Windows 10: Insert USB Storage Media to unlock BitLocker taken away in W10?

  1.    17 Nov 2016 #1

    Insert USB Storage Media to unlock BitLocker taken away in W10?


    I enabled BitLocker and I noticed that the option to save the recovery key to a USB Flash Drive is not there. Instead, there is an option to Save to a File and did let me save it onto a USB stick without issues.

    However, in case I get locked out, will BitLocker prompt me to Insert Storage Media like from the image taken from a Windows 7 machine or will I need to go to another PC with my USB stick and write it down manually? And I don't even have a printer to print the key. And I don't want to use a MS account either.

    Has this option been taken away from Windows 10?

    Please Note: I am indeed running with a TPM.
    Attached Thumbnails Attached Thumbnails Capture1.PNG   Capture.PNG  
      My ComputerSystem Spec

  2.    17 Nov 2016 #2

    It is just the same in 7 and 10.

    When you turn on bitlocker you get the option to save the recovery key - this is your first picture. For the OS drive you can save it to USB, for external drives you don't get this option. . See BitLocker Recovery Key - Back up in Windows 10 - Windows 10 Forums

    This is a 25 long number (saved as a .txt file) you have to type in if something changes in your boot configuration (you change your boot order, upgrade Windows or something). You can save it anywhere (except on your PC if I remember correctly) but it really should not be on a key you keep with your PC as this would make the whole thing pointless.

    This is not the same as the file (.bek) which is saved to USB to unlock the drive (like your second picture if asking for). When you define bitlocker you can unlock it with a password, a USB key or both (this is in group policy - see here BitLocker - Turn On or Off for Operating System Drive in Windows 10 - Windows 10 Forums). If you have said you want to use a USB key to unlock the drive you must connect it.

    If you get locked out you must manually enter the 25 long digit pin (as you had to in 7). If you have defined as USB key as required to unlock the drive on group policy you must attach the USB containing the correct .bek file to unlock the drive (and also potentially enter your password). If your boot files have changed and you are locked out you would still have to manually enter the recovery key in any case.

    If you haven't written down the 25 digit recovery key (or memorized it I suppose) you would need to go to another PC to get it back - either from your USB you saved it to or from your Microsoft Account if you saved it there.

    Hope this makes sense.
      My ComputerSystem Spec

  3.    27 Jan 2017 #3

    Hi

    Can the .bek key be stored on a flash dive with other files? Or does Windows require the .bek key to be the only file on the drive?
      My ComputerSystem Spec

  4.    27 Jan 2017 #4

    lx07 said: View Post
    It is just the same in 7 and 10.

    When you turn on bitlocker you get the option to save the recovery key - this is your first picture. For the OS drive you can save it to USB, for external drives you don't get this option. ...
    Does this literally mean 'external drives' or does in include internal drives that are partitioned to say separate o/s and data?
      My ComputerSystem Spec

  5.    01 Feb 2017 #5

    kevvyb said: View Post
    Can the .bek key be stored on a flash dive with other files? Or does Windows require the .bek key to be the only file on the drive?
    Yes, you can save it to a flash drive with other stuff on. In fact you can store multiple .bek on the same one if you want (I do).

    kevvyb said: View Post
    Does this literally mean 'external drives' or does in include internal drives that are partitioned to say separate o/s and data?
    Anything that isn't the C partition. If you have a D partition on the same physical disk you can save the .bek. Only the C partition you can't.

    I just decrypted C today (so I could split it into C and D with Partition Wizard) and then re-encrypted both. The D partition acted just the same a physically separate drive. Sorry for the confusion - I seem to use the words drive / volume / partition interchangeably sometimes.
      My ComputerSystem Spec

  6.    01 Feb 2017 #6

    Thanks for the clarification Ix07
      My ComputerSystem Spec

  7.    4 Weeks Ago #7

    to all,
    clarification
    i believe the RECOVERY KEY is actual 48 characters long (8 groups of 6 numbers).
    THAT is the number that needs entered manually when the recovery key is requested.
    the 25-character one that shows iup in the text file title is actually the ID of the machine to which the recovery key belongs.
    hope this helps
      My ComputerSystem Spec


 

Related Threads
Unable to unlock USB drives encrypted/locked with Bitlocker To Go in AntiVirus, Firewalls and System Security
Hey All, Recently my company provided me with a Windows 10 SOE image as part of a UAT. The image includes Symantec Endpoint Encryption which utilizes Bitlocker for encryption. I went through all of the motions with the C:\ drive to be...
Bitlocker unlock has stuck key presses in AntiVirus, Firewalls and System Security
I'm not even sure how to title this. I just did a fresh install of Window 10. I do not have a TPM so I setup Require additional authentication at startup. I set up my C: drive with my bitlocker password and rebooted. When it comes to...
Bitlocker Auto Unlock: activated but not working in AntiVirus, Firewalls and System Security
I have 2 storage hdd encrypted w/ bitlocker, in addition to the encrypted OS volume C:. I activated auto unlock expecting the storage volumes to automatically unlock with the unlocking of C: (I enter the psw during boot since I don't have TPM)....
Hi all, I've enabled BitLocker (Win 10 Pro) on a Dell laptop Inspiron 5558 and all went well. BUT.... When I power on the computer the familiar light blue BitLocker screen appears but there is no prompt to enter the key. Just a light blue...
How to Turn On or Off Auto-unlock for BitLocker Drive in Windows 10 BitLocker can encrypt the drive Windows is installed on (the operating system drive) as well as fixed data drives (such as internal hard drives). You can also use BitLocker To Go...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 05:50.
Find Us