مشكلة في Bitlocker

Similar Messages

• Can my MacBook Pro use boot camp with Windows 7 with BitLocker encryption?

  I'm at wit's end with this, and I'm hoping I can get some advice here.  I've read so many forum, posts and reviews that I'm not entirely sure what I can trust.
  I have an early 2011 MacBook Pro (MacBookPro8,3). I need to run Windows encrypted for work purposes. It needs to be real windows with full-disk encryption (FDE). The business tools run in boot camp, but not in Parallels, because Parallels doesn't support DirectX 11. I would also benefit greatly from an SSD.
  I do not want to do anything hacky like removing the Mac reocovery partition, because I've read that just loading Disk Utility in OS X might mess up your patrition boot tables as it tries to "fix" things. I don't want to have to manually reocover to fix stuff or chance losing data.
  I have read (and tried) installing BitLocker on Windows 7 Ultimate under boot camp, but ran into the partition limit on my internal HDD. A maximum of 4 partitions are allowed, and between OS X, its recovery, boot camp, and the Windows partition, all 4 are used.
  I have considered one of the following, which may work:
  Install OWC's Data Doubler Kit with an additional 240GB SSD (http://eshop.macsales.com/item/OWC/DDMBS6E240/). I would replace the internal SuperDrive with the HDD, and install the new SSD on the faster SATA 6G port. Windows would be installed on the SSD and OS X would stay on the HDD.
  Replace the internal HDD with a new SSD (keeping the SuperDrive). I would lose OS X altogether and just have Windows installed.
  Forget the entire thing and just buy a PC for work.
  My thoughts are that with option both options #1 and #2, I don't even know if these setups will allow BitLocker. In both cases, Windows will be the only partition on the drive, so I'm assuming that when BitLocker is installed, there will be room for the new partition it creates. With option #1, I'm pretty sure I'd still be using Boot Camp, but how would that would for option #2? Is boot camp used even though there is no Mac partition? Would I still need to keey the Mac Recovery partition for this to work? I'd probably need to use Boot Camp drivers under Windows, I think.
  I'd certainly be interested in using a self-encrypting drive (SED), especially a SSD, but I'm concerned that most of them appear to require TPM or BIOS functions that Mac's EFI does not provide. Such a drive would allow me to drop BitLocker, but I would need to be use the self-encryption actually works on this setup. From what I've read, most of the SED drives will work just fine under EFI, but you won't be able to set or access the encryption password, which pretty much makes these drives unencrypted.
  I've read that BitLocker can be configured to use a flash drive as a decryption key, but I haven't been able to test that yet. I'm tried creating bootable flash drives under Windows and OS X, and none of them seem to appear when I access the boot menu (hold option during boot chime). I don't even know if this system supports bootable USB flash drives, or whether they can be used as a BitLocker key under boot camp.
  For the record, I have attempted to use an external thunderbolt drive as my Windows partition, but Windows doesn't want to be installed on removable media, and even if it worked, I believe you can only boot OS X from thunderbolt. I do have a second OS X install booting from the thunderbolt drive, so I know that works. Also, FileVault 2 is installed on my OS X partition, and I read something about FV2 using the Recovery partition somehow so you can't remove the recovery partition to make room for BitLocker.
  So ... does anyone have any suggestions preferably based on personal experience as to whether options #1 or #2 should work for my needs?
  At this point, I'm really thinking I should just bite the bullet and purchase a PC that I will forever look down upon.

  Are you using a MacBook Pro? Is everything installed on the same drive?
  I would love to know how that install was performed. When I install Windows under boot camp, my MacBook Pro drive ends up with 4 partitions: Mac, Mac Recovery, Windows, and a small partition that I believe is used by boot camp.
  Installing BitLocker on Windows requires the creation of a new small partition that Windows will boot off. The small partition is unencrypted, while the primary Windows partition will get encrypted. The following post discusses the maximum partition issue: https://discussions.apple.com/message/22753791#22753791
  Has anyone installed Windows through boot camp on it's own drive, and if so, can BitLocker be installed on that without reaching any partition limit? I'm assuming that's possible, but would like to know before I spend hundreds on new hardware.

