I have a company laptop, whose one and only hard drive was encrypted with Bitlocker. I have tendered my resignation with that company and they immediately used the remote security policy to lockout my logon account. I would prefer to wipe the drive myself before returning the laptop to my employers, just because I'm paranoid. I suppose I could take the drive out and slave it to my personal PC to reformat it, but that would require buying a cable to do so and I'd rather not if there's a way to do it from the laptop in question.

The facts:

  • I don't care about accessing anything on the disk; Just want to wipe it all
  • When I changed any boot option (such as allowing the CD to boot before the HDD, to use Boot-and-Nuke), the TPM locked me out.
  • I can get to the Win 7 prompt but have no local users with which to login
  • Disabling the TPM tells me Windows can't be started (instead of showing me a garbage disk as I expected)
  • I thought using the "Clear TPM keys" option in the Dell BIOS would trash the data (making it unusable and wipe-able), but I can still boot to Win7 after doing so.
  • I reformatted and gave away the external drive that had what I believe to be the only BitLocker recovery key on it.

I understand that Bitlocker is totally working as intended by not allowing me to both boot the drive and also get a command prompt or the like, but I'm looking for a way to get to a command prompt (or boot from CD) WITHOUT booting the HDD so that I can kill all the data on it. Any ideas? Thanks!

FOR THOSE CONCERNED: I'm not sure what repressive employers some of you have worked for, but my company trusts me enough to wipe a drive before sending my laptop through the mail. It is in fact company policy to do so because any data related to a past project that may be on the drive is subject to nondisclosure and sometimes security-clearance restrictions.

  • 1
    So, you cannot boot from a CD?
    – iglvzx
    Commented Mar 13, 2012 at 1:12
  • Correct, the current boot order (the one verified by TPM) is Floppy, HDD, CD, USB. If I change this, the TPM security fails and I can't boot to either HDD or CD. I suppose I could buy a floppy drive, but I might as well buy a cable to slave this drive to my home PC. Commented Mar 13, 2012 at 1:46
  • by the way, I just re-read the whole post and think it's worth to ask: when you disable TPM you still cannot change boot order or have boot selection menu?? Check the manual for the laptop, sometimes there is a separate key for boot selection, without need to change BIOS settings.
    – Alex
    Commented Mar 13, 2012 at 2:05
  • 3
    If your former employer intended for you to wipe the drive, they would have given you the tools, training, and access to do so. As it is, the data is effectively as safe now as if it were not there at all - it will only be easily recoverable by your former employer who still retains all rights to the data. If it is indeed company policy for you to wipe your own data, you should be asking your former employer how to do so - not some random Internet site.
    – Iszi
    Commented Mar 13, 2012 at 2:37
  • 1
    take the laptop apart seems more doable than booting from a nonexistent floppy drive.
    – Warren P
    Commented Mar 13, 2012 at 2:54

4 Answers 4


As you stated, this laptop is NOT your personal property. All data located on the hard drive is property of your former employer. Wiping the hard drive could be construed as vandalism or destruction of property. You could land in legal trouble by doing this.

  • Interesting point Commented Mar 13, 2012 at 1:36
  • If the disk is encrypted and you manage to write random data on it (either to all of disk or to selective parts like one where the key is stored) -- no forensic expert with triple PhD will be able to prove that you did it on purpose. Hence the legal warning above is completely irrelevant. For a non-encrtypted disk the story could be different...
    – Alex
    Commented Mar 13, 2012 at 2:02
  • 1
    I'm sorry that you are misunderstanding here, but when one works on a government security-clearance project, it is not the case that coworkers of that cleared individual can also see the data in question. I have worked on these projects and have had coworkers of mine fired for allowing their teammates, even ones on the same project and currently going through the clearance process, to access protected data. Commented Mar 14, 2012 at 1:43

My advice to people in this situation is to use a second PC, and buy the cable if necessary. Simpler for sure, and probably quicker and cheaper when you factor in research time.

Somehow I had it in my head that the drive in question was IDE (for which I didn't have a cable or enclosure handy), when in fact it was SATA (for which I did). So, slaving it to a different computer allowed me to remove the partitions from the drive.

  • From Start -> Run, type "MMC" to open the Management Console.
  • Add a snap-in (Ctrl-M) for "Disk Management"
  • Enter the snap-in from the console and right-click the partitions in question
  • Choose "Delete Volume" and quick-reformat it to NTFS
  • After the reformat, the Bitlocked PC will go to the next boot option in your list, which for me was CD.

Without those partition records (whose removal doesn't affect the data within the partitions), the original laptop in question could be booted from CD and wiped.

What I was hoping for in this question was the manufacturer-approved order of operations for booting to a CD instead of decrypting the drive, but no one here could manage that. While there may be a proper way to do this (Dell's website and online manuals turned up nothing), the research or waiting would take longer than to simply slave the encrypted drive to another PC and wipe it from there.


You'll find that connecting the drive to a different computer is simpler than you think.

Assuming all drives are SATA, you could just exchange the hard drive in the second computer with the one from your laptop. You don't even have to screw it in, and likely you can just unplug the old one and move the cables temporarily.

Then you could boot any live dvd and overwrite the disk.


If a disk is encrypted using BitLocker, all that is needed is to delete the encryption key. Any remaining content is unreadable.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .