-1

I'm supporting a user whose company went bust and was allowed to keep his laptop. He has a domain user account which he can login to and has been using his computer fine. But he needs to gain admin access in order to properly use the computer which includes licensed software. As the company has gone there is no chance of getting it done by them and a wipe will lose his access to the software.

The computer is bitlocker-protected so I can't attempt the usual password resets without the recovery key. Is there any way to export the recovery key without admin access? Or to elevate to admin?

Lenovo, Windows 8.1 Enterprise

Improve this question
9
  • “Is there any way to export the recovery key without admin access?” - Far easier to just disable BitLocker than export the key, and exporting the key, wouldn’t let you do anything unless you have the recovery key. The key used to encrypt the files and the recovery key are two entirely different things. Is there a reason you don’t just reinstall Windows?
    – Ramhound
    Commented Jul 11, 2023 at 17:08
  • 1
    @Ramhound Reason: free software ;) Also, won't an Enterprise Win install eventually time out without being able to phone the mothership domain controller?
    – Tetsujin
    Commented Jul 11, 2023 at 17:15
  • @Ramhound don't think you can deactivate bitlocker as non-admin.
    – LPChip
    Commented Jul 11, 2023 at 17:29
  • Keeping Win8 is a dead end, anyway. What software would be worth the trouble to keep? If it were MS Office, there's free LinreOffice and OpenOffice. If it were an Oracle DB, that's available free for developer... usw.
    – DrMoishe Pippik
    Commented Jul 11, 2023 at 18:16
  • @Ramhound If I could disable bitlocker then that does the same thing. So can you disable bitlocker without admin access?
    – saltedcaramel
    Commented Jul 11, 2023 at 19:36

1 Answer 1

Reset to default
0

1st make sure that Bitlocker is used with a TPM at all (in transparent mode or with PIN entry). If it is not, but you use a Bitlocker password, becoming admin is easy: you may mount the drive offline from a booted windows setup and its command line with manage-bde.exe and modify its registry - in that case, please ask for details. But if a TPM is being used, which I assume, you would need to abuse an unpatched security hole in order to gain admin privileges and then you will not only be able to retrieve the recovery key or Bitlocker, but modify the admin group membership as well. If you don't find such a hole, you would need to do so-called TPM-sniffing or perform a cold-boot-attack against the Bitlocker key.

Improve this answer
1
  • Thanks. It's a Lenovo business laptop so I'm fairly sure TPM will be on. It sounds to me at this point the best option is to for the user to either keep it as-is and suck up the issues they're having, or get me to wipe and fresh-install the computer, as I don't think they'll want to pay me the time to thoroughly investigate and run a security hole attack if there's not an easy straightforward one for me to use.
    – saltedcaramel
    Commented Jul 28, 2023 at 14:09

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .