BitLocker Recovery

Like all of you I never expect a day that starts with a call to IT Helpdesk to go well.  Fortunately this story has a happy ending.

This morning I got to my desk and discovered that my laptop corrupted somehow last night.  No problem – Windows 8 has some great self-healing tools built in, and it booted immediately to the Recovery procedure.

Problem. Microsoft IT has a policy that it will automatically enable BitLocker and encrypt all of the volumes on your corporate laptop.

of course I am a huge fan of BitLocker, and would have encrypted it myself given the chance.  Of course, had I done that it would have given me my recovery key, which I would have simply entered into the appropriate box and we would have been on our way.  I didn’t have that key.

Fortunately a call to the IT Help Desk (I had to look up the number – I fix the vast majority of my issues on my own!) connected me with Robert, who reassured me that the recovery key was stored in Active Directory.  He asked me a series of security questions to determine that I am indeed who I said I am (he did NOT ask me my mother’s maiden name or the name of my first pet thank you very much!) and then asked me one more question…

“I see that you have a Windows 8 Smartphone…I assume you can still access your email?”

Aha… one extra layer of security!  I love it.  He waited on the line as the email came through.  I entered the key (FAR too long for comfort, but again, great security) and after a few minutes Windows had healed itself.  I thanked Robert and rang off.

I always profess the value of a secure, well-managed IT infrastructure, and this experience reminded me that Microsoft does indeed ‘eat its own dog food.’  The security is built in, and the fact that help desk was able to help me so efficiently proved that it is well managed.

So how about yours?  You have all of the tools to implement these tools, so go do it 🙂


3 responses to “BitLocker Recovery”

  1. So, MS IT is not using MBAM…?

    1. Actually Neil I am not sure what they do behind the scenes, but both MBAM and AD would be viable alternatives 🙂 -MDG

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: