Versions Compared

Version Old Version 6 New Version Current
Changes made by

rhine (Unlicensed)

caudiljl

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This is just a quickly thrown together entry to get some documentation out there.
The BitLocker Recovery tool is a hardware based utility used to prevent computer theft. Apparently research has shown that if a computer is stolen, it often experiences some sort of physical shock in the process. So the BitLocker Recovery Tool is basically a 'jostle' sensor, when tripped, it locks the computer. It can only be turned back on by use of a recovery key obtained from Active Directory. 
Unfortunately, we get a lot of false positives on these sensors.
Confirm that the user is associated with Purdue.
First and foremost, get them a recovery key over the phone, see KB 1140849
Second, if Microsoft encryption product designed to protect the user data on a system. In the event of a problem with BitLocker, a user may encounter a prompt for a BitLocker recovery key.

Windows device encryption is a security feature in Microsoft Windows that helps protect your data by encrypting the system drive. If device encryption is enabled, only authorized individuals will be able to access your device and data.

NOTE: Because BitLocker is an encryption security product, Dell neither stores nor has the ability to provide a recovery key. Dell cannot circumvent the Microsoft BitLocker Recovery key process. Dell devices are not encrypted when shipped from the factory.

NOTE: If the sensor is getting tripped repeatedly, you may need to hard power-cycle the machine.  This can be accomplished by

...

Power-Cycling
  • Ensure the machine has been fully shut down.

Desktops:

  • Remove the power cable from the back of the machine.
  • Press and hold the power button for at least 15 seconds to discharge any stored electricity.
  • Plug the power cable back in and start the machine up again

...

  • .
  • Verify with the user that the machine boots past the system logo.

Laptops:

  • Remove the laptop from the dock, or disconnect the dock cable from the laptop if applicable.
  • Remove the power cable from the dock

...

  • .
  • Wait 30 seconds to a minute.
  • Press and hold down the power button for at least 30 seconds to discharge any stored electricity.(Do this even if it powers on mid hold)
  • Boot up the machine again.  Press and hold the power button on the laptop for 30 seconds again.
  • Verify with the user that the machine boots past the system logo.
  • Restart to make sure Bitlocker doesn't return

NOTE:  If the computer doesn't accept the BitLocker key, or is repeatedly asking for the a BitLocker key, even after following the steps above, the ticket should be escalated to CSDS Support._SUPPORT.

 

Panel
borderColorblack
titleColorblack
borderWidth1
borderStylesolid
titleAcquiring a CSDS BoilerAD BitLocker Recovery Key

Open a web browser and go to Dell Active Roles located at https://ars.boilerad.purdue.edu/ARServerAdmin/.

Sign in using your BoilerAD OUAdmin account.

NOTE:  If you do not know your BoilerAD OUAdmin account username or password, please email accounts@purdue.edu.

  • User Name:  boilerad\[ouadmin account]
  • Password:  [ouadmin password]

Image Added

Once properly logged in with your OU admin account, the top right corner should look like the following:

Image Added

Once logged in, search for the given machine's name.

Image Added

NOTE: Make sure it is a BoilerAD machine. Its name will start with “CSDS” instead of “1074”.

Check the box of the machine on the list that matches the machine name provided by the user. This will open a new column. From here, click on “BitLocker Recovery”.

Click on the password ID that matches the one that the user sees on their screen and provide the user the 48-character Recovery Password.

Image Added

After a BitLocker key has been provided, it is best practice to restart the BitLocker encryption service using the following steps:

Suspending BitLocker Protection

  • On the user's machine, click the 'Search' button and type 'BitLocker' in the Windows 10 search window.
  • Choose'BitLocker Drive Encryption'. 
  • Choose 'Suspend Protection' (This step requires DADMIN administrative elevation.)
  • Restart the computer.

Resuming BitLocker Protection

  • Following the steps above, repeat 'Step 1' and 'Step 2'.
  • Select 'Resume Protection'. (This step requires DADMIN administrative elevation.)

Anchor
suspendbitlocker
suspendbitlocker

Panel
borderColorGold
borderWidth2
titleBGColortan
borderStylesolid
titleBitlocker Protocol for CSDS Machines

Follow directions in KB# 1140849 to GET the Bitlocker key for CSDS-##### 'named' machines (means they're on the BoilerAD domain)

CSDS says we MIGHT be able to skip straight to step 'B'

Image Removed

How to Suspend BitLocker

  • Open the Control Panel.
  • Select BitLocker Drive Encryption or Manage BitLocker.

Image Added

  • Click on Suspend Protection. (This will require authentication with your DADMIN credentials.)
  • Reboot the machine.
  • Have the customer log into the rebooted machine.
  • Open the Control Panel and select BitLocker Drive Encryption.
    • If “Suspend Protection” is listed, the machine is functioning as intended, and the ticket can be resolved.
    • If “Resume Protection” is listed:
      • Have the customer power off the machine.
      • Remove the power cord from the computer.
      • Press the power button on the machine for 15 seconds to discharge any latent electricity.
      • Plug the power cord back in.
      • Turn the computer on.
        • If prompted for a BitLocker Recovery Key, forward ticket on to CSDS_SUPPORT.
        • If there are no issues and "Suspend Protection" is showing in the machine's Control Panel, the ticket can be resolved.

 

Panel
borderColorblack
borderWidth1
borderStylesolid
titleCategory > Service > Service Offering

Category

End-point Computing

Service

Software

Service Offering

Managed Software

Owner Group

ITAP_CSDS_SUPPORT