BitLocker is a Microsoft encryption product designed to protect the user data on a system. In the event of a problem with BitLocker, a user may encounter a prompt for a BitLocker recovery key.

Windows device encryption is a security feature in Microsoft Windows that helps protect your data by encrypting the system drive. If device encryption is enabled, only authorized individuals will be able to access your device and data.

NOTE: Because BitLocker is an encryption security product, Dell neither stores nor has the ability to provide a recovery key. Dell cannot circumvent the Microsoft BitLocker Recovery key process. Dell devices are not encrypted when shipped from the factory.

NOTE: If the sensor is getting tripped repeatedly, you may need to hard power-cycle the machine.

Power-Cycling

Ensure the machine has been fully shut down.

Desktops:

Remove the power cable from the back of the machine.
Press and hold the power button for at least 15 seconds to discharge any stored electricity.
Plug the power cable back in and start the machine up again.
Verify with the user that the machine boots past the system logo.

Laptops:

Remove the laptop from the dock, or disconnect the dock cable from the laptop if applicable.
Remove the power cable from the dock.
Wait 30 seconds to a minute.
Press and hold down the power button for at least 30 seconds to discharge any stored electricity.(Do this even if it powers on mid hold)
Boot up the machine again. Press and hold the power button on the laptop for 30 seconds again.
Verify with the user that the machine boots past the system logo.
Restart to make sure Bitlocker doesn't return

NOTE: If the computer doesn't accept the BitLocker key, or is repeatedly asking for a BitLocker key, even after following the steps above, the ticket should be escalated to CSDS_SUPPORT.

Acquiring a CSDS BoilerAD BitLocker Recovery Key

Open a web browser and go to Dell Active Roles located at https://ars.boilerad.purdue.edu/ARServerAdmin/.

Sign in using your BoilerAD OUAdmin account.

NOTE: If you do not know your BoilerAD OUAdmin account username or password, please email accounts@purdue.edu.

User Name: boilerad\[ouadmin account]
Password: [ouadmin password]

Once properly logged in with your OU admin account, the top right corner should look like the following:

Once logged in, search for the given machine's name.

NOTE: Make sure it is a BoilerAD machine. Its name will start with “CSDS” instead of “1074”.

Check the box of the machine on the list that matches the machine name provided by the user. This will open a new column. From here, click on “BitLocker Recovery”.

Click on the password ID that matches the one that the user sees on their screen and provide the user the 48-character Recovery Password.

After a BitLocker key has been provided, it is best practice to restart the BitLocker encryption service using the following steps:

Suspending BitLocker Protection

On the user's machine, click the 'Search' button and type 'BitLocker' in the Windows 10 search window.
Choose'BitLocker Drive Encryption'.
Choose 'Suspend Protection' (This step requires DADMIN administrative elevation.)
Restart the computer.

Resuming BitLocker Protection

Following the steps above, repeat 'Step 1' and 'Step 2'.
Select 'Resume Protection'. (This step requires DADMIN administrative elevation.)

Bitlocker Protocol for CSDS Machines

How to Suspend BitLocker

Open the Control Panel.

Select BitLocker Drive Encryption or Manage BitLocker.

Click on Suspend Protection. (This will require authentication with your DADMIN credentials.)

Reboot the machine.

Have the customer log into the rebooted machine.

Open the Control Panel and select BitLocker Drive Encryption.
- If “Suspend Protection” is listed, the machine is functioning as intended, and the ticket can be resolved.
- If “Resume Protection” is listed:
  - Have the customer power off the machine.
  - Remove the power cord from the computer.
  - Press the power button on the machine for 15 seconds to discharge any latent electricity.
  - Plug the power cord back in.
  - Turn the computer on.
    - If prompted for a BitLocker Recovery Key, forward ticket on to CSDS_SUPPORT.
    - If there are no issues and "Suspend Protection" is showing in the machine's Control Panel, the ticket can be resolved.

Category > Service > Service Offering

Category

End-point Computing

Service

Software

Service Offering

Managed Software

Owner Group

ITAP_CSDS_SUPPORT

Browser not supported