Another Bitlocker key needed after motherboard replacement

[timeshifter]

Cell phone providers are just as bad. People destroy their phones and the cell store clerk doesn’t want to help you recover your old account so they just create a new one

I don't blame them at all. They're not paid by the hour to troubleshoot things like that, like we are (I am). Getting access to an email account can be quite difficult. Sometimes client's don't even know which account it is. The level of dread I experience these days whenever I have to ask someone for a password to some account is off the charts. Rarely is it a 30 second request.

Ironically, that's exactly what happened here.

After going through two different email addresses / Microsoft accounts, looking for a recovery key I asked: are there any other email addresses? Nope.

Well, yes, in fact there were. I found it by looking in the registry of the backup image (thanks @Markverhyden ).

The system is up and running now! The recovery key was there. Now that I'm in, the effing email address is one of two Gmail accounts in their Windows Mail program!

 

[nlinecomputers]

Well I hope that you are going to get them on a more regular backup. With proper backups it should not matter what the fraking BitLocker key is. You just restore from the backup and reenable or permanently disable as the client desires.

 

[timeshifter]

Well I hope that you are going to get them on a more regular backup. With proper backups it should not matter what the fraking BitLocker key is. You just restore from the backup and reenable or permanently disable as the client desires.

I appreciate all your help on this topic. You may have noticed my stubbornness to figure out what happened to the recovery key and learn about this process, and you may have presumed I was desperately seeking a solution to prevent losing their data. I had three different backups I could have rebuilt from.

They've got a couple of decent backups and I'm about ready to do a N&P. But I hate giving up.

As I mentioned they have decent backups. Actually a Veeam image backup and a Windows Image backup and loose files too. Was thinking of a way to tell what the Microsoft account email address was by browsing the backups. Can't think of a way to do that. BUT, I suppose I could restore one of the images to a different computer, boot it up and try to log on?

edit: come to think about it more, I can't think of a suitable computer I have lying around... is there a way to tell the name of the users MS account from an image backup? Is it in the registry somewhere?

In fact, what ultimately solved the problem was an image backup. I was able to find the email address of the account by copying the registry files from a backup image and looking at them in regedit.

 

[nlinecomputers]

I knew you had a backup but I assumed it wasn't recent and thus incomplete. I'm billable by the hour. Not gonna waste my clients time trying to solve a pointless puzzle when I have a full backup available. I would not have bothered with all this....

 

[Markverhyden]

The system is up and running now! The recovery key was there. Now that I'm in, the effing email address is one of two Gmail accounts in their Windows Mail program!

They remembered their pw for that email? Well I'd not waste any money buying any lottery tickets for a couple of month since you've used up a chunk of your good luck. I've got customer's who I've finally trained to write down their passwords and then they can't find the paper/notepad they used.

 

[britechguy]

I've got customer's who I've finally trained to write down their passwords and then they can't find the paper/notepad they used.

What I've found fascinating over time is that virtually all my senior citizen clients have been doing this from day one, and almost all of them can find that notepad immediately when needed.

The problem is that they often have not kept the information updated when password changes were forced. Some do, and I'm eternally grateful for that, but many others don't and the password recovery circus begins!

It's far less consistent among the young and even very small businesses.

 

[timeshifter]

I knew you had a backup but I assumed it wasn't recent and thus incomplete. I'm billable by the hour. Not gonna waste my clients time trying to solve a pointless puzzle when I have a full backup available. I would not have bothered with all this....

I think the backups are / were current enough that they would have been OK either way. Most of the time I've spent on this I chalk up to educating myself, and it's been used up doing research trying to understand the peculiarities of Bitlocker and why I couldn't find the key.

It reminds me of the days, it's been a while since I heard this, when old people using Outlook would say "I don't have a password" when asked for their email password. They didn't mean they didn't know what it was or where it was, they meant their email system doesn't use a password, therefore I can't give you one. Can't give you a key to put in a door when there is no key hole or lock in their mind.

If this situation ever presents itself again it would take about 10-15 minutes to retrieve the key the way I did: mount backup image, load registry, find key and email. "What about this address?" Reset password. Type in Bitlocker key on boot screen. Fixed.