• Can i recover lost data from encrypted drive by Bitlocker

  Hello Dears. I had encrypted my drive by Bitlocker in windows 7. 
  few days after my friend did quick format in my encrypted drive.
  my 300 gb of data lost. and nothing saved
  i remember unlock password. 
  how can i recover my data ??? i need my data
  i tried drive recovering tools (advanced EFS data recovery, easeus . . ,) . but . . . it's encrypted and formatted drive. 
  can i undo quick format and decrypt ???
  sorry my english is not good.
  someone help me please. 

  BitLocker is not the cause of failed to recover files. 
  Format a drive will clear all data saved on the hard disk. Thus recovery formatted data will be a hard disk based technology but not related to operation system. There is no build-in data recovery feature in Windows operations. So we will needto use third party recovery tool or contact third party data recovery company for current issue.
  As recovery missing data service will be expensive, we can also check emails and contact friends to see if that can help get a part of files back especially for photos, documents etc.

• Using Bitlocker Data Recovery Agent (DRA) on Surface Pro 3

  We currently have the Data Recovery Agent (DRA) configured in our Bitlocker Policy for our Windows 7 Systems, and it works fine. In situations where the Recovery Key for the computer object was not backed up to AD correctly for whatever reason or the computer
  object was deleted, our HelpDesk can connect the encrypted drive to another system, and then use the certificate for the DRA to unlock the drive.
  I'm wondering if the BitLocker DRA Certificate unlock method will work for Surface Pro 3 devices, in the case that that their computer object and normal BitLocker recovery key is deleted or missing in AD for whatever reason. Seeing as how our helpdesk can't
  easily remove the internal HD from a Surface Pro 3 (I think only MS can do this?), I'm wondering if this BitLocker recovery option is still an option for Surface Pro 3's and if it is not then if there is another recommended option for Surface Pro 3's and/or
  other Windows 8.1 Tablets used in an enterprise environment.

  noctlos wrote:
  Using linux-3.18 and -3.19 kernels, with wayland/weston v. 1.7. In its own tty, i try to run weston, and I get the following stderr:
  Could anyone help me to figure this out? Thanks.
  Seems that the problem lies in libinput. Maybe you can report that upstream. I suggest you recompile libinput with debug info and do not strip the binaries to obtain better backtraces.
  Edit:
  I have also tried running `swc-launch -- velox`, and get the following error:
  Running on /dev/tty2
  velox: error while loading shared libraries: libinput.so.5: cannot open shared object file: No such file or directory
  Server exited with status 127
  Restoring VT to original state
  So, perhaps I am having some libinput trouble. Does this seem correct?
  Well, that's a different problem. libinput has several soname bumps because of API and ABI incompatibility. You have to rebuild swc against the newest libinput. (Although I'm not sure if swc developer updated the code to new API)
  Edit 2:
  Just to tack this on here for `gnome-session --session=gnome-wayland --debug`
  I'm not expert on this, it may be related to libinput problem. If you don't include GDK_BACKEND=wayland environment variable when launching gnome-wayland.
  Last edited by jdbrown (2015-03-01 08:04:39)

• Bitlocker drive recovery and formatted

  Hello Dears. I had encrypted my drive by Bitlocker in windows 7. 
  few days after my friend did quick format in my encrypted drive.
  i remember unlock password & recover password
  how can i recover my data??????
  someone help me please.

  Hello., I
  tried all recovery
  programs but were unable
  to retrieve something.
  Because Bitlocker information
  is encoded
  And as stated before:
  Your only possible solution is a commercial or third party disk recovery program or service.
  There is nothing in Windows to recover data from a formatted hard drive.
  If you comprehend English, then you can comprehend the solution given above and that from Vladimir Bundalo!
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• Can not install Windows 8.1 to a Bitlocker Pre-Provisioned volume

