From a7003de5279a780bd392b6a79c351ebecdc4fcbd Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 10 Sep 2020 13:00:05 +0530 Subject: [PATCH 1/6] Update-bl-rcvy-lpbrk-4457208 --- .../bitlocker/bitlocker-recovery-loop-break.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md index f06b11a197..6d996b7090 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md @@ -24,7 +24,7 @@ Sometimes, following a crash, you might be unable to successfully boot into your If you've entered the correct Bitlocker recovery key multiple times, and are still unable to continue past the initial recovery screen, follow these steps to break out of the loop. > [!NOTE] -> Only try these steps after you have restarted your device at least once. +> Try these steps only after you have restarted your device at least once. 1. On the initial recovery screen, don't enter your recovery key. Instead, select **Skip this drive**. From fce80b34486031ad2f77a7e0b7b8260197fba65d Mon Sep 17 00:00:00 2001 From: Asha Iyengar Date: Mon, 28 Sep 2020 15:12:35 +0530 Subject: [PATCH 2/6] Reviewed-PR3755 (#3873) Made a few changes. --- .../bitlocker/bitlocker-recovery-loop-break.md | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md index 6d996b7090..862c89585a 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md @@ -26,16 +26,12 @@ If you've entered the correct Bitlocker recovery key multiple times, and are sti > [!NOTE] > Try these steps only after you have restarted your device at least once. -1. On the initial recovery screen, don't enter your recovery key. Instead, select **Skip this drive**. +1. On the initial recovery screen, don't enter your recovery key, instead, select **Skip this drive**. -1. On the next screen, select **Troubleshoot**. +2. Navigate to **Troubleshoot** > **Advanced options**, and select **Command prompt**. -1. On the Troubleshoot screen, select **Advanced options**. +3. From the WinRE command prompt, manually unlock your drive: `manage-bde.exe -unlock C: -rp ` -1. On the Advanced options screen, select **Command prompt**. +4. Suspend operating system drive protection: `manage-bde.exe -protectors -disable C:` -1. From the WinRE command prompt, manually unlock your drive: `manage-bde.exe -unlock C: -rp ` - -1. Suspend operating system drive protection: `manage-bde.exe -protectors -disable C:` - -1. Once the last command is run, you can safely exit the command prompt and continue to boot into your operating system +5. Once the last command is run, you can exit the command prompt and continue to boot into your operating system. From 11ffe284b0d74316c9fd3d4d06fea5fa5c421496 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 12:18:26 +0530 Subject: [PATCH 3/6] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 23047bf7f1..fcf11cf7d8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From 4edd51fd12fd56be688f4f9eb47d7541ca224e7f Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 9 Mar 2021 11:51:07 +0530 Subject: [PATCH 4/6] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index fcf11cf7d8..afa9fc6c53 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -28,9 +28,9 @@ This topic for the IT professional explains how BitLocker features can be used t ## Using BitLocker to encrypt volumes -BitLocker provides full volume encryption (FVE) for operating system volumes, as well as fixed and removable data drives. To support fully encrypted operating system drives, BitLocker uses an unencrypted system partition for the files required to boot, decrypt, and load the operating system. This volume is automatically created during a new installation of both client and server operating systems. +BitLocker provides full volume encryption (FVE) for operating system volumes, and for fixed and removable data drives. To support fully encrypted operating system drives, BitLocker uses an unencrypted system partition for the files required to boot, decrypt, and load the operating system. This volume is automatically created during a new installation of both client and server operating systems. -In the event that the drive was prepared as a single contiguous space, BitLocker requires a new volume to hold the boot files. BdeHdCfg.exe can create these volumes. +If the drive was prepared as a single contiguous space, BitLocker requires a new volume to hold the boot files. BdeHdCfg.exe can create these volumes. > [!NOTE] > For more info about using this tool, see [Bdehdcfg](/windows-server/administration/windows-commands/bdehdcfg) in the Command-Line Reference. @@ -54,8 +54,8 @@ Upon launch, the BitLocker Drive Encryption Wizard verifies the computer meets t |Requirement|Description| |--- |--- | |Hardware configuration|The computer must meet the minimum requirements for the supported Windows versions.| -|Operating system|BitLocker is an optional feature which can be installed by Server Manager on Windows Server 2012 and later.| -|Hardware TPM|TPM version 1.2 or 2.0.

A TPM is not required for BitLocker; however, only a computer with a TPM can provide the additional security of pre-startup system integrity verification and multifactor authentication.| +|Operating system|BitLocker is an optional feature that can be installed by Server Manager on Windows Server 2012 and later.| +|Hardware TPM|TPM version 1.2 or 2.0.

