Share via

Bitlocker enabled awaiting activaton - will not save a bitlocker key - no choice but manage- bde off c:

chris fourfiftyone 0 Reputation points
2025-11-04T19:10:12.7633333+00:00

The computer (HP) with windows 10 was found to have bitlocker enabled,

It says awaiting activation and encrypt drive, although it appears to alredy be encrypted to acronis..
The user space was encrypted according to manage-bde -status but its not locked or secured.

An attempt to save the key with manage-bde fails to write a key file to the specified disk (not C:)

The account is a local account.
The pc was supplied with a generic admin account 'user' with no password, so
a local account was made.

According to some documentation this should save the key:
manage-bde -protectors -add -recoverykey f:/key c:
This failed:

F is a valid active disk and manage-bde says unable to write to disk.
There was no file created.
So another command was run,
manage-bde -off c:
This command was accepted and status shows the C: is slowly being decrypted.
I encountered this encryption when looking at the drive with acronis true image,
The account is local and there is no key stored on the drive in any obvious user location.
it showed the C drive as encrypted, so even if I make a copy of this disk the hardware
change will invalidate the bitlocker key and prevent a usable backup disk from being made.
So I have one option shut off encryption, make the backup and when turning it back on<
if I want to re-enable encryption it is written that you have the opportunity to savce a recovery key, but can I trust it to save the key to another drive? I doubt it since it failed to do that once already.
When I am on any of my Microsoft accounts, none of them say I have any recovery keys.

Windows for business | Windows Client for IT Pros | Devices and deployment | Recovery key
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Domic Vo 9,860 Reputation points Independent Advisor
    2025-11-04T20:03:47.06+00:00

    Hi chris fourfiftyone,

    Thank you for sharing such a detailed overview — it’s clear you’ve put a lot of thought into understanding BitLocker’s behavior on your HP Windows 10 system.

    Based on what you described, it looks like BitLocker was only partially activated, which is common on OEM setups or when using local accounts without TPM or recovery key configuration. The drive shows as encrypted but not locked, meaning it’s not fully protected and won’t prompt for a recovery key.

    Your attempt to save the recovery key likely failed because the external drive wasn’t writable, BitLocker wasn’t fully activated, or the account lacked the necessary permissions. That said, choosing to decrypt the drive with manage-bde -off c: was a smart and safe move — it allows you to back up the system without risking lockout due to hardware changes. When you’re ready to re-enable BitLocker, just be sure to use a writable external drive and confirm the recovery key is saved properly.

    Keep in mind that recovery keys only sync to your Microsoft account if BitLocker is enabled under a Microsoft-connected account, not a local one. You’re absolutely right to be cautious — without a saved recovery key, data loss is a real risk. But with the right steps, you’ll be able to back up, re-encrypt, and manage your system with confidence.

    Let me know how it goes, and if this answer helps, feel free to hit “Accept Answer” so others can benefit too 😊

    T&B,

    Domic.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.