# HELP: Automatic BitLocker Unlock.



## Viruzz (Jun 30, 2015)

Please help,
Looking for a way( script or maybe some unknown windows command or registry hack) to automatically unlock a non OS BitLocker encrypted drive on Log-In.

My situation: Right now my OS SSD Samsung 840 Evo has a boot password, its not Bios option nor windows eDrive but the third one, the one you need 3rd party software to activate it, had to purchase EMBASSY Security Center to do it.
No issues here, the OS drive is locked and encrypted.

One of My HDD Drives is encrypted with Bitlocker, so every time my PC is booted, I need to enter windows log-in password and then open my computer and enter another password to unlock the drive.
Whats worse is that unlike the SSD that needs unlock password only after full shutdown the Bitlocker needs it every log-in.

Windows has an option to Automaticlly unlock all BitLocker drives on boot, BUT the issue here is that this official option only works if your OS drive is also BitLocker encrypted and then log-in password unlocks everything.

Im looking for maybe a windows Script or some Hidden command to automatically unlock the BitLocker drive.

Even if it Sounds insecure like having the actual password somewhere in the registry, text file or script I dont care because the OS drive is encrypted and passworded.
Also I have a TPM chip I can encrypt any file/folder so even if file is copied from my PC when its fully unlocked the files wont be readable anywhere unless unencrypted before.

If its important im on 8.1 pro 64bit

P.S. If there is no solution for my problem then my only choice is when windows 10 comes out to do a clean install on another Samsung 840 Evo that was previously cleared and eDrive option enabled


Thanks in advance.


----------



## Rafa anabe (Aug 10, 2015)

Hi, you can use the option auto unlock that  windows has.
please see http://www.eightforums.com/tutorials/21270-bitlocker-auto-unlock-turn-off-windows-8-a.html

If that option does not work, you always can do an script. This script can be put in your user account, so when you turn on the computer, the scripts rus and the disk will be unlocked.
How?
@Echo off
 manage-bde -unlock D: -recoverypassword pass ( format 345666-0241234-3942314324-1124323-64124124-654124124-8565785-38568567).

see https://technet.microsoft.com/en-us/library/cc753583.aspx

finally,
you can use three ways

BitLocker feature.
2. use the tool gpedit.msc






http://www.subirimagenes.com/otros-usuarios-9437055.html 



3. script or the user (adminstrative tools)






http://www.subirimagenes.com/otros-captura-9437056.html


----------



## Rafa anabe (Aug 10, 2015)

more clear
0down voteaccepted
I managed to figure out how to fix this. It doesn't use the native auto-unlock function like I was hoping (rather a script that unlocks using a .BEK file, as I mentioned) but it seems to work just as well.

First, you need to create a .BEK file that can unlock the disk. This is the command I used:

manage-bde -protectors -add d: -rk c:\

Substitute d: with whichever drive you want to auto-unlock. The output will look something like this (take note of the "external key file name"):

BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Key Protectors Added:

Saved to directory c:\

External Key:
ID: {9DDF4900-5E08-479A-8C4C-6ADE2DA00551}
External Key File Name:
9DDF4900-5E08-479A-8C4C-6ADE2DA00551.BEK

Now you need to create the script to unlock the drive. Just create a batch file in the root directory with the following line:

manage-bde -unlock d: -rk C:\[external key filename]

Again, replace d: with the correct drive letter. Replace [external key filename] with the filename you got before.

Finally, you need to tell Windows to run this script at startup, before you log in. (Or at least I needed it to run then, because that's where my desktop, etc. are stored.) Here's how you do that:


Press Win+R and enter gpedit.msc. (This is only in Pro, but so is BitLocker, so that's not an issue here.)


On the left, navigate to Computer Configuration > Windows Settings > Scripts (Startup/Shutdown)


Double-click "Startup" on the right


Click "Add..." and select the batch file you created before.


Click OK and exit Group Policy Editor.

Now you can reboot the computer to test it. You should see your drive automatically unlocked


----------



## Viruzz (Aug 10, 2015)

Rafa anabe said:


> more clear
> 0down voteaccepted
> I managed to figure out how to fix this. It doesn't use the native auto-unlock function like I was hoping (rather a script that unlocks using a .BEK file, as I mentioned) but it seems to work just as well.
> 
> ...




Thank you sir, ill try your solution.

Windows Auto unlock ONLY works in case you have Bitlocker on your system drive, because if your system drive is not encrypted auto unlocking other drives means loss of security.
But in my case my system drive is Encrypted with hardware encryption that i password unlock during boot. So auto unlocking Bitlocker drives will do fine for me.


----------

