I’m currently working on troubleshooting a computer that won’t boot into Windows. The system drive is encrypted with BitLocker, and I need to access the files on the drive. I plan to use Windows Preinstallation Environment (WinPE) for this purpose, but I understand that the default WinPE does not include BitLocker support. Could you please provide detailed instructions on how to create a WinPE boot disk that includes BitLocker support? Additionally, I need guidance on how to use this boot disk to unlock the BitLocker-encrypted drive. Any help or step-by-step guide would be greatly appreciated. Thank you!
By default, Windows Preinstallation Environment(WinPE) does not include support for BitLocker, so you need to create a WinPE image that includes BitLocker components. Additionally, you must have the appropriate recovery key or other authentication credentials to unlock the drive. This guide will walk you through the necessary steps to create a BitLocker-compatible WinPE boot disk and unlock your BitLocker-encrypted drive.
Windows Preinstallation Environment (WinPE) is a lightweight version of Windows used for deploying PCs, workstations, and servers, or troubleshooting an operating system while it is offline. It provides a minimal operating system that can be used to prepare a computer for Windows installation, to copy disk images from a network file server, and to initiate Windows setup.
To unlock a BitLocker-encrypted drive under WinPE, follow these steps:
Preparation: Before you begin, ensure you have installed the Windows Assessment and Deployment Kit (ADK) and the WinPE add-on. You can download them from the official Microsoft website.
1. Run Deployment and Imaging Tools Environment as administrator.
2. Create the WinPE Image Working Directory:
copype amd64 C:\WinPE_amd64
Note: Run copype command to determine the corresponding command according to your situation.
3. Mount the WinPE Image for Modification:
dism /Mount-Image /ImageFile:C:\WinPE_amd64\media\sources\boot.wim /index:1 /MountDir:C:\WinPE_amd64\mount
4. Create a BitLocker Subdirectory in the Mounted Image:
mkdir C:\WinPE_amd64\mount\Windows\System32\BitLocker
5. Copy "manage-bde.exe" and Its Language Files:
copy C:\Windows\System32\manage-bde.exe C:\WinPE_amd64\mount\Windows\System32\BitLocker\
xcopy C:\Windows\System32\en-US C:\WinPE_amd64\mount\Windows\System32\BitLocker\en-US /s /e
6. Install the Necessary Packages:
dism /Image:C:\WinPE_amd64\mount /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-WMI.cab"
dism /Image:C:\WinPE_amd64\mount /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-SecureStartup.cab"
dism /Image:C:\WinPE_amd64\mount /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-EnhancedStorage.cab"
dism /Image:C:\WinPE_amd64\mount /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-Scripting.cab"
7. Install the Corresponding Language Packages:
dism /Image:C:\WinPE_amd64\mount /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-WMI_en-us.cab"
dism /Image:C:\WinPE_amd64\mount /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-SecureStartup_en-us.cab"
dism /Image:C:\WinPE_amd64\mount /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-EnhancedStorage_en-us.cab"
dism /Image:C:\WinPE_amd64\mount /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-Scripting_en-us.cab"
8. Unmount the Image and Save Changes:
dism /Unmount-Image /MountDir:C:\WinPE_amd64\mount /Commit
9. Create the WinPE Boot Disk with the Modified Image:
MakeWinPEMedia /UFD C:\WinPE_amd64 X:
Note: Replace the "X" with your actual drive letter.
Tip: Alternatively, you can use the MakeWinPEMedia /ISO C:\WinPE_amd64 D:\winpe-bitlocker.iso command to create the ISO image.
Ensure you have a file containing your recovery key accessible from WinPE.
1. Boot into WinPE.
2. Add the Environment Variable:
set path=%path%;X:\Windows\System32\BitLocker
3. Use following command to open the file and copy the recovery key.
notepad YOUR_FILEPATH
4. Unlock the BitLocker Encrypted Drive
manage-bde -unlock E: -recoverypassword YOUR_RECOVERY_KEY
Once the drive is unlocked, you can access the files stored on it.
Unlocking a BitLocker-encrypted drive under WinPE requires creating a custom WinPE image with BitLocker support and having the correct recovery key or authentication method. By following the detailed steps outlined above, you can successfully create a WinPE boot disk and access your BitLocketr-encrypted drive. This process ensures that you can maintain access to your encrypted data even in a pre-installation environment.
Rest assured; this error can be easy solved by simply modifying the Group Policy Editor or Registry Editor. Go ahead reading, you'll understand why this happen and work it out.
Lydia
Learn how to access a BitLocker-encrypted drive in Safe Mode. Understand the requirements and steps to unlock and use your protected data securely.
Benjamin
Rest assured, following BitLocker tool -- BitLocker Repair-bde is ready to help you fix it. Repair-bde is used to recovery data from a damaged BitLocker-encrypted drive.
Lydia
What is a BitLocker recovery key, and how can I use it? What is its main role in BitLocker drive encryption, and where can I find it? This post will explain everything you need to know.
Benjamin
