• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

HELP: Automatic BitLocker Unlock.

Viruzz

Viruzz

Joined
Jun 25, 2015
Messages
173 (0.05/day)
Location
The Wasteland
System Specs
System Name 4K Master
Processor AMD 5950x
Motherboard MSI Creation x570
Cooling Black Ice Nemesis 360GTX+480GTS, Dual Pumps
Memory TridentZ DD4 64GB 3600Mhz
Video Card(s) MSI RTX3090
Storage OS: Optane 900p 480Gb, Games: Samsung 860 EVO 4Tb x3 + 970 EVO Plus 2Tb x2
Display(s) LG OLED 55C9
Case Phantecs Enthoo 719
Audio Device(s) Hyperx Cloud Orbit S
Power Supply Corsair HX1200i + CableMod Full KIt
Mouse Razer Mamba Elite
Keyboard Razer Huntsman Elite v2
VR HMD HP G2 v2 + Quest 2
Software Windows 11Dev Preview
Please help,
Looking for a way( script or maybe some unknown windows command or registry hack) to automatically unlock a non OS BitLocker encrypted drive on Log-In.

My situation: Right now my OS SSD Samsung 840 Evo has a boot password, its not Bios option nor windows eDrive but the third one, the one you need 3rd party software to activate it, had to purchase EMBASSY Security Center to do it.
No issues here, the OS drive is locked and encrypted.

One of My HDD Drives is encrypted with Bitlocker, so every time my PC is booted, I need to enter windows log-in password and then open my computer and enter another password to unlock the drive.
Whats worse is that unlike the SSD that needs unlock password only after full shutdown the Bitlocker needs it every log-in.

Windows has an option to Automaticlly unlock all BitLocker drives on boot, BUT the issue here is that this official option only works if your OS drive is also BitLocker encrypted and then log-in password unlocks everything.

Im looking for maybe a windows Script or some Hidden command to automatically unlock the BitLocker drive.

Even if it Sounds insecure like having the actual password somewhere in the registry, text file or script I dont care because the OS drive is encrypted and passworded.
Also I have a TPM chip I can encrypt any file/folder so even if file is copied from my PC when its fully unlocked the files wont be readable anywhere unless unencrypted before.

If its important im on 8.1 pro 64bit

P.S. If there is no solution for my problem then my only choice is when windows 10 comes out to do a clean install on another Samsung 840 Evo that was previously cleared and eDrive option enabled


Thanks in advance.
 
R

Rafa anabe

New Member
Joined
Aug 10, 2015
Messages
2 (0.00/day)
Hi, you can use the option auto unlock that windows has.
please see http://www.eightforums.com/tutorials/21270-bitlocker-auto-unlock-turn-off-windows-8-a.html

If that option does not work, you always can do an script. This script can be put in your user account, so when you turn on the computer, the scripts rus and the disk will be unlocked.
How?
@Echo off
manage-bde -unlock D: -recoverypassword pass ( format 345666-0241234-3942314324-1124323-64124124-654124124-8565785-38568567).

see https://technet.microsoft.com/en-us/library/cc753583.aspx

finally,
you can use three ways

BitLocker feature.
2. use the tool gpedit.msc


http://www.subirimagenes.com/otros-usuarios-9437055.html



3. script or the user (adminstrative tools)



http://www.subirimagenes.com/otros-captura-9437056.html
 
R

Rafa anabe

New Member
Joined
Aug 10, 2015
Messages
2 (0.00/day)
more clear
0down voteaccepted
I managed to figure out how to fix this. It doesn't use the native auto-unlock function like I was hoping (rather a script that unlocks using a .BEK file, as I mentioned) but it seems to work just as well.

