Windows 10: Surface BitLocker Protector Check Tool verifies your BitLocker settings

Discus and support Surface BitLocker Protector Check Tool verifies your BitLocker settings in Windows 10 News to solve the problem; [ATTACH] [ATTACH]You can use the Surface BitLocker Protector Check Tool to help make sure BitLocker is set up correctly on your device. In this post,... Discussion in 'Windows 10 News' started by WinClub, Nov 26, 2019.

  1. WinClub New Member

    Surface BitLocker Protector Check Tool verifies your BitLocker settings

    WinClub, Nov 26, 2019
    #1
  2. Peer_Sam Win User

    problem with bitlocker

    Hi Roeslie,

    Thank you for writing to Microsoft Community Forums.

    We need some more details to help you find the solution to your problem.

    • Which edition of Windows 10 is installed on your surface machine?
    • Did you notice any changes on the computer recently?
    • When you say, you have a problem with your Surface machine about BitLocker key, do you mean that the surface machine asks you to enter the BitLocker key to allow you to sign into Windows?
    • Does the other computer ask you to enter the BitLocker key to allow you to access the files saved on it?

    If you are being asked to enter a BitLocker key to sign into your surface machine and you don’t remember your BitLocker key, you can follow the instructions given in the link below to find the BitLocker recovery key.

    Find my BitLocker recovery key

    Please get back to us with the information requested above, so that we can suggest the appropriate troubleshooting steps.

    Peer Samie

    Microsoft Community-Moderator
     
    Peer_Sam, Nov 26, 2019
    #2
  3. BitLocker key

    Hi. HC_75

    My name is Mila

    Independent Advisor

    I hope to help.

    This behavior can occur in the following situation:

    • BitLocker is enabled and configured to use the platform configuration register (PCR) values other than the PCR 7 and 11 default values of the PCR, for example, when:

    • Start of Secure is disabled.

    • PCR values have been defined explicitly, as a group policy.

    • Install a firmware update that updates the firmware of the TPM device or changes the firmware signature of the system. For example, install the dTPM surface update (IFX).

    Note: You can check the PCR values that are in use on a device by running the following command from a command prompt with elevated privileges:

    admin-bde.exe-protectors-get <OSDriveLetter>:

    Warning:

    Encryption Unit BitLocker helps protect the confidential information of your organization by encrypting the data. This solution to temporarily disable BitLocker can put the data at risk.

    Method 1: Suspend BitLocker during UEFI or TPM firmware updates

    You can avoid this situation by installing system firmware updates or TPM module firmware by temporarily suspending BitLocker before applying updates to TPM or UEFI firmware using Suspend BitLocker.

    Note: UEFI and TPM firmware updates may require several reboots during installation.

    To suspend BitLocker for the installation of UEFI or TPM firmware updates:

    1. Open an administrative PowerShell session.

    2. Type the following cmdlet and press ENTER: BitLocker suspend MountPoint "C:" - RebootCount 0where C: is the drive assigned to the disk

    3. Install the firmware updates and surface device driver.

    4. After the correct installation of the firmware updates, resume BitLocker using the Resume-BitLocker cmdlet as follows: Resume-BitLocker -MountPoint "C:"

    Method 2: Enable secure startup and restore the default PCR values.

    It is recommended that you restore the default and recommended settings for safe boot and PCR values after BitLocker is suspended to avoid entering BitLocker recovery when applying future updates to UEFI or TPM firmware.

    To enable secure boot on a surface device with BitLocker enabled:

    1. Suspend BitLocker using the Suspend BitLocker cmdlet, as described in method 1.

    2. Boot the UEFI surface device using one of the methods defined in surface UEFI using Surface Laptop, new Surface Pro, Studio surface, Surface Book and Surface Pro 4.

    3. Select the security section.

    4. Click on change the settings in "Secure Start".

    5. Select Microsoft Only and click OK.

    6. Select Saliry, then restart to restart the device.

    7. Resume BitLocker using the Resume-BitLocker cmdlet, as described in method 1.

    To change the PCR values used to validate the BitLocker drive encryption:

    1. Disable the group policies that configure PCR or remove the device from the groups where these policies apply. For more information, see "Deployment options" in the BitLocker Group Policy Reference.

    2. Suspend BitLocker using the Suspend BitLocker cmdlet, as described in method 1.

    3. Resume BitLocker using the Resume-BitLocker cmdlet, as described in method 1.

    Method 3: Remove protectors from the start unit.

    If you have installed a TPM or UEFI update and the device is able to boot, even when you enter the correct BitLocker recovery key, you can restore the boot capacity using the BitLocker recovery key and a surface recovery image to remove BitLocker protectors
    from the boot drive.

    To remove the protectors from the boot drive using the BitLocker recovery key:

    1. Obtain the BitLocker recovery key at go.microsoft.com/fwlink/p/?LinkId=237614 or if BitLocker is managed by other means such as Microsoft BitLocker administration and monitoring (MBAM), contact the administrator.

    2. From another computer, download the surface recovery image to download a recovery image of the surface and create a USB recovery drive.

    3. Boot from the USB surface recovery image unit.

    4. When prompted, select the language of the operating system.

    5. Select the keyboard layout.

    6. Select solve.

    7. Select Advanced Options.

    8. Select the command prompt.

    9. Run the following commands: manage-bde-unlock - recoverypassword <password> C: manage-bde-protectors-disable C: where C: is the drive assigned to the disk and <password> is the BitLocker recovery key that you got in step 1.

    Note: For more information about how to use this command, see the Microsoft Docs Manage-bde article: unlock.

