In the case of
BitLocker, you might have required TPM plus PIN authentication. What if the user forgets
the PIN or the PCM somehow malfunctions? From a BitLocker perspective, something
has been compromised, and it will keep the data safely encrypted. The process of
recovering data-protected volumes involves the use of a recovery key or password that
gives administrators a back door into the system should something like this happen.
The following scenarios might trigger the need for a recovery to be performed:
?–? The user forgets the PIN and you don??™t have a record of it anywhere else.
?– The user has a damaged or missing USB flash drive containing the key.
?– An error occurs in the TPM or the TPM is different.
?– The TPM is disabled or cleared.
?–? Any of the early boot files are modified, thereby causing a signature mismatch
with what??™s stored in the TPM.
In these scenarios, your only choice is to go through the recovery steps. Since the
detection of this state occurs even before Windows Server 2008 is allowed to load, you
must either insert the USB flash drive containing the recovery key or enter the recovery
password. The encrypted drives will not be readable until you have unlocked them using
the recovery key or password.
NOTE When entering the recovery password, you must use function keys rather than the
regular numbers on the keyboard. Numbers 1 through 9 are represented by F1 through F9, with F10
representing 0.
Pages:
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389