BitLocker Self-Service
This article pertains only to computers on the WIN domain and that have the MDOP MBAM client installed. |
The BitLocker MBAM (Microsoft BitLocker Administration and Monitoring) web portal provides an interface for end-users and IT administrators to retrieve the BitLocker Recovery Key for any machine they have already logged on to.
BitLocker Self-Service Portal
In your web browser go to https://bitlocker.mit.edu/ and enter win\KerbID and KerbPassword.
For remote (off-campus) access to the Self-Service portal, you will need to be connected to the MIT VPN: http://kb.mit.edu/confluence/x/IjtBCQ
Check the box to acknowledge the notice and click continue.
Enter the first 8 digits of the BitLocker recover key ID. You can find the BitLocker recovery key ID by running the following from an administrative command prompt:
The Recovery Key ID can also be found during startup if the TPM for that computer has been disabled or the drive has been moved to a different computer. You will see a screen similar to this:
Remember, you can only recover the BitLocker Key if you've logged into that computer before. The MBAM database keeps a record of the users that have logged into a particular computer. If you haven't logged onto the computer and you attempt to recover the key for that computer, you will get a error message "Invalid Key ID".
If you have logged onto the computer before, the page will return the appropriate recovery key for that drive. If you cannot recover the key via self-service, please contact the helpdesk and they can retrieve the key for you.