My organization has BitLocker enabled, but after the CrowdStrike incident, I'm concerned about not being able to launch into Safe Mode without someone manually entering recovery keys. Is there a way to perform startup repairs or access safe mode without disabling BitLocker? I know you can trigger safe mode from within the OS, but I'm asking about situations where a PC can't boot and a user needs to initiate the recovery options. Does anyone have a solution for this?
4 Answers
From what I've gathered, the recovery process requires access to the drive, but the TPM won't provide the keys to unlock it if it's not the original OS environment. That makes it tough to change things if you run into issues.
If your machines support Intel vPro, that could help with remote management and potentially allow you to access recovery options without needing a key directly from users.
Unfortunately, you can't perform a startup repair without first unlocking the drive. The automatic services that would usually unlock the drive are not active, so you'll definitely need to enter the recovery key to access it.
Does your organization use group policies or Intune configurations that back up BitLocker keys to Active Directory or Entra ID? If so, it might streamline the process when something goes wrong.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures