System powerdown by physical button triggers Bit-locker

Friend of mine wanted my help to pull data from old computer and recommission it as a spare pc for other people to use in office. I took the PC with me and turned it on. It was asking for username and password and was also originally part of Domain.

I didn’t know the password so I wanted to boot Linux live image from USB key. That wasn’t possible because there was BIOS password (or in Dell’s terms admin password) that was needed in order to boot from CD or USB.

So then I tried removing the battery from the motherboard thinking that would clear all passwords in the BIOS. The battery was out for about 2 minutes. Didn’t help. I noticed the BIOS said something about the date/time being reset but the password was still there. Hmmm…strange.

After that I shut down the system by the power button. When turned it back on. I got black screen with Bit-locker message saying something like "Recent hardware or firmware change has activated bitlocker encryption. In order to recover your system please enter code. etc…etc…

I didn’t know it had Bitlocker there. If I knew i wouldn’t be messing with it. Is there any to unlock it? We don’t have the decryption key. The computer is Dell Optiplex 760 with Windows 7.

Nope, depending on the model you could have reset the bios password jumper but you have bitlocker activated now so you’re basically screwed.

Shit. This is the second time it happened to me.

Is that domain still around? It is not an uncommon practice to store bitlocker keys with the computer object in AD.

Yes it is around but getting the computer back on it would be extremely hard. At least for me.

Back on it as in connected back to the same network, or back on as in reassociated with the domain? If it has to be reassociated, then all is lost, unless backups are an option. Or do you just not have access to the office where this machine originated?

I think this is the most accurate reason. The domain belongs to UK parliament. I actaully do have number for their IT department but if I called them and said “Hey I’m a friend of someone who used to be a Member of Parliament and I’m trying to help him get the data from his old PC. Can you help?” They would tell me two words and I one of them be OFF.

1 Like

Don’t keep me in suspense! Fuck, bugger, or piss? :slight_smile:

Okay. So yeah. You are in a bit of a bind. If for whatever reason we can’t pull the key from Active Directory, then sad times may be ahead. I might be able to Google something up, when I get home, but honestly I’d rather not try to bypass security put in place by the UK .gov. If it were me, and obviously I don’t know the whole of the situation, I’d probably try bringing it in to get the data back via official means. Not always a successful option, but it helps in avoiding jail time.

2 Likes

Lmao. That was meant to be figure of speech. Yeah I already told that friend of mine that the best course of action would be to bring it to their IT dept. If anyone has the decryption keys it’s them.

It just pisses me off so much that I’m trying to help but end up making things worse.