Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, February 6, 2020 1:55 PM
I seem to have read somewhere that the initial bitlocker encryption fails when the device is docked but cannot lay my hands on the actual source of that?
is this statement true or is it only true when the initial bitlocker encryption is configured to be done with the enduser silently?
thanks in advance
All replies (3)
Thursday, February 6, 2020 9:01 PM
No, that's not true.
However, one has to be careful with docking stations, since shutting down and undocking an encrypted laptop and then trying to restart it undocked might trigger recovery mode.
Please note: "might" means, that it usually does not pose a problem, only with some hardware models it does.
So always make sure to have a recovery key handy and try undocked restart with every different model before you let users face this possible trap.
Friday, February 7, 2020 2:28 AM
No, there is not an official document shows that BitLocker encryption will fail when the device is docked.
Microsoft has a doc introducing something related.
Issues Resulting in Bitlocker Recovery Mode and Their Resolution
/zh-cn/archive/blogs/askcore/issues-resulting-in-bitlocker-recovery-mode-and-their-resolution
From my search, only Dell docking stations are known to freak out BitLocker. To get this to work properly you need to disable booting from USB Type-C. BitLocker basically thinks someone is trying to boot from an unauthorized device, but it's just the dock.
There is a Dell article about it here:
Please Note: Since the websites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.
Luckily, your caution is unnecessary.
Regards
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Thursday, February 13, 2020 7:28 PM
This is not true.
Tell is about the actual initial encryption process.
How are you encrypting the device? Scripts, policy? Manually through control panel, or cmd prompt?From cmd prompt as an admin, Run a Manage-bde -status c: and post the content.