Sometimes when you start machine with BitLocker enabled and same time some storage device was connected to USB port, BitLocker might request Recovery Key. This happens because USB ports is listed on boot device search list. To avoid this type of event best idea is to remove USB from boot search list. However, changing list of boot devices might also trigger BitLocker.

How to deal with this type of situation? Follow steps below:

1. Suspend BitLocker  – command: manage-bde -protectors -disable c:
2. Reboot machine
3. Go to BIOS and remove all USB devices from available boot devices list
4. Boot up to Windows
5. Resume BitLocker – command: manage-bde -protectors -enable c:

After that no more issues with BitLocker during startup when USB storage devices are connected.

If you have machine which is not connected to domain, but has TPM chip you might want to encrypt disks with BitLocker and enable PIN protection at boot-up.

In order to do that you have to make sure TPM is activated and enabled for provisioning in BIOS. Next step will be to allow PIN use, as by default that option is not active especially on machines not connected to Active Directory domain.

So, to enable ability to set PIN follow the steps:

(more…)