Hey everyone! I just started at a small business and we have PCs with local accounts that aren't connected to a domain. One of our previous employees left without sharing their password, and now I need to access their PC. The machine boots into Windows 11 and is connected to the local network (I can ping it). However, BitLocker is enabled, so attempts to reset the local account password have been unsuccessful since any recovery efforts require the BitLocker recovery key. Does anyone have suggestions on how I might change the password or bypass the login screen? I'm considering using something like PSExec, but I don't have admin rights on the machine. Any help would be appreciated!
3 Answers
BitLocker is designed to prevent unauthorized access, so bypassing it is tough without the recovery key. If you can access the user account on Office 365, try resetting the password there. After resetting, go to this link: https://aka.ms/myrecoverykey to possibly find the BitLocker key. Once you have that, you can decrypt the hard drive. From there, you can use the sticky keys method to replace cmd with sticky keys and then change the local account password. Also, consider creating unique local accounts with random passwords across devices moving forward to avoid this issue again! If the device is registered with Intune, you might also be able to find the BitLocker key there directly, which makes things easier.
I faced a similar situation before. Hiren's BootCD is a solid option to try and disable BitLocker. Check out this guide [here](https://hwbusters.com/quick-tips/quick-tips-15-how-to-unbitlock-a-drive/) for instructions. Just keep in mind, without the BitLocker recovery key it might be tricky, but it's worth a shot!
Honestly, the easiest way might be to get your hands on the BitLocker recovery key from the cloud if it’s saved there. If you have access to the user’s Office 365 account, you can also reset the password and potentially retrieve the key. Just remember that circumventing BitLocker without the key is intended to be ultra-secure, so it can be pretty tricky!
For prevention in the future, have a look into LAPS (Local Administrator Password Solution). It automates managing local account passwords and can really save you from issues like this!