  Hello,
  I'll come straight to the point. What I'm trying to do is to install Windows 8.1 Enterprise to a Pre-Provisioned volume but Windows does not let me do that. The steps I've performed are.
  With Microsoft ADK I created me a WinPE media which has the components installed to get the manage-bde command working. I used the article hxxp://technet.microsoft.com/en-us/library/hh824926.aspx for that.
  I prepared an USB stick with the manage-bde components on it and booted my test laptop with it.
  Started diskpart and used commens in order to get a new clean partition:
  Select Disk 0
  clean
  Create Partition Primary
  Format fs=ntfs quick
  Assign letter=c
  exit
  After that I pre-provisioned the volume with the command:
  manage-bde -on -used c:
  When I check with manage-bde -status it states that:
  Conversion Status: Used Space Only encrypted
  Percentage: 100
  Protection Status: Protection Off
  Lock Status: Unlocked
  Identification Field: Unknown
  Automatic Unlock: Disabled
  Key Protectors: None Found
  OK. After that I use the net use command to map a network share with the Windows 8.1 x64 Enterprise installation media itself. I execute setup.exe without any parameters.
  I can navigate all the way through the dialog "Where do you want to install Windows?". I can see there now "Drive0Partition 1" with a Total size of 119.2 GB and almost as many free space BUT when I select it and click next there comes
  only a warning dialog saying:
  We couldn't not create a new partition or locate an existing one. For more information, see the Setup log files."
  The best description of the problem I've found from the file x:\windows\panther\setupact.log where are lines like:
  BLOCKING reason for disk 0 offset bla bla is either "The partition is too small" (????) or "Bitlocker Drive Encyption is enabled on the selected partition".
  What I am missing here? Is there a special trick how to get Windows installed on a pre-provisioned drive? I also loaded the correct driver for the disk controller but no help. As soon as I clean the disk and create the partition new without pre-provisioning
  I can install Windows without any problems.
  Sorry for the long text. Hope someone of you has an idea.
  Regards
  Robert

  We couldn't not create a new partition or locate an existing one. For more information, see the Setup log files."
  The best description of the problem I've found from the file x:\windows\panther\setupact.log where are lines like:
  BLOCKING reason for disk 0 offset bla bla is either "The partition is too small" (????) or "Bitlocker Drive Encyption is enabled on the selected partition".
  Hi,
  For this issue,when you assign letter,you need to mark a partition as active.
  Using a command line
  1.Open Command Prompt.
  2.Type: diskpart
  3.At the DISKPART prompt, type: list partition
  Make note of the number of the partition that you want to mark as active.
  4.At the DISKPART prompt, type: select partitionn
  Select the partition, n, you want to mark as active.
  5.At the DISKPART prompt, type:
  active
  Hope this helps.
  Regards,
  Kelvin Xu
  TechNet Community Support

• How do I encrypt a second hard drive using BitLocker for Windows 8.1?

  Hi there,
  I've encrypted my 1st HDD with BitLocker, however, I can't seem to find a way to encrypt my 2nd HDD too.
  More specifically, on my laptop I've got a SSD (successfully encrypted) and a HDD (yet to be encrypted).
  Any ideas on how this would be achievable? 
  Also, what if I want to encrypt an external backup HDD? 
  Thanks!
  Robert

  Hi,
  Could you check the file system of the system partition in the disk management, to see if it is NTFS or Fat32? If it is not NTFS, try to change it to NTFS.
  Two partitions are required to run BitLocker because pre-startup authentication and system integrity verification must occur on a separate partition from the encrypted operating system drive. This configuration helps protect the operating system and the
  information in the encrypted drive. In Windows Vista, the system drive must be 1.5 gigabytes (GB), but in Windows 7 this requirement has been reduced to 100 MB for a default installation. The system drive may also be used to store the Windows Recovery
  Environment (Windows RE) and other files that may be specific to setup or upgrade programs. Computer manufacturers and enterprise customers can also store system tools or other recovery tools on this drive, which will increase the required size of the system
  drive. For example, using the system drive to store Windows RE along with the BitLocker startup file will increase the size of the system drive to 300 MB. The system drive is hidden by default and is not assigned a drive letter. The system drive is created
  automatically when Windows 7 is installed.
  Best Regards,
  Jason Zeng

• Lenovo Helix - On-Screen Keyboard with Bitlocker

  Hi Community,
  i've tried to install Bitlocker on my Lenovo Helix with Windows 8.1 Pro. As long as the dock is connected with the tablet, you can decrypt the harddisk with the right key. But if the tablet hasn't a dock or an external keyboard you'll only see the blue bitlocker-homescreen and can't do anything.
  Another helix in my company works with bitlocker - so i know it can work.
  i've tried the following things:
       - different Bios-Versions
       - install all drivers and additional software
       - set up a new Windows 8/ Windows 8.1 (Pro)
  The on-screen keyboard works by adding a Bios-password.
  Btw: The helix won't let me install Windows in UEFI-Mode..
  Can somebody help me?

  current, it runs on legacy boot - the uefi bootloader doesn't work for x86 Win8.1 (http://support.lenovo.com/en_US/detail.page?LegacyDocID=SF13-T0008)
  well, i have to install 32-Bit. The helix in Uefi-Mode only boots from the x64-Win8.1-DVD (or USB-Stick)...

