Jump to content

Windows 7 Bitlocker


zykl0ne

Recommended Posts

hi..i m a newbee...i m having a problem with windows 7 bitlocker preboot splash screen..in which it demands for encryption key..i did something wrong and now its not showing

Link to comment
Share on other sites


  • Replies 5
  • Views 2.5k
  • Created
  • Last Reply

Really if it stopped asking and is still enabled .. things may be as they should be.. Big thing here would be to understand BitLocker... and all of this can depend on how its configured and the GPO..

What is the difference between disabling, suspending, and decrypting when I turn off BitLocker?

Decrypt completely removes BitLocker protection and fully decrypts the drive.

Disable and Suspend refer to the same process. Disable was used in Windows Vista, and Suspend is used in Windows 7. The term was changed to more accurately describe the process. When BitLocker is suspended, BitLocker keeps the data encrypted but encrypts the BitLocker volume master key with a clear key. The clear key is a cryptographic key stored unencrypted and unprotected on the disk drive. By storing this key unencrypted, the Suspend option allows for changes or upgrades to the computer without the time and cost of decrypting and re-encrypting the entire drive. After the changes are made and BitLocker is again enabled, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade, and the clear key is erased. This option is only available for operating system drives.

Do I have to decrypt my BitLocker-protected drive to download and install system updates and upgrades?

Operating system upgrades from Windows Anytime Upgrade require that the operating system drive be decrypted prior to installation. If you upgrade from Windows Vista to Windows 7 or install other non-Microsoft updates, you might need to disable or suspend BitLocker so that a new measurement of the system can be taken after the upgrade or update has been applied. Software and operating system updates from Microsoft Update do not require drive decryption or that you disable or suspend BitLocker.

If you have altered settings this could be the culprit and possibly even a malicious event somewhere...

http://technet.microsoft.com/en-us/library/ee449438%28WS.10%29.aspx#BKMK_NoTPM

Good place to start looking for extended information...

I am guessing that the system still boots just doesn't ask for the key anymore...

So good information about similar issues.. and I have from experience noted that in Hibernation and Sleep Modes.. Something odd does and can happen in some cases... http://windows.bigresource.com/Track/vista-aF8n0TJN/

Except in mine.. the XELDZ file disappeared.. I had to recover the file... and put it back on the drive.. to boot ( and that is without even having BitLocker.. )

Link to comment
Share on other sites


thanks heath28m..system boots if the USB containing encryption key is inserted but when its not there systen doesn't ask for it and a black screen prevails..

Link to comment
Share on other sites


First I would see if you have a TPM or if your system has been setup to only use USB in GPO.. Then next I would check the BIOS to make sure your TPM is enabled.. as it sounds as though it is not or has quit working.. There is a setting.. like I mentioned to set up BitLocker without TPM... and can be changed in the documentation I provided above.. FIRST however make sure you go in and create new keys and make a backup on a USB.. especially if this is you only option.. else you can throw the drive out should something go wrong.. Does sound like this will be simple to change however..

You say your a newbie.. is this a school/work system that has either been setup by someone else or are you setting things up for yourself fresh? Usually this settings doesn't apply be default... Unless you have used something to tweak settings on accident.. Like Windows 7 Manager for example can enable this feature..

It mentions that you need a certain boot order as well in some cases to properly boot from the Drive first then USB .. not the other way around... So DD's, the HDD, then USB... Personally I think the HASP Key is the way to go.. but it is good to have a key on backup and in a safe place.. BitLocker in the Control Panel should allow you to do this..

Link to comment
Share on other sites


First I would see if you have a TPM or if your system has been setup to only use USB in GPO.. Then next I would check the BIOS to make sure your TPM is enabled.. as it sounds as though it is not or has quit working.. There is a setting.. like I mentioned to set up BitLocker without TPM... and can be changed in the documentation I provided above.. FIRST however make sure you go in and create new keys and make a backup on a USB.. especially if this is you only option.. else you can throw the drive out should something go wrong.. Does sound like this will be simple to change however..

You say your a newbie.. is this a school/work system that has either been setup by someone else or are you setting things up for yourself fresh? Usually this settings doesn't apply be default... Unless you have used something to tweak settings on accident.. Like Windows 7 Manager for example can enable this feature..

It mentions that you need a certain boot order as well in some cases to properly boot from the Drive first then USB .. not the other way around... So DD's, the HDD, then USB... Personally I think the HASP Key is the way to go.. but it is good to have a key on backup and in a safe place.. BitLocker in the Control Panel should allow you to do this..

this is a private system..without a TPM chip..USB is the only way to use bitlocker.i have configured all GP settings so that it was working....but some times ago i rewrote the MBR...is that thing is causing a problem..? Any way out??Restore MBR..Rewrite MBR

Link to comment
Share on other sites


This sounds problematic.. BUT... just the opposite occurred to most systems... and it started asking for the key when it booted.. but with an error message.. However--- I would try the recommended plan of action...

1. Boot up

2. Go to Control Panel then BitLocker Drive Encryption

3. Click Suspend Protection

4. Click Enable Protection

The last link I posted has several solutions and range for quite a few configurations.. most of them are SONY VAIO's but cause being the same or similar... The original solution stated decrypting the drive and the encrypting again and to create new keys.. another stated Taking Ownership of the TPM Chip did it but that does not apply here..

I would look through and see what others have to say about it... Changing some of these files may have something directly to do with it.. and for that change you may have needed to actually Suspend the protection... as with updates and so forth.. and now that the MBR has changed it is no longer a valid file.. matching the checksum or w/e.. so it may actually be best to decrypt and then encrypt again... to restore proper function.. editing the MBR further would not make any difference.. Keep the work.. :D

The reaction of the system is exactly how it is designed.. and correct functionality... so at least you know it works.. :thumbsup:

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...