First, you need to create a .BEK file that can unlock the disk. This is the command I used:

manage-bde -protectors -add d: -rk c:\

Substitute d: with whichever drive you want to auto-unlock. The output will look something like this (take note of the "external key file name"):

BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Key Protectors Added:

Saved to directory c:\

External Key:
ID: {9DDF4900-5E08-479A-8C4C-6ADE2DA00551}
External Key File Name:
9DDF4900-5E08-479A-8C4C-6ADE2DA00551.BEK

Now you need to create the script to unlock the drive. Just create a batch file in the root directory with the following line:

manage-bde -unlock d: -rk C:\[external key filename]

Again, replace d: with the correct drive letter. Replace [external key filename] with the filename you got before.

Finally, you need to tell Windows to run this script at startup, before you log in. (Or at least I needed it to run then, because that's where my desktop, etc. are stored.) Here's how you do that:

  1. Press Win+R and enter gpedit.msc. (This is only in Pro, but so is BitLocker, so that's not an issue here.)

  2. On the left, navigate to Computer Configuration > Windows Settings > Scripts (Startup/Shutdown)

  3. Double-click "Startup" on the right

  4. Click "Add..." and select the batch file you created before.

  5. Click OK and exit Group Policy Editor.
Now you can reboot the computer to test it. You should see your drive automatically unlocked
 
Viruzz

Viruzz

Joined
Jun 25, 2015
Messages
173 (0.05/day)
Location
The Wasteland
System Specs
System Name 4K Master
Processor AMD 5950x
Motherboard MSI Creation x570
Cooling Black Ice Nemesis 360GTX+480GTS, Dual Pumps
Memory TridentZ DD4 64GB 3600Mhz
Video Card(s) MSI RTX3090
Storage OS: Optane 900p 480Gb, Games: Samsung 860 EVO 4Tb x3 + 970 EVO Plus 2Tb x2
Display(s) LG OLED 55C9
Case Phantecs Enthoo 719
Audio Device(s) Hyperx Cloud Orbit S
Power Supply Corsair HX1200i + CableMod Full KIt
Mouse Razer Mamba Elite
Keyboard Razer Huntsman Elite v2
VR HMD HP G2 v2 + Quest 2
Software Windows 11Dev Preview
Rafa anabe said:
more clear
0down voteaccepted
I managed to figure out how to fix this. It doesn't use the native auto-unlock function like I was hoping (rather a script that unlocks using a .BEK file, as I mentioned) but it seems to work just as well.

First, you need to create a .BEK file that can unlock the disk. This is the command I used:

manage-bde -protectors -add d: -rk c:\

Substitute d: with whichever drive you want to auto-unlock. The output will look something like this (take note of the "external key file name"):

BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Key Protectors Added:

Saved to directory c:\

External Key:
ID: {9DDF4900-5E08-479A-8C4C-6ADE2DA00551}
External Key File Name:
9DDF4900-5E08-479A-8C4C-6ADE2DA00551.BEK

Now you need to create the script to unlock the drive. Just create a batch file in the root directory with the following line:

manage-bde -unlock d: -rk C:\[external key filename]

Again, replace d: with the correct drive letter. Replace [external key filename] with the filename you got before.

Finally, you need to tell Windows to run this script at startup, before you log in. (Or at least I needed it to run then, because that's where my desktop, etc. are stored.) Here's how you do that:

  1. Press Win+R and enter gpedit.msc. (This is only in Pro, but so is BitLocker, so that's not an issue here.)

  2. On the left, navigate to Computer Configuration > Windows Settings > Scripts (Startup/Shutdown)

  3. Double-click "Startup" on the right

  4. Click "Add..." and select the batch file you created before.

  5. Click OK and exit Group Policy Editor.
Now you can reboot the computer to test it. You should see your drive automatically unlocked
Click to expand...


Thank you sir, ill try your solution.

Windows Auto unlock ONLY works in case you have Bitlocker on your system drive, because if your system drive is not encrypted auto unlocking other drives means loss of security.
But in my case my system drive is Encrypted with hardware encryption that i password unlock during boot. So auto unlocking Bitlocker drives will do fine for me.
 
You must log in or register to reply here.
Top