BitLocker Key seems to be a blank value


ann_droid

New member
Local time
9:18 PM
Posts
7
OS
W10, W11, Mint and Debian
Hi

After yesterday's install, no network access and using a Local Account, I find that I need a BitLockerKey.

On the few w10 and 11 installs I have done there has never been any offer/option to save or store a Key.

Using PowerShell (getbitlocker etc etc) | outfile filepath "C:\key.txt" produces a txt file of ZERO bytes, so I am confused.

Any pointers please.
 

My Computer

System One

  • OS
    W10, W11, Mint and Debian
    Computer type
    Laptop
    Manufacturer/Model
    HP,HP, HP and Lenovo
    Other Info
    Assorted hardware and OS's.
After yesterday's install, no network access and using a Local Account, I find that I need a BitLockerKey.
What leads you to believe that BitLocker is enabled?
On the few w10 and 11 installs I have done there has never been any offer/option to save or store a Key.
Automatic Device Encryption is only activated when an administrator signs in to Windows with a Microsoft account (at which time the Recovery Key is automatically saved to that Microsoft account).
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
You may not have a keyprotectors, surprisingly they are not required, but highly recommended.

In powershell
Powershell:
# Check if you have a encrypted disk
Get-BitlockerVolume

If you get a result back and it states 'FullyEncrypted' then you have Bitlocker enabled. If however your protectors is empty then you do not have a recovery key for the bitlocker volume.

To add a key protector
Powershell:
Add-BitlockerKeyProtector -MountPoint C: -RecoveryPasswordProtector

You will want to backup the long code it outputs as this is your backup key.
 

My Computer

System One

  • OS
    Windows 11
Hi

2 things, Linux Mint wanted a password (that is the BL key) to access and mount, and I just de-crypted the drive. So now it mounts.

Also yesterday in a list of tasks BitLocker was there running in the background.

Automatic Device Encryption is triggered, according to the internet, in at least half a dozen ways, and TPM along with Secure Boot and a BIOS upgrade I did are listed as possible triggers.

Hopefully in 29 days time my Microsoft Account will delete itself and I can create a new one. Until then internet access is, as yet, switched OFF.

###########

I would prefer to have encryption and keep my key written down here, but it seems that is not achievable.

I assumed that
 

My Computer

System One

  • OS
    W10, W11, Mint and Debian
    Computer type
    Laptop
    Manufacturer/Model
    HP,HP, HP and Lenovo
    Other Info
    Assorted hardware and OS's.
Thanks.

I am hopefully learning, and having to switch OS's and Laptops is hard, but safety first.

I may well try and wipe W11 and try W10 again.

I am grateful for the help and will try and give credit accordingly.
 

My Computer

System One

  • OS
    W10, W11, Mint and Debian
    Computer type
    Laptop
    Manufacturer/Model
    HP,HP, HP and Lenovo
    Other Info
    Assorted hardware and OS's.
The key is stored in the TPM, the recovery key I mentioned is what would be used to decrypt the drive if tamper protection triggers or from another device.
 

My Computer

System One

  • OS
    Windows 11
On the few w10 and 11 installs I have done there has never been any offer/option to save or store a Key.
I had the same experience on the last 3 new Notebooks I setup in the last 4 months, also found booting a Linux LiveUSB outside of Windows prevented access to the drive, ended up turning off Bitlocker.
 

My Computers

System One System Two

  • OS
    Win11 Pro RTM
    Computer type
    Laptop
    Manufacturer/Model
    Dell Vostro 3400
    CPU
    Intel Core i5 11th Gen. 2.40GHz
    Memory
    12GB
    Hard Drives
    256GB SSD NVMe M.2
  • Operating System
    Windows 11 Pro RTM x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Vostro 5890
    CPU
    Intel Core i5 10th Gen. 2.90GHz
    Memory
    16GB
    Graphics card(s)
    Onboard, no VGA, using a DisplayPort-to-VGA adapter
    Monitor(s) Displays
    24" Dell
    Hard Drives
    512GB SSD NVMe, 4TB Seagate HDD
    Browser
    Firefox, Edge
    Antivirus
    Windows Defender/Microsoft Security
For Linux you can use 'dislocker' and even add that to your mount file or systemd. It supports a few Bitlocker key protectors. Easier to add a 'password' vs 'recoverypassword' key protector and then use that with dislocker
 

My Computer

System One

  • OS
    Windows 11
Automatic Device Encryption is triggered, according to the internet, in at least half a dozen ways, and TPM along with Secure Boot and a BIOS upgrade I did are listed as possible triggers.

Automatic Device Encryption is only activated when an administrator signs in to Windows with a Microsoft account (at which time the Recovery Key is automatically saved to that Microsoft account).
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop

Latest Support Threads

Back
Top Bottom