Windows 10: Bitlocker suddenly stops auto-unlocking my system drive - cannot seem to re-enable

I have a Dell XPS9710 with Windows 11 Pro and two SSDs.A year ago I remastered the entire system and enabled bitlocker w/auto-unlock on my data drive, as well as my system drive.Everything was find until two weeks ago.My laptop ran out of power and since I did not have a charger, so I borrowed one from a friend. Upon starting the system it identified the charger as delivering insufficient power. I tried booting anyway but to no avail, it asked for a bitlocker key for my system drive.Please note that no hardware changes were made.Since that moment, my laptop asks for the Bitlocker key every tim

:)

 

Enable Bitlocker auto-unlock without system drive encryption

1. turn off bitlocker on the drive you want to auto-unlock
   
2. mount this drive as a removable drive
   i.e plug it into a usb attached drive unit such as StarTech or many others
   
3. boot the system and bitlock the drive and turn on auto-unlock
   
4. shutdown the system
   
5. mount the drive as a permanent drive
   
6. reboot the system and the drive will auto-unlock because windows now thinks
   that it is a removable drive
   

Works For Me with no problems

 

Enable Bitlocker auto-unlock without system drive encryption

Does anyone know of any trick - registry change, group policy etc. which will allow a Bitlocker volume to be auto-unlocked without having a bitlocker encrypted system drive?

My system drive is a Samsung 850 Pro SSD, so it obviously has built-in encryption, which I enable by using a bios drive password.

I'm not using Bitlocker on the system drive, because with my bios I can't configure it to use the native hardware encryption, so it'd be wasting resources encrypting with the CPU.

I have a second mechanical hard drive, which I've encrypted with Bitlocker and I'd like to be able to auto-unlock it.

At the moment I've figured out a hack to do it, by running a task at system boot, that uses the bitlocker command line utility to manually unlock the drive. However this seems a very clunky way to do it.

I understand the reasoning behind this restriction, because they don't want to store decryption keys on an unencrypted drive, however in my case it doesn't really apply, as the system drive is fully encrypted, just not with Bitlocker.

I'm just wondering if there is some way to override this check, and force it to allow auto-unlock?

 

Enable Bitlocker auto-unlock without system drive encryption

Assumptions:

• Your task enters the password, so it is saved in the Windows Task scheduler.
  
• You do not like entering the Data drive password after very boot.
  

This workaround might not be less clunky, but maybe a bit less insecure.

Indeed, Windows will not allow you to enable auto-unlock on a fixed drive when the system partition is not encrypted (with bitlocker).

However, I used a workaround. I saved a recoverykey (a external key file) with the manage-bde command to a USB flash drive. Now whenever I want to unlock the drive, instead of typing in the password, I click on the text-button below it and it automatically checks existing USB devices and unlocks. So clicking instead of typing.

In your situation, because C is encrypted in another way while my C was not, I would temporary create the key on a (bitlocker encrypted) USB flash drive. This file is *.bek is a system hidden file type dir /A:S to see; copy this to a dir C:\User\{Accountname}\AutoUnlockKeys\{keyfileid}.bek. I would deny rights to this folder as much as possible.

Then update your task to

manage-bde -unlock D: -RecoveryKey "C:\pathtofile\key.bek"

Where C: is an encrypted system drive using something else than Bitlocker.

Normally the auto-unlock key is saved in the registry. The benefit of -RecoveryKey task in comparison to the -Password unlock task is that your weakest link is not the password mentioned in clear text in the Windows Task manager, but, the weakest link is the Windows' access rights applied to the folder/*.bek key file.