• Surface Pro 2 using Bitlocker startup PIN

  Hi All,
  In our enviorment we're using the Microsoft Surface Pro and Microsoft Surface Pro 2 with bitlocker encryption using a startup pin.
  The operating system using is Windows 8.1
  We're using the folowing GPO settings for Bitlocker encryption:
  - Require Additional Authentication at Startup
       - Allow Bitlocker without a comatible TPM > unchecked
       - Configure TPM startup > Allow TPM
       - Configure TPM startup PIN > Allow startup PIN with TPM
       - Configure TPM startup key > Allow startup key with TPM
       - Configure TPM startup key and PIN > Allow startup key and PIN with TPM
  - Enable use of BitLocker authentication requiring preboot keyboard input
  The Microsoft Surface Pro doesn't have any issues with the startup PIN.
  The Microsoft Surface Pro 2 sometimes doesn't respond to the keyboard, there is no difference between a USB keyboard or a Surface Type Cover.
  The only difference between the Microsoft Surface Pro and pro 2 is the UEFI bios.
  Is there a solution to get bitlocker PIN authentication working on the Surface Pro 2.
  The only workaround we've found is hold volume down at startup wich is not a ideal solution to instruct the users.
  The oktober firmware upgrade didn't solved this problem.
  Laurens van Leeuwen

  We have seen the exact same thing as below. For reference, we are re-imaging ours with Windows 8.1 Enterprise Edition.  
  In addition to the issues listed below, I can't seem to figure out how to activate the supposed "bios level" on-screen keyboard that was supposed to be added to Surface Pro (v1) in a Firmware flash and should be part of Surface Pro (v2).  Does anyone
  have experience with activating that?  I read an article a few months ago that claimed MS had addressed the latter with a flash to Surface 1.  I hope I didn't dream it.  :)
  Please address this - I have high level personnel evaluating Surface vs. Dell and this will make a big difference in the final decision! 
  <hl>
  Bryan E. Johnson
  Hi All,
  In our enviorment we're using the Microsoft Surface Pro and Microsoft Surface Pro 2 with bitlocker encryption using a startup pin.
  The operating system using is Windows 8.1
  We're using the folowing GPO settings for Bitlocker encryption:
  - Require Additional Authentication at Startup
       - Allow Bitlocker without a comatible TPM > unchecked
       - Configure TPM startup > Allow TPM
       - Configure TPM startup PIN > Allow startup PIN with TPM
       - Configure TPM startup key > Allow startup key with TPM
       - Configure TPM startup key and PIN > Allow startup key and PIN with TPM
  - Enable use of BitLocker authentication requiring preboot keyboard input
  The Microsoft Surface Pro doesn't have any issues with the startup PIN.
  The Microsoft Surface Pro 2 sometimes doesn't respond to the keyboard, there is no difference between a USB keyboard or a Surface Type Cover.
  The only difference between the Microsoft Surface Pro and pro 2 is the UEFI bios.
  Is there a solution to get bitlocker PIN authentication working on the Surface Pro 2.
  The only workaround we've found is hold volume down at startup wich is not a ideal solution to instruct the users.
  The oktober firmware upgrade didn't solved this problem.
  Laurens van Leeuwen
  </hl>
  -- From the Dark Recesses of the Decaying Mind of: Bryan E. Johnson

• How do I enable BitLocker support (unlock drive) in WinPE 5.0 (on Surface Pro 2)?

