in System Administration

Changing lost Admin Passphrase on Windows 7 Bitlocker encrypted drives

I don’t know what happened, but a customer of mine forgot the Admin account passphrase. Maybe forgot was not the right way to put it, as the one it should have been did not work anymore. My best guess was my customer changed it himself and couldn’t remember. But saying that out loud would be treason so I just kept my mouth shut and was looking for a way to reset the passphrase. Something that turned out to be a nightmare as my customer did not make a recovery cd.

First try – WinPE

My first try was looking at Serverfault . I will spare you the details. It did not work. manage-bde.wsf seems to have been replaced by manage-bde.exe and it’s documentation on Microsoft’s side is just wrong. After figuring out how to use this tool correctly it did not work. Output: invalid key. So there I have the one bitlocker key for the computer on one usb stick. Booting the computer with it works so it has to be the right key. “Try using the recovery key” you’d say? Wrong! Invalid key!

Solution – Windows registry

So here is the solution. You need:

  • Another Windows 7 computer (I am using Win7 Professional) with the HD of the windows machine we need to reset the passphrase of (called affected hd in the future)
Change Registry
  • Download PSTools
  • Open cmd as Administrator and start regedit with System Account Security Context: Psexec.exe –s –i regedit.exe
  • Browse to HKLM
  • Click on File -> Open Hive
  • Select SAM: <affected hd>\%windir%\system32\config\SAM
  • Select: Name of Hive -> SAM -> Domains -> Account -> User -> Names -> Administrator
  • Look at the value of the single entry and navigate to the appropriate registry Key with the same value in the parent directory
  • Edit the F Key
  • On position 0038 change “11” to “10”
  • Double check for errors before clicking OK
  • Shutdown, remove HD and insert it into the computer it belongs to
Change your account’s passwords
  • Boot computer
  • You see a new user called “Administrator”. Click it
  • Logging in takes place
  • Open Userpreferences and change your user’s passphrase
  • Logout
  • Login with your normal admin user to test if everything worked fine
  • If it did, disable Administrator again
Disable Administrator account
  • Open “lusrmgr.msc”
  • Double click on Users -> Administrator
  • Check “Disable Account”
  • Reboot
  • Check if Administrator Account is still visible
  • It isn’t? Great, you are done
  • It is? You did a mistake. Check all steps for possible errors.

These steps take only 30 minutes to accomplish. It’s easy to do. What’s difficult is finding the right path. Documentation tends to be very bad on closed source products. Especially Microsoft’s documentation available online is really really bad. If there is something Microsoft should learn from companies like Red Hat it’s how to write helpful documentation and bring it online. I really don’t care about two hundred ways to get pricey licenses for being an official Microsoft representative. I need good online documentation to avoid using bad documented tools not suitable for the job.