A TPM is not required for BitLocker; however, only a computer with a TPM can provide extra security in the form of:

  • pre-startup system integrity verification
  • multifactor authentication
    • | |BIOS configuration|
  • A Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware.
  • The boot order must be set to start first from the hard disk, and not the USB or CD drives.
  • The firmware must be able to read from a USB flash drive during startup.
    • | |File system|For computers that boot natively with UEFI firmware, at least one FAT32 partition for the system drive and one NTFS partition for the operating system drive.
    For computers with legacy BIOS firmware, at least two NTFS disk partitions, one for the system drive and one for the operating system drive.
    For either firmware, the system drive partition must be at least 350 megabytes (MB) and set as the active partition.| |Hardware encrypted drive prerequisites (optional)|To use a hardware encrypted drive as the boot drive, the drive must be in the uninitialized state and in the security inactive state. In addition, the system must always boot with native UEFI version 2.3.1 or higher and the CSM (if any) disabled.| @@ -63,7 +63,7 @@ Upon launch, the BitLocker Drive Encryption Wizard verifies the computer meets t Upon passing the initial configuration, users are required to enter a password for the volume. If the volume does not pass the initial configuration for BitLocker, the user is presented with an error dialog describing the appropriate actions to be taken. Once a strong password has been created for the volume, a recovery key will be generated. The BitLocker Drive Encryption Wizard will prompt for a location to save this key. A BitLocker recovery key is a special key that you can create when you turn on BitLocker Drive Encryption for the first time on each drive that you encrypt. You can use the recovery key to gain access to your computer if the drive that Windows is installed on (the operating system drive) is encrypted using BitLocker Drive Encryption and BitLocker detects a condition that prevents it from unlocking the drive when the computer is starting up. A recovery key can also be used to gain access to your files and folders on a removable data drive (such as an external hard drive or USB flash drive) that is encrypted using BitLocker To Go, if for some reason you forget the password or your computer cannot access the drive. -You should store the recovery key by printing it, saving it on removable media, or saving it as a file in a network folder or on your OneDrive, or on another drive of your computer that you are not encrypting. You cannot save the recovery key to the root directory of a non-removable drive and cannot be stored on the encrypted volume. You cannot save the recovery key for a removable data drive (such as a USB flash drive) on removable media. Ideally, you should store the recovery key separate from your computer. After you create a recovery key, you can use the BitLocker control panel to make additional copies. +You should store the recovery key by printing it, saving it on removable media, or saving it as a file in a network folder or on your OneDrive, or on another drive of your computer that you are not encrypting. You cannot save the recovery key to the root directory of a non-removable drive and cannot be stored on the encrypted volume. You cannot save the recovery key for a removable data drive (such as a USB flash drive) on removable media. Ideally, you should store the recovery key separate from your computer. After you create a recovery key, you can use the BitLocker control panel to make more copies. When the recovery key has been properly stored, the BitLocker Drive Encryption Wizard will prompt the user to choose how to encrypt the drive. There are two options: From aafc2f81c3a02c4997dd94fe986ed66ae3d651de Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 9 Mar 2021 11:58:49 +0530 Subject: [PATCH 5/6] Update bitlocker-recovery-loop-break.md --- .../bitlocker/bitlocker-recovery-loop-break.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md index 862c89585a..785916eded 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md @@ -19,9 +19,9 @@ ms.custom: bitlocker # Breaking out of a Bitlocker recovery loop -Sometimes, following a crash, you might be unable to successfully boot into your operating system, due to the recovery screen repeatedly prompting you to enter your recovery key. This can be very frustrating. +Sometimes, following a crash, you might be unable to successfully boot into your operating system, due to the recovery screen repeatedly prompting you to enter your recovery key. This scenario can be very frustrating. -If you've entered the correct Bitlocker recovery key multiple times, and are still unable to continue past the initial recovery screen, follow these steps to break out of the loop. +If you've entered the correct Bitlocker recovery key multiple times, and are still unable to continue past the initial recovery screen, follow these steps to come out of the loop. > [!NOTE] > Try these steps only after you have restarted your device at least once. From 4d5074fb0acd5a80ae950d32cf875fb8e0d430bf Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 9 Mar 2021 12:02:07 +0530 Subject: [PATCH 6/6] Update bitlocker-recovery-loop-break.md --- .../bitlocker/bitlocker-recovery-loop-break.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md index e7d617e0c7..62f0ae35dc 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md @@ -19,7 +19,7 @@ ms.custom: bitlocker # Breaking out of a Bitlocker recovery loop -Sometimes, following a crash, you might be unable to successfully boot into your operating system, due to the recovery screen repeatedly prompting you to enter your recovery key. This scenario can be very frustrating. +After a crash, you might be unable to successfully boot into your operating system when the recovery screen repeatedly prompts you to enter your recovery key. This scenario can be very frustrating. If you've entered the correct Bitlocker recovery key multiple times, and are still unable to continue past the initial recovery screen, follow these steps to come out of the loop.