Overview
This document will outline how to unlock a computer that was encrypted using the MBAM (Microsoft BitLocker Administration and Monitoring) client. This document assumes that the MBAM client is installed on the computer and that the drive has already been encrypted by the MBAM client.
How to unlock an encrypted computer using the MBAM Self Service Portal
- The self-service portal can be found at http://bitlocker.uic.edu
- NOTE: The MBAM self-service portal will only allow you to retrieve a recovery key for a machine that the system deems you "authorized" to use (i.e. it is a machine you have successfully logged into before). If you attempt the retrieve a key for a machine you are not authorized to use, it will say "Invalid recovery key ID".
After a computer has been encrypted, if certain conditions occur, you may experience a situation where the system enters a “locked” state. Several things can cause this to happen, some examples include changing certain BIOS settings, upgrading the BIOS, TPM ownership changes, or partition changes on the hard disk. When this happens, the next time the computer starts you will see a screen similar to this (Windows 7):
Or this (Windows 8.1):
At this point you must enter a BitLocker Recovery Key in the space provided in order for Windows to start. MBAM provides an easy way to find this Recovery key and to continue using Windows. To find this key, you must go to another computer or mobile device, open a web browser, and go to: http://bitlocker.uic.edu/
When you get prompted for credentials, enter your NetID and password:
Once you’ve logged in you should see a University of Illinois security notice screen:
Check the “I have read and understand the above notice” box and click Continue. You will then be presented with a “Get a BitLocker Recovery Key” screen.
On this screen you can enter your Recovery Key ID, choose a reason for the recovery, and then retrieve your BitLocker Recovery Key. Going back to the “locked” computer, locate the Recovery Key ID (Windows 7):
Or (Windows 8.1):
On the “Get a BitLocker Recovery Key” web page, enter in the first eight characters of the Recovery Key ID and choose a reason from the drop down box.
Then click the Get Key button. You should then receive a 48-digit Bitlocker Recovery Key that you can enter into the screen of the locked system.
Enter this key into the Recovery Key field on the locked computer. Once the key has been entered correctly, the computer will continue booting into Windows.