Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, February 16, 2017 4:53 PM
I have what I hope is a quick question.
What do you need to do to swap a bitlocked hard drive into a similar laptop chassis?
We have a user with a damaged laptop chassis. It's Win 10 Pro with TPM and bit locker is enabled. My hope was to swap his hard drive into a similar chassis and send him on his way but I wanted to see if there's anything that I need to know when I do that.
Thanks.
All replies (14)
Thursday, February 16, 2017 4:59 PM ✅Answered | 1 vote
If you want to use it in new device, make sure to unencrypt it and turn off bitlocker and put into new PC and make sure it is working there and then encrypt it in new PC.
If you move encrypted hard drive to new PC, it won't work.
Wednesday, February 22, 2017 3:28 PM ✅Answered | 3 votes
The selected answer is wrong.
"If you move encrypted hard drive to new PC, it won't work." - wrong.
You can move the drive and boot from it after entering the recovery key - as simple as that.
When booted, you can add a new protector like a password after removing the old TPM protector. You can also add the new tpm to that drive after you remove the old TPM protector.
If you need assistance doing so, just ask.
Wednesday, February 22, 2017 3:44 PM ✅Answered
I ended up turning bitlocker off, swapping the drive, and turning bitlocker back on. It seemed to work.
TPM gets set up during the imaging process so I haven't had to have any knowledge of it yet. I don't know what kind of protector or password they use except that it's on the company's Active Directory. Is there a resource that explains how TPM works in that context?
Chris Hansen
Wednesday, February 22, 2017 5:24 PM ✅Answered | 3 votes
Take me as a source ;-)
The TPM holds the key and releases it only if certain conditions are met:
-we boot directly from the boot drive and not from some other drive
-the bios settings are at the expected values
-the hardware housing that drive is still the same
-the correct PIN (if one is setup) is entered.
If we connect the drive to another computer and boot from it, certainly those conditions are not met, so instead, the recovery key is being asked for. If you have it, it boots. When booted, you could delete the tpm protector and add the new one and it's all good.
You chose the way to decrypt the drive, which effectively removes the old tpm protector as well. So your way is ok, although it takes more time because of decryption/re-encryption.
Saturday, March 16, 2019 3:36 PM ✅Answered
Hi,
I see that this topic is old, I simply wanted to share the way I am doing, and it works.
First of all, the laptop model needs to be identical, same hardware, for the hard drive to be recognized. Cannot mix hard drive taken from a T460 with a laptop T480 or T580. It can be from a T460 to a T560... so same series.
This is way I do it and it is working on our T series:
1. On the old laptop, you open Manage BitLocker, by typing BitLocker into the Start menu and pressing Enter, or by going to the Control Panel and clicking BitLocker Encryption.
2. Click on 'Suspend protection'.
3. Shut the old laptop down, open it, and remove the hard drive.
4. Put the hard drive into the new laptop.
5. Start new laptop, go to the BIOS into the new laptop, and ensure the TPM is activated, also ensure that the security settings into the Security tab (Secure Boot) and boot settings (into Startup) are the same as into the broken laptop.
6. Save the BIOS changes, and restart new laptop.
7. Type the 48 characters BitLocker Recovery key when prompted.
8. Once you login, the BitLocker protection is turned on automatically.
This is the way I am doing on our Lenovo T series it as a technical support, and it is working without complications.
Also if ever you are prompted for the BitLocker Recovery key each time you boot Windows, disable protection, restart laptop, protection is re-enabled automatically, then issue is generally fixed, or at least it has been fixed in all the situations I encountered.
Thursday, February 16, 2017 5:04 PM
Hello hansenator
your drive is the BOOT DRIVE? or just a drive storage data?
because if is a drive storage you just need the PASSWORD but if is a BOOT DRIVE your PC need TPM too,
you can
unlock the entire drive
then swap the drive to the new chasis
and then lock again the drive with TPM platform of the new pc to avoid errors
https://www.howtogeek.com/237232/what-is-a-tpm-and-why-does-windows-need-one-for-disk-encryption/
REGARDS
Thursday, February 16, 2017 5:09 PM
I was going to ask about that. Do I need to clear the TPM on the new laptop?
Chris Hansen
Thursday, February 16, 2017 5:19 PM
Hello
if your drive is a SO boot drive, you will need TPM later to encrypt drive, but if your drive is just a storage data just need the PASSWORD.
Regards
Thursday, February 16, 2017 5:22 PM
Oh right, it is a boot drive. And it's on Active Directory.
Chris Hansen
Thursday, February 16, 2017 6:10 PM
Hello hansenator
your drive is the BOOT DRIVE (drive with the OS installed )
THEN
unlock the entire drive
then swap the drive to the new chasis (without encription)
you mount it and be sure that your drive is compatible with the new pc (check sw and hw ,etc)
configure the TPM platform in the new pc
encrypt the drive again with bitlocker
regards
Monday, March 18, 2019 12:50 PM
7: unneeded, since the protection is suspended, no recovery key can possibly be asked for.
Tuesday, February 18, 2020 7:14 PM
Does that way work on company laptop which is in AD and has Bitlocker key?
Wednesday, February 19, 2020 8:50 AM
You may transfer (and read) the bitlocked hard drive to other machines as long as you have the recovery password. It does not matter whether AD has saved the keys, or whether you use MBAM or whether that is a home system.
Tuesday, April 28, 2020 1:37 AM
Where do I get the recovery Key.
I have a cleint that dropped her Thinkpad Yoga730. I have a different Yoga 730.
When I try to swap the SSD Drive/Chip it get to the bitlocker prompt asking for a recovery key.
Help...