They remembered their pw for that email?

No, in fact I didn't bother asking. Just went through the reset process. They had access to the recovery email, so it wasn't a big deal.

 

[Porthos]

They had access to the recovery email

In many cases that will not be the case.
Here Spectrum, if you leave them you lose your email access instantly. When AT&T offers a lower price many will jump ship for economic reasons.

 

[britechguy]

Here Spectrum, if you leave them you lose your email access instantly.

One of the reasons I discourage residential users from using ISP provided email addresses. The mess that remains from Verizon hastily exiting the email business, and allowing those who wished to have their Verizon addresses be handled by AOL still poses challenges to this day. I need to determine exactly how one terminates an AOL-managed Verizon address soon as part of dealing with an estate.

The Gmail addresses were dirt simple to terminate.

 

[Porthos]

One of the reasons I discourage residential users from using ISP provided email addresses.

I do that as well. But when you get a client that used the ISP email from day 1 of getting internet many years ago it is a problem.

 

[britechguy]

I do that as well. But when you get a client that used the ISP email from day 1 of getting internet many years ago it is a problem.

Agreed.

But forewarned is forearmed!

All I can do is to lay out the possibilities and the rationale for my advice. Whether or not it's taken is not my call.

If someone has been using an ISP provided email address for years I really don't expect them to change. But I do want them to be aware of the possible results of switching ISPs.

 

[Sky-Knight]

Bingo!

There's a Gmail address listed there they've I've never heard of, using a form of the customer's name.

To be continued...

This seems odd to me that this works, the entire point of bitlocker is to encrypt the entire disk. If you can read the registry hive... it's not working!

 

[nlinecomputers]

Re-read he peeked into the image backup not the drive.

 

[Choppie]

They remembered their pw for that email? Well I'd not waste any money buying any lottery tickets for a couple of month since you've used up a chunk of your good luck. I've got customer's who I've finally trained to write down their passwords and then they can't find the paper/notepad they used.

I know the feeling.....!!!!! I have clients that will refuse to write down the NEW password, and say they'll remember it. I pull up notepad.exe, copy and paste the user and pass.....change font to 50 and print a few copies on their printer, i then tape it to the side of their computer!!!!!

The other client type is, OH....I HAVE IT RIGHT HERE.......20 min go by and FINALLY they find the garbage note pad with 1 thousand scribbles on it....absolute ZERO notes are legible, caps on or caps off.....is that a space or not.... is that a 1 or an i,.....nothing useful...!!!!!

THEN TO WIN THE IDIOT TROPHY..... Retired HARVARD professor client..... THIS IS HOW I DO IT... writes all passwords down in caps! then will underline the letters that are actually caps! THEN he makes the comment to me... I HAVE TO CREATE A NEW PASSWORD EVERY TIME I LOG IN.....ITS CRAZY.....WHY DO THEY DESIGN THIS FOOLISH STUFF THIS WAY...

My only logical conclusion is that there are issues in the drinking water in different local towns here, has to be something they are ingesting to cause total mental failure.....!!!!

 

[Sky-Knight]

@Choppie Another benefit of Windows Hello means use of Phone Sign-on, which when translated also means PASSWORDLESS sign-on.

Type in email address, two digit number appears, phone buzzes, two digit number into phone, unlock phone, sign-in complete.

User never forget how to unlock their phones, ok well they do... but not with the frequency they forget passwords. And for those that don't want to use their phones, there is always Yubikeys!

Passwords suck, free your users from them! We have the technology!

 

[NETWizz]

I know this is NOT going to always be possible because many computers that need a Motherboard don't POST, BUT...

If you have the old motherboard, and sometimes it works...

Connect the drive and SAME processor it had (this is critical unless it had a discrete TPM).

Boot into Windows Not knowing the key. Sure you can back it up or print it to a PDF and email it at this point...

At any rate if you can get into Windows in the future, ALWAYS Suspend Bitlocker protection before moving a Bitlocked drive to a new motherboard.

Then it will boot one time, auto enable Bitlocker and update the TPM on the new box. You won't have to type anything... It will simply start working and be secured/encrypted within seconds.