  Hi,
  I have a Microsoft Surface Pro 2 and I am running Windows 8.1 Pro Update 1.
  I have been unsuccessful at building an image that provides BitLocker support.  I searched around the internet and found many posts.  Eventually, I ended up trying to build it with the various added packages I noted.  However, in the end,
  none worked and this is the message I am getting after booting into my WinPE environment:
  manage-bde.exe - Application Error
  The instruction at 0xa20afa3b referenced memory at 0x0000013d.
  The memory could not be read.
  Click on OK to terminate the program
  Here are the commands I ended up using to build my WinPE image:
  dism /image:C:\boot\macrium\mount /add-package /packagepath:"C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-WMI.cab"
  dism /image:C:\boot\macrium\mount /add-package /packagepath:"C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-FMAPI.cab"
  dism /image:C:\boot\macrium\mount /add-package /packagepath:"C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-SecureStartup.cab"
  dism /image:C:\boot\macrium\mount /add-package /packagepath:"C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-EnhancedStorage.cab"
  dism /image:C:\boot\macrium\mount /add-package /packagepath:"C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-WMI_en-us.cab"
  dism /image:C:\boot\macrium\mount /add-package /packagepath:"C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-Scripting.cab"
  dism /image:C:\boot\macrium\mount /add-package /packagepath:"C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-Scripting_en-us.cab"
  But even with all that included, I still have the same error about the memory.
  Does anyone have a WinPE 5.0 x64 bootable environment working on a TPM-enabled machine?  If so, how did you build your custom WinPE environment?
  Thanks!

  You have to install the MUI files as well... for English:
  dism /image:C:\boot\macrium\mount /add-package /packagepath:"C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-US\WinPE-SecureStartup_en-us.cab"
  This applies to any package that installs executables, it'll have a seperate MUI package that has to be installed or you get a non-sense error about memory that can't be read. Also, MS thanks for the wonderful error message, really went the extra mile to
  throw everyone under the bus.

• Problems with Comodo Kill Switch, Windows Services & Bitlocker Encryption on Asus N56VZ

