14 DAY FREE TRIAL

No Search Results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Remote Actions
  3. Admin actions

Category filter

Execute Unlock BitLocker action to unlock encrypted drives

Jump To

BitLocker is a built-in encryption feature in Windows that helps protect data by encrypting OS drive, fixed data drives and removable drives. It ensures that sensitive information remains secure through encryption, rendering the data inaccessible without proper authentication, particularly in the case of device loss or unauthorized access.

BitLocker automatically locks encrypted volumes under specific conditions to protect data integrity. On system drives, the encrypted volume is locked during the boot process. On removable drives, such as USB flash drives or external hard drives, the encrypted volume is locked when the drive is disconnected from the device. When a user attempts to access a BitLocker-protected drive such as after a device reboot or upon connecting a removable drive, BitLocker prompts for the appropriate key protector (e.g., PIN, password, or recovery key) to unlock the drive.

The Unlock BitLocker action in Hexnode UEM allows IT administrators to remotely unlock BitLocker-encrypted drives on managed Windows devices. This restores access without requiring user input or compromising encryption. This action is useful when assisting users who cannot access their encrypted volumes, while also allowing admins to safely access data for employee offboarding, and device reassignment to another user. BitLocker can be remotely unlocked using one of the following authentication methods: password, recovery key, recovery password, or Active Directory Domain Services.

Unlock BitLocker

You can follow the steps given below to unlock encrypted drives on the Windows device.

  1. On your Hexnode UEM portal, navigate to the Manage tab and select your Windows device.
  2. Click on Actions > Unlock BitLocker.
  3. Specify the name of the BitLocker encrypted drive you want to unlock in the Specify the drive field.
  4. Next, select the recovery option set for the drive from the drop-down list.
    • Password:
      Enter the password that was set by the user to unlock the drive. This will unlock the encrypted volume.
    • Recovery key:
      A recovery key is a file-based encryption key stored on removable media that can be used for recovering data encrypted on a BitLocker volume. Upload the recovery key file (.BEK) generated during BitLocker setup.
    • Recovery password:
      The recovery password is a 48-digit, randomly generated number that is created during BitLocker setup. Enter the recovery password generated.
    • Active Directory Domain Services:
      If your device is joined to an Active Directory domain, the BitLocker recovery key might be stored in Active Directory. Select this option to retrieve it from Active Directory Domain Services and unlock data volumes.
  5. Click on Proceed.

What happens at the device end?

A BitLocker-encrypted drive that is locked requires authentication before access is gained. For instance, the BitLocker-encrypted drive locked after device boot prompts the user to enter the required key protector (such as a password, or recovery key) to gain access.

Locked drive in Windows.

Once the action is successfully applied to the device, the drive is successfully unlocked and becomes accessible.

Unlocked drive in Windows.

Need more help?
Raise a Ticket Raise a Ticket
Ask Community Ask Community
Chat With us Chat With us
  • Remote Actions