If end users get locked out of Windows by BitLocker because they forgot their password or PIN, or because they changed operating system files or changed the BIOS or the Trusted Platform Module (TPM), they can use the Self-Service Portal to regain access to Windows without having to ask their Help Desk for assistance. How to Use the Self-Service Portal to Regain Access to a Computer
Note�?�? If the IT administrator configured an IIS Session State time-out, a message is displayed 60 seconds prior to the time-out.
Note�?�? These instructions are written for and from the perspective of end users.
To use the Self-Service Portal to regain access to a computer
- In the�?Recovery KeyId�?field, enter a minimum of eight of the 32-digit BitLocker Key ID that is displayed on the BitLocker recovery screen of your computer.Note�?�? If the first eight digits match multiple keys, a message displays that requires you to enter all 32 digits of the recovery key ID.
- In the�?Reason�?field, select a reason for your request for the recovery key.
- Click�?Get Key. Your BitLocker recovery key is displayed in the “Your BitLocker Recovery Key” field.
- Enter the 48-digit code into the BitLocker recovery screen on your computer to regain access to the computer.
Reset a TPM Lockout by Using MBAM
A Trusted Platform Module (TPM) is a microchip that is designed to provide basic security-related functions, primarily involving encryption keys. The TPM is usually installed on the motherboard of a computer or laptop, and communicates with the rest of the system by using a hardware bus. Computers that incorporate a TPM have the ability to create cryptographic keys and encrypt them so that they can be decrypted only by the TPM.
A TPM lockout can occur if a user enters the incorrect PIN too many times. The number of times that a user can enter an incorrect PIN before the TPM locks varies from manufacturer to manufacturer. You can use MBAM to access the centralized Key Recovery data system in the Administration and Monitoring website, where you can retrieve a TPM owner password file when you supply a computer ID and associated user identifier.
Recover Drives with MBAM
When you are dealing with the encryption of data, especially in an enterprise environment, consider how that data can be recovered in the event of a hardware failure, changes in personnel, or other situations in which encryption keys can be lost.
The encrypted drive recovery features of MBAM ensure that data can be captured and stored and that the required tools are available to access a BitLocker-protected volume when BitLocker goes into recovery mode, is moved, or becomes corrupted.
Make sure to check out our social media to keep track of the latest content.
Instagram - @nyongesasande
Twitter - @nyongesasande
Facebook - Nyongesa Sande