    10. Restart the computer.

    11. When prompted, enter the BitLocker recovery key that you obtained in step 1.

    Note: After disabling the BitLocker protectors on the boot drive, the device will no longer be protected by BitLocker drive encryption. You can re-enable BitLocker by selecting Start, type Manage BitLocker, and press ENTER to start the BitLocker drive encryption
    Control applet subprogram and following the steps to encrypt the drive.

    Method 4: Retrieve the data and restart the device with Bare Metal Recovery (BMR) surface.

    To recover data from the surface device if you cannot start the computer in Windows:

    1. Obtain the BitLocker recovery key at
    https://go.microsoft.com/fwlink/p/?LinkId=237614
    or if BitLocker is managed by other means such as Microsoft BitLocker administration and monitoring (MBAM), contact the administrator.

    2. From another computer, download the surface recovery image to download a recovery image of the surface and create a USB recovery drive.

    3. Boot from the USB surface recovery image unit.

    4. When prompted, select the language of the operating system.

    5. Select the keyboard layout.

    6. Select solve.

    7. Select Advanced Options.

    8. Select the command prompt.

    9. Run the following command: manage-bde-unlock -recoverypassword <password> C: where C: is the drive assigned to the disk and <password> is the BitLocker recovery key that you obtained in step 1

    10. After the unit is unlocked, use the copy or xcopy commands to copy the user data to another unit.

    Note: For more information about these commands, see the Windows Command Line Reference.
     
    MilagrosM2020, Nov 26, 2019
    #3
  4. Viruzz Win User

    Surface BitLocker Protector Check Tool verifies your BitLocker settings

    HELP: Automatic BitLocker Unlock.

    Thank you sir, ill try your solution.

    Windows Auto unlock ONLY works in case you have Bitlocker on your system drive, because if your system drive is not encrypted auto unlocking other drives means loss of security.
    But in my case my system drive is Encrypted with hardware encryption that i password unlock during boot. So auto unlocking Bitlocker drives will do fine for me.
     
    Viruzz, Nov 26, 2019
    #4
Thema:

Surface BitLocker Protector Check Tool verifies your BitLocker settings

Loading...
  1. Surface BitLocker Protector Check Tool verifies your BitLocker settings - Similar Threads - Surface BitLocker Protector

  2. Bitlocker BCD must be verified

    in Windows 10 Gaming
    Bitlocker BCD must be verified: Is this caused by Guarded host cause all my entries in BCD are correct, Bitlocker gives error that it cannot find drive on windows 11 cause BCD settings are incorrect, but they are correct i even enumurated all...
  3. Bitlocker BCD must be verified

    in Windows 10 Software and Apps
    Bitlocker BCD must be verified: Is this caused by Guarded host cause all my entries in BCD are correct, Bitlocker gives error that it cannot find drive on windows 11 cause BCD settings are incorrect, but they are correct i even enumurated all...
  4. Surface book bitlock

    in AntiVirus, Firewalls and System Security
    Surface book bitlock: Get rid of bitlock https://answers.microsoft.com/en-us/windows/forum/all/surface-book-bitlock/07b906b4-91cb-4907-b351-c2c1ed5ac136
  5. Surface GO and BitLocker

    in Windows 10 Installation and Upgrade
    Surface GO and BitLocker: Often when a automatic update occurs my Surface GO restarts with a blue screen asking for a BitLocker key. I have to enter the key twice then the GO restarts correctly. How can I turn off BitLocker? Searching for Manage BitLocker does not work....
  6. surface pro bitlocker

    in Windows 10 Installation and Upgrade
    surface pro bitlocker: I turned on my computer and got the "critical error cannot open start menu." I restarted multiple times and resorted to going into windows troubleshooting, I tried to change start-up settings but I needed to put in a bitlocker code, this is a preowned system I bought so it is...
  7. Bitlocker unlock with recovery protector deleted, Error 8007139f

    in AntiVirus, Firewalls and System Security
    Bitlocker unlock with recovery protector deleted, Error 8007139f: I attempted to move from "startup key" to "TPM and PIN" protection. I have a TPM 2.0 chip. In my ignorance I deleted ALL protectors from this drive and added only the TPMandPIN protector back to the drive so I can't use the recovery key. When I boot to this drive it...
  8. Surface bitlocker

    in AntiVirus, Firewalls and System Security
    Surface bitlocker: The battery on my surface pro went flat, and when I restarted it, the bitlocker screen came up. I see that you have to retrieve the key from the Microsoft account. When I signed in, I need to receive a verification code. However, my only option was an old email account that...
  9. Weird bitlocker settings

    in AntiVirus, Firewalls and System Security
    Weird bitlocker settings: So at my work and home I have been setting up Bitlocker. Today at work I was setting up Bitlocker on a PC and we could not get a password for a option to unlock the device. The only option we get is to either use a USB or a pin. As per the compliance officer we have to...
  10. BitLocker key protector management help

    in AntiVirus, Firewalls and System Security
    BitLocker key protector management help: Seeking BitLocker help: Win10 machine with TPM. OS drive was successfully encrypted with "TPM & PIN" additional key protection. Now I'm hoping to drop back to "just TPM" with no additional PIN protection without having to decrypt and re-encrypt. (note: the reason is so...

Users found this page by searching for:

  1. surface bitlocker protector check 64bit win 10

    ,
  2. Surface BitLocker Protector

    ,
  3. surface bitlocker protector check 64bit

    ,
  4. RecoveryPassword YOUR-BITLOCKER-RECOVERY-KEY BitLocker Drive Encryption: Configuration Tool version 10.0.18362,
  5. the surface bitlocker protector check tool 64bit,
  6. surface bitlocker protector check tool for Surface Pro 6