  Hi All,
  So recently I found myself stuck in a different scenario than before, and after many hours researching and efforts to fix this I still find myself stuck  yet with a few options still to fix.
  What is the problem?
  So as a security cautious user when i first got to Windows 8.1 Pro 64Bit I encrypted both the C and D drive (Split the main disk) to protect myself and my family. Unfortunately that has not been very helpful with the way in which booting and running from
  either external USB devices or CD/DVD works, not allowing myself to at all.
  My usual security suit I  use is Comodo Internet Security, which additionally comes with Comodo Kill Switch. Whilst using the application instead of stopping one of the TCP connections I was meant to I accidently stopped an Windows Explorer connection.
  For some reason since then Windows Explorer, nor most windows apps or services themselves will run. For example msconfig will run but sfc /scannow or mmc will not, whether in safe mode or normal mode.
  What Caused the Problem?
  Cannot 100% say
  What I Think Caused the Problem?
  Myself running Comodo Kill Switch stopping a vital server connection with Windows Explorer that messed up alot. Or a potential Virus unknown how cannot fully scan system as wont boot externally or run many apps.
  Additional Info
  Asus Webcam is Disabled on Purpose
  Laptop was fully customized to run latest games full graphics minus Anti Aliasing, works with Evolve + CoD Advanced Warfare
  Laptop does not boot if USB Keyboard plugged in, works with everything else normal (had this on other systems no problem for me)
  Ask me for more info if required to add here, braindead again
  Specifications of my system
  Intel® Core™ i7 3610QM Processor
  Windows 8.1 Pro 64Bit
  Intel® HM76 Chipset
  DDR3 1600 MHz SDRAM, 2 x SO-DIMM 8GB
  15.6" HD (1366x768)/Full HD (1920x1080)/Wide View Angle LED Backlight
  NVIDIA® GeForce® GT 650M with 2GB DDR3 VRAM
  1TB 5400RPM OR 750GB 5400/7200RPM (Cannot remember off top of head, braindead)
  Super-Multi DVD 
  Kensington lock (Security Feature)
  LoJack (Security Feature)
  BIOS Booting User Password Protection (Security Feature)
  HDD User Password Protection and Security (Security Feature)
  Pre-OS Authentication by programmable key code (Security Feature)
  What Can Run and Won't Run?
  ON BOOT:
  Bitlocker Encryption Password & Advanced Settings are accessible
  Bios (password protected) is accessible
  Windows Recovery Mode is accessible (Think it is F9 or F10)
  Windows Logon Password Screen is accessible
  ON NORMAL/SAFE-MODE START UP:
  After Log-In Windows Explorer will not run
  Task Manager will run, also allows me to browse the files when trying to start new task
  Can run Command prompt
  Cannot run any control panel items
  Cannot run services.msc
  Cannot run mmc
  Cannot run sfc
  Every time it metions windows drive is locked
  Start Error's when running certain applications (Will post codes soon)
  Rufus USB Tool does run
  Cannot boot Kali Linux off USB
  Cannot boot Windows 8.1 off USB
  Cannot boot Windows 8.1 off DVDRW
  Fixwin2 will not run
  Apps either work or don't whether in safe mode or normal
  Cannot use Windows Installer
  What Fixes I Have Tried So Far
  Ok so like any normal user I don't want to lose my files. So here are what I have tried so far:
  Repair MBR (Repair Completed, No Luck)
  SFC /SCANNOW (Returns Error 'Windows Resource Protection could not start the repair service')
  Tried sfc /SCANNOW /OFFBOOTDIR=c:\ /OFFWINDIR=c:\windows (Could not access drive)
  Fixwin2 (Will not run in either normal or safe mode)
  Booting using Windows 8.1 via USB (Cannot boot from extermal devices due to Bitlocker Encryption)
  Booting using Kali Linux Via DVD & USB (Cannot boot from external devices due to Bitlocker Encrytption)
  How do I know it is because of Bitlocker, because last time I disabled it, I could run from external devices
  Tried to run bitlocker to change settings (Will not run)
  Have used both password and recovery keys to unlock driver, they work but when applications are running on windows the drive is still locked?
  Tried windows Automatic Diagnostic and Repair (Could not repair anything, did make a log I am still to extract from the syste)
  There are No System Restore Points
  I'm sure there is much more information I could post however I will leave it on an ask to know basis, apart from the log files and further information to gather. Below is my list of trial and error fixes to try for today (need more ideas and help please!):
  Hiren's 15.2 Boot CD via DVD (NOT ABLE TO BOOT)
  Hiren's 15.2 Boot CD via USB (NOT ABLE TO BOOT)
  Research into the Bios and Possible Update in-case of implementation of Virus, can access flash utility (STILL NOT TESTED)
  Try and get a portable version or a working version of windows installer to try and re-install Comodo Internet Security (STILL NOT TESTED)
  Another way to disable Bitlocker
  Anti-Malware / Anti-Virus Scan If Possible to Run One
  Bitlocker Repair Tool, will try this also
  I have posted this as have not found much info online, usually find it and crack on but this time things are a little more tricky, my priority task I really need to do is remove the Bitlocker Encryption, but if the application will not run... what do I do
  then?
  Thanks for your time reading all, Sorry for any poor formatting or spelling.
  Update 1: MMC.exe Error Code
  Ok so now have the computer in safe mode, still same as before, no explorer.exe, no services etc... Just went into the Task Manager > Services (Tab) > Open Services (Option at bottom)
  This is the error I get:
  'The Instruction at 0x785a746c referenced memory at 0x000000a8. The memory could not be read.
  Any Ideas on what this error is and why?
  Update 2: CHKDSK Works with no Fix
  Update 3: Hiren's 15.2 Boot CD - USB Boot still no luck booting around Bitlocker Encryption
  Just to explain again, I already have unlocked the drive with correct bitlocker password or recovery key yet the drive remains locked not allowing windows refresh of files of complete install from the windows recovery menu as keeps saying drive is locked

  Ok so attempt number two to write this update via bloody phone! (Just refreshed page whilst writing!)
  Update 4:
  Problem - cannot run from bootable devices (DVD/USB)
  Cause - bitlocker fully encrypted drive stops this working
  Repair - Boot up holding F9 to enter windows recovery Input Bitlocker recovery keys to unlock drives
  Navigate to Command Prompt in advanced settings Execute following code:
  Repair-bde c: d: -rp 000111-222333-444555-etc...
  (Code found from https://technet.microsoft.com/en-us/library/ee523219%28v=ws.10%29.aspx)
  Note for those using this: It is common while unlocking certain drives to get errors such as: Quote from http://www.benjaminathawes.com/2013/03/17/resolving-partial-encryption-problems-with-bitlocker/
  "LOG INFO: 0x0000002aValid metadata at offset 8832512000 found at scan level
  1.LOG INFO: 0x0000002b Successfully created repair context.
  LOG ERROR: 0xc0000037 Failed to read sector at offset 9211592704.
  (0×00000017) LOG ERROR: 0xc0000037 Failed to read sector at offset 9211593216.
  (0×00000017) …followed by around 20 similar entries that differed only by the offset value"
  Repair Status for Update 4: COMPLETED - However over wrote D drive data so now need to recover that
  Problem 2 - windows services corrupted along with windows files
  Cause - Unknown
  Repair - wait until system is fully decrypted Once fully decrypted ensure boot from USB/DVD
  Re-do fixes that would not work before if this has fixed boot issue Confirm fix / update post Hope anything I put here helps others also

