English Community

Software and Operating SystemWindows 10
All Forum Topics
Options

1 Posts

06-19-2020

US

2 Signins

25 Page Views

  • Posts: 1
  • Registered: ‎06-19-2020
  • Location: US
  • Views: 25
  • Message 1 of 1

Laptop boot triggers Bitlocker recovery mode

2020-06-19, 8:13 AM

Hello

 

We are a Managed Service Provider and have for the past many months experienced that some of the laptops (Lenovo L-series & T-series only) we sell triggers Bitlocker Recovery Mode.

I can explain the process we take on all our laptops before the triggering happens.

 

  • On a new laptop we perform a clean Windows 10 pro installation
  • We create a local admin user or join the laptop to an AD/ or AzureAD.
  • We perform driver updates and Windows updates.
  • We have a script that installs a few programs such as Firefox, Chrome, Adobe Reader etc...
  • The script adds "Authenticated Users" in Administrator group under Computer Management
  • Installs an AV program
  • And finally, we use Bitlocker to encrypt the disk so that it is GDPR compliant

 

 

Throughout the process we perform multiple restarts. I don't really know where in the process the bitlocker "fails" to force the laptop into recovery mode but we've had this issue for atleast a year now and its affecting our business as some of our customers exprience this problem while on duty. 

Please be aware that we're looking for help to find a solution where our users dont encounter recovery mode and not how to get past recovery mode. We usually store the keys on our FTP server and this is not a problem for us.  The laptops that we face this problem on are Lenovo models ranging from T460-T480/s and a few L-models such as L460. We have thousands of laptops that we manage to our customers and some of them have very much identical setup in terms of specs, build year and our own setup. Not every customer experience this its very important that you know. To put it into perspective, if we have 10x T480s laptops with the same exact setup only one of them would go into recovery mode and a reinstallation of Windows would then be required, unless we have the recovery key.

We've tried various things:

 

 

  • Playing with the Bitlocker settings (partial encryption, full encryption..)
  • Encrypt disc before/after windows updates / system(lenovo) updates
  • Performed tests on different account types (local, AD & AAD). We've seen all type of accounts encounter recovery mode.
  • Changing our automation script to not mess with anything system or security related. We're very aware of the changes our script makes and as of today we change nothing beside download a few programs.

 

-and other things I can't think of right now. The point is, we've tried our best to find a solution and still haven't suceeded. I hope some of you can help us find a solution as this is truly affecting our business. Yesterday out of the blue a customer who I had just prepared a Lenovo X1 for, called just to complain his brand new X1 wouldn't boot into Windows anymore. That was literally 2 hours after he came to get it from our office. I spent 5 hours to get it running again.

I hope some of you can help us with a solution :-) Thanks

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete