for your company or organization can help if you ever forget your PIN or password.
Working with BitLocker
As soon as BitLocker is enabled, you can unlock your computer to view the files on an encrypted hard drive. If BitLocker is configured to use the TPM chip on your computer, the TPM chip verifies that your computer has not been tampered with before the computer starts. For more information about the TPM chip, see About the Computer TPM Chip. The computer may prompt you for a PIN to unlock your computer. You may also be prompted to unlock other hard disk drives on your computer by using a password.
|Because BitLocker encrypts the whole drive and not just the individual files themselves, be careful when you move sensitive data between drives. If you move a file from a BitLocker protected drive to a nonencrypted drive, the file will no longer be encrypted.|
About the BitLocker Control Panel Application
To unlock hard disk drives on your computer and manage your PIN and passwords, use the BitLocker Encryption Options application in the Windows Control Panel by following the procedure outlined here. This is where you can enter passwords to unlock protected drives and check the BitLocker status of attached drives.
To Open BitLocker Encryption Options
Click Start, and select Control Panel. This opens the Control Panel in a new window.
In Control Panel, select System and Security.
Select BitLocker Encryption Options. This opens the BitLocker Encryption Options application.
From here, you can unlock your hard disk drives and manage your PIN and password keys. For more information about the BitLocker Encryption Options application, see BitLocker Encryption Options Help.
|You can also access this tool by right-clicking a hard disk drive in My Computer and selecting BitLocker Encryption Options.|
How to Unlock Your Computer if You Forget Your PIN or Password
If you forget your PIN or password, your help desk can help you unlock BitLocker protected drives. To unlock a drive protected with BitLocker, contact your help desk if you need help.
Information to Give Help Desk
When you contact your help desk, you will need to provide them with the following information:
- Your user name
- Your domain
- The first 8 digits of your Recovery Key ID.
This is a 48 digit code that BitLocker will display if you forget
your PIN or password.
- If you forget your PIN, the Recovery Key ID
can be found in the BitLocker Recovery Console. The BitLocker
Recovery Console is a pre-Windows screen that will be displayed if
you do not enter the correct PIN.
- If you forget your password, the Recovery Key
ID can be found in the BitLocker Encryption Options Control Panel
application. Select Unlock Drive and then click. I cannot
remember my password. The BitLocker Encryption Options
application will then provide you with a Recovery Key ID to provide
to help desk.
- If you forget your PIN, the Recovery Key ID can be found in the BitLocker Recovery Console. The BitLocker Recovery Console is a pre-Windows screen that will be displayed if you do not enter the correct PIN.
- Your user name
Once your help desk receives the necessary information, they will provide you with a Recovery Key over the phone or through e-mail.
- If you forgot your PIN, enter the Recovery
Key in the BitLocker Recovery Console. This will unlock your
- If you forgot your password, enter the
Recovery Key in the BitLocker Encryption Options Control Panel
application, in the same location where you found the Recovery Key
ID earlier. This will unlock the protected hard drive.
- If you forgot your PIN, enter the Recovery Key in the BitLocker Recovery Console. This will unlock your computer.