• Questions about using Bitlocker without TPM

  We currently use Bitlocker to encrypt our Windows 7 computers with TPM. Now we are looking at encrypting some Windows 7 computers without a TPM. I see how to change the group policy setting to allow Bitlocker without a TPM. I have looked at a lot of other
  threads and I have a few questions about how the Bitlocker without TPM works.
  1) I see a USB drive containing a key is required for Bitlocker configurations without a TPM, say the end user loses this USB drive, what are the recovery options for their computer? 
  This article seems to indicate that without the USB drive connected, you are unable to even access recovery options http://blogs.technet.com/b/hugofe/archive/2010/10/29/bitlocker-without-tpm.aspx
  We have recovery backed up to AD when Bitlocker is enabled, but how could we do this recovery on a computer on computer where it's USB is lost? Would we have to remove the HD itself and attach it to another computer to access?
  2) After enabling Bitlocker on a computer without a TPM and using the USB Drive for the key, is there a way to also add a PIN or password protection at bootup?

  Hi,
  Sorry for my dilatory reply, 
  Configuring a startup key is another method to enable a higher level of security with the TPM. The startup key is a key stored on a USB flash drive, and the USB flash drive must be inserted every time the computer starts. The startup key is used to provide
  another factor of authentication in conjunction with TPM authentication. To use a USB flash drive as a startup key, the USB flash drive must be formatted by using the NTFS, FAT, or FAT32 file system.
  You must have a startup key to use BitLocker on a non-TPM computer.
  From: http://technet.microsoft.com/de-de/library/ee449438(v=ws.10).aspx#BKMK_Key
  For more Q&A about BitLocker, you can refer to the link above.
  hope this is helpful.
  Roger Lu
  TechNet Community Support

• How can I find Bitlocker External Key File location?

  My Windows 8.1 PC includes a system drive and data drives. All the drivers were encrypted using Bitlocker with the data drives set for autounlock. 
  I recently decrypted the system drive (without decrypting the data drives) and reinstalled the OS, after which my data drives required the Bitlocker recovery key to unlock. 
  However, I had "backed up" the recovery keys to my Microsoft account but now I can find only the recovery keys for the system drive. The recovery keys for the data drives cannot be found on my Microsoft account. 
  I have tried to use the "manage-bde" command at the console to obtain the recovery password but I am only getting the Numerical Password ID and the External Key File Name. Can anyone provide advice on how I can retrieve the passwords or the
  External Key File location?
  Thanks.

  Hi Ridgewood,
  As my point of viewer, the BitLocker Automatic unlock volume is also protected by BitLocker Disk Encryption. The user encrypted information is stored in the registry and volume metadata. After a user unlocks the operating system volume, BitLocker uses the
  encrypted information to unlock the data volume automatically.
  After the reinstallation of the system, the encrypted information is lost and BitLocker can’t unlock the data volume automatically.
  Every volume has own recovery key.
  As mentioned in your post, the data drive require the recovery key to unlock.
  I suggest you to double-check the OneDrive and try to find out where did you store the recovery key.
  If you can’t find the recovery key, we can’t help you to decrypt the data volume.
  Best regards,
  Fangzhou CHEN
  Fangzhou CHEN
  TechNet Community Support

