The solution I found for this problem was to remove the Intel Rapid Storage technology software from your Dell computer.
Reboot, and all will be well.
You might need to reboot twice before the correct Bitlocker settings will appear in Windows 10.
BitLocker has never depended on a Microsoft account. It is only a possible location for storing the recovery password, but not the only one (the same password can be stored on Active Directory, or in a plain text file of your choosing) – and a BitLocker drive doesn't necessarily have a recovery password to begin with.
You can run manage-bde c: -protectors -get
to see what unlock mechanisms are available. Whenever a recovery password is present, it will be shown directly in the protectors list.
But in your case, the status output immediately says that there are none: the disk's master key is simply stored on the disk itself, giving you no protection at all.
This means BitLocker is only being used with the expectation for you to manually activate it later on – whenever you decide to do so, Windows will not need to spend time encrypting gigabytes of actual data, it will simply encrypt the master key. That's when BitLocker will prompt you to save the recovery password, too.
Dislocker should be able to access the drive using the --clearkey
option.
Also for future reference:
Commonly the passwordless unlocking is implemented by using a TPM, which holds the key in a separate chip and only gives it to the OS if the entire boot process exactly matches its requirements. (That is, if you boot e.g. Linux on the same computer, the boot log will result in a different PCR hash and the TPM-sealed key will not be retrievable.)
If your disk actually had e.g. TPM protection enabled but did not have a recovery key, you could add one using manage-bde c: -protectors -add -recoverypassword
.
(Alternatively, you can add a recovery key file using the -recoverykey
option and use it with Dislocker's --bekfile=
.)
However, again, in your case there is no "main" protector added yet. So if you want to protect the data, you should instead start by adding a -tpm
or -password
protector, then add a recovery key as the second option.
Best Answer
First of all, you have to boot your computer from a WinPE USB drive with BitLocker module support. When you get to the Command Prompt, run the following commands to decrypt your BitLocker encrypted drive:
When it's done, you can use some password recovery disks like Offline NT Password & Registr Editor, Elcomsoft System Recovery, Kon-Boot or sticky keys exploit to reset your forgotten Windows password.
After logging back into the system, all your files are accessible but the EFS files remain encrypted, you have to import the EFS private key certificate to decrypt them. If you haven't backed up the EFS certificate previously, you'll lose access to EFS files completely.
Of course, when your Windows password is simple or short, your best option is recovering the password using Ophcrack. After finding the original password, you can login and access the EFS files without having to import EFS private key certificate any more.