Home

BitLocker Data Recovery Agent to Unlock BitLocker Drive

Published/Updated on Tuesday, July 2, 2024

M3 Software author Wilsey Young

Written by

Wilsey Young

English

Summary: This article offers a tutorial on downloading BitLocker Data Recovery Agent to unlock the BitLocker encrypted drive. iBoysoft Data Recovery for Windows is recommended for restoring lost data from the BitLocker encrypted drive.

BitLocker data recovery agent

BitLocker data recovery agents are individuals whose public key infrastructure (PKI) certificates have been used to create a BitLocker key protector, so those individuals can use their credentials to unlock BitLocker-protected drives. BitLocker Data recovery agents can be used to recover BitLocker-protected operating system drives, fixed data drives, and removable data drives. 

However, when using BitLocker data recovery agents to recover operating system drives, the operating system drive must be mounted on another computer as a data drive for the BitLocker data recovery agent to be able to unlock the drive. BitLocker Data recovery agents are added to the drive when it is encrypted and can be updated after encryption occurs.

You can click the buttons below to share this post!

 

When do we use BitLocker Data Recovery Agent?

In Windows 7, we introduced the feature of BitLocker Data Recovery Agent which can be used to unlock fixed data drives and removable data drives.

Generally, when we encrypt the USB flash Drive or fixed data drive, we give a password to unlock the drive. By using a file-based certificate we get an additional protector for the drive and we can use it to unlock the drive. 

How to install the file-based certificate on the computer?

In order to use a Group Policy to apply the certificate to all machines in the OU, you need to install the file-based certificate on the computer.

  1. Press the Windows+R keys to open the Run dialog box.
  2. Type certmgr.msc in the box and hit the enter key to open Certificate Manager on the client's computer.
  3. Expand Personal and click Certificates. Right-click on Certificates to select All Tasks and then select Request New certificate.
    request a certificate
  4. Under the Certificate Templates, select the BitLocker Data Recovery Agent certificate template. If you do not have the BitLocker Data Recovery Agent template, copy the Key Recovery Agent template and then add BitLocker Drive Encryption and BitLocker Drive Recovery Agent from the application policies.
  5. Install the certificate on the computer.
  6. Export the Certificate.
  7. Save the certificate to a location on your computer.

Now you can use a Group Policy to apply the certificate to all machines in the OU:

  1. Open the Group Policy Management Console and add the BitLocker Data Recovery Agent.
  2. Expand Computer Configuration > Windows Settings > Security Settings > Public Key Policies > BitLocker Drive Encryption.
  3. Right-click on BitLocker Drive Encryption and then click Add BitLocker Data Recovery Agent. 
    add BitLocker data recovery agent
  4. After adding the BitLocker Data Recovery Agent, go to the Windows 7 client machine.
  5. After Adding the certificate, run gpupdate /force on the client machine.

How to lock and unlock the BitLocker encrypted drive?

On the Windows 7 client machine, you can open an elevated command prompt and use the following commands.

To get the protectors, run:

manage-bde -protectors -get <drive letter>:

To lock BitLocker encrypted drive, run:

manage-bde -lock <drive letter>:

To unlock BitLocker encrypted drive, run:

manage-bde -unlock <drive letter>: -cert -ct <Certificate Thumbprint>

unlock BitLocker encrypted drive with certificate thumbprint

How to recover lost data from a BitLocker encrypted drive?

iBoysoft Data Recovery for Windows is a professional data recovery tool that can help you recover lost data from a BitLocker encrypted drive on the premise that you have the original password or BitLocker recovery key.

  1. Download, install, and launch iBoysoft Data Recovery for Windows on your computer. Select the “BitLocker Data Recovery” Module.
    iBoysoft Data Recovery for Windows
  2. Choose the BitLocker encrypted drive from which you want to recover lost data and click “Next” to continue.
  3. Enter the BitLocker recovery key or password.
    iBoysoft Data Recovery for Windows
  4. Scan the lost files from the BitLocker encrypted drive.
  5. After your files are found, please tick them and click "Recover" to save.
    iBoysoft Data Recovery for Windows

You can share this wonderful data recovery tool with your friends on social media!