• BitLocker not Enabled on HP ElitePad 1000 G2

  I have an HP ElitePad 1000 G2 that I am using MDT to apply our 8.1 x64 Update image.  This task sequence works fine on all other systems on which it has run.  On the ElitePad, when the task sequence completes, BitLocker is not enabled.
  Running manage-bde-status returns:
  Disk volumes that can be protected with
  BitLocker Drive Encryption:
  Volume C: [OSDisk]
  [OS Volume]
      Size:                 115.58 GB
      BitLocker Version:    2.0
      Conversion Status:    Used Space Only Encrypted
      Percentage Encrypted: 100.0%
      Encryption Method:    AES 128
      Protection Status:    Protection Off
      Lock Status:          Unlocked
      Identification Field: Unknown
      Key Protectors:
          TPM
  If I look in the BitLocker applet on the control panel, it says "OSDisk (C:) BitLocker is waiting for activation"
  the ZTIBDE.log just stops at:
  Attempting to intiate ProtectKeyWithNumericalP@ssword
  <Message containing password has been suppressed>
  A successful system shows:
  Attempting to intiate ProtectKeyWithNumericalP@ssword
  Success protecting Key with numerical p@ssword
  If I click Turn on BitLocker in the control panel applet or run the following commands:
  manage-bde -protectors -add c: -recoverypassword
  manage-bde -on c: -recoverypassword
  The recovery key protector is created and uploaded to AD and BitLocker shows as enabled.
  Any ideas to why this is happening?

  after some more investigation, I found the following article
  http://netecm.netree.ch/blog/Lists/Posts/Post.aspx?ID=80 and adding the registry key referenced in the article fixed the issue.

• Need advice on retrieving Bitlocker Key or External Key File Location

  My Windows 8.1 PC includes a system drive and data drives. All the drivers were encrypted using Bitlocker with the data drives set for autounlock. 
  I recently decrypted the system drive (without decrypting the data drives, <very bad>) and reinstalled the OS, after which my data drives required the Bitlocker recovery key to unlock. 
  However, I had "backed up" the recovery keys to my Microsoft account but now I cannot find them. 
  I have tried to use the "manage-bde" command at the console to obtain the Recovery Keys but I am only getting the Numerical Password ID and the External Key File Name. Can anyone provide advice on how I can retrieve the recovery passwords
  or the External Key File location?
  Before I had set the data drives to autounlock I had used a recovery password to unlock the drives. However, now when I try to unlock the data drives only the recovery key (which I don't have) is being requested not the password. 
  Thanks.

  Hi HMcBean,
  How did you back up the BitLocker recovery key? To local computer, flash driver or Microsoft account?
  If you backed up the recovery key to a Microsoft account, please refer to the following article to find it.
  http://windows.microsoft.com/en-us/windows-8/bitlocker-recovery-keys-faq
  Best regards,
  Fangzhou CHEN
  Fangzhou CHEN
  TechNet Community Support

• Bitlocker fails to store recovery key in AD

  I am deploying Windows 8.1 with Bitlocker with TPM and PIN and recovery keys stored in AD.
  This works fine for most deployments but rarely Manage-bde fails to store the Recovery key into AD. This only happened three times over about 200 deployments.
  I have checked the ZTIBDE.WSF script and I have noticed that the command is launched but there is no check on its return code. I am not even sure if Manage-bde actually returns any. Therefore for the failed deployments I don't know why the recovery key wasn't
  stored and also I din't get any report that it actually failed. The only reason we realised that is because one user had problems in getting the PIN to work and required the Recovery Key. To our surprises this was not in AD! This is then when we checked
  all AD objects and found only three didn't have it. Looking at the deployment logs there are no errors for these.
  Luckily the user then successfully managed to enter the PIN and could boot up his laptop (and, by the way, we could get his recovery key from C:\). 
  Questions:
  1) Has anybody else experienced this?
  2) Does Manage-BDE return anything at all? It seems strange to me that ZTIBDE.WSF doesn't check for its return code as the script checks for errors in a million places.
  3) Is there any easy way I can check whether the AD info is actually stored? I was thinking to write some code to query AD for that computer and see if the BL info actually are there. Maybe Manage-BDE can provide that?
  Many thanks.

  Hi,
  This link has all the information you need. And more importantly which policies to create.
  I have managed to do this implementation myself, and can only state that it works like a charm.
  See a copy/paste of the bit-locker section I have configured in the customsettings.ini when doing deployments with MDT:
  [HP Elitepad 900]
  SkipTaskSequence=YES
  TaskSequenceID=OSD001
  ; Bitlocker Configuration
  BDEInstallSuppress=NO
  BDeWaitForEncryption=False
  BDEDriveLetter=S:
  BDEDriveSize=2000
  BDEInstall=TPM
  ; OSDBitLockerCreateRecoveryPassword=AD
  BDERecoveryKey=AD
  BDEKeyLocation=C:\Windows\BDEKey
  Hope this helps!
  If this post is helpful please click "Mark for answer", thanks! Kind regards