As long as you have enabled BitLocker Drive Encryption with or enable BitLocker without TPM, you may have set a USB flash drive as the startup key, which means you have to enter this BitLocker USB startup key if you want to boot your PC.
- Using USB key to Unblock BitLocker Overview
- Enable BitLocker USB Key
- Steps to Create BitLocker USB Key
Using USB key to Unblock BitLocker Overview
Here to walk you through using a USB key to unlock a BitLocker encrypted PC, the following procedures are provided.
However, before you begin to unlock BitLocker drive without password, you need to be certain that you enable BitLocker on USB flash drives to protect data.
Then try the ways to unlock BitLocker drive from command prompt, which can be divided into two steps, the one is enabling BitLocker USB key. And on the basis of that, create BitLocker USB recovery key on Windows 10.
Open Enable BitLocker USB Key Function
You can turn on the BitLocker USB recovery key in group policy.
2. In the Local Group Policy, find out Computer Configuration / Administrative Templates / Windows Components / BitLocker Drive Encryption / Operating System Drives.
3. Under Operating System Drives, locate and double click Require additional authentication at startup.
3. In Require additional authentication at startup window, choose to make it Enabled and then determine to Require startup key with TPM.
4. Then click Apply and OK to Configure TPM startup key for BitLocker.
Now you must use BitLocker USB key to unlock the encrypted flash drive.
Steps to Create BitLocker USB Key
It is not enough if you want to unlock BitLocker encrypted PC by only setting up the TPM startup key, you also need to add a startup key for the BitLocker drives.
1. Insert a USB drive into your computer. Windows 10 would automatically detect it and install it as you can clearly see it in This PC.
2. Enter Command Prompt in the search box and press Enter to get into it. Here either you are signing in Windows 10 as administrator or you have administrative privileges.
3. In Command Prompt, copy and paste in manage-bde -protectors –add c: –TPMandStartup Key x and then execute this command by tapping Enter key.
Here you must memorize that you can change C: to any drive letter you have to encrypt using BitLocker Drive Encryption such as D: and also change x to any other letter you would like to name the USB flash drive.
The added USB key would come up with .bek file extension. If you find it hard to search it, maybe you need to show hidden files.
Granted you have created BitLocker USB recovery key for Windows 10, no matter it is you to someone else to start your PC, it is a prerequisite to insert the encrypted USB flash drive that has BitLocker key.
At this moment, it is possible that you are entitled to use a USB key to unlock BitLocker encrypted PC on Windows 10.