This document will outline the steps needed to unlock an MBAM BitLocker encrypted system without a TPM chip and without the end user there to input their password.

  1. Systems without a TPM chip require the end-user or admin that is setting up the computer to set a password before encrypting the drive.  That password is then required in order to boot the system into Windows.If that end-user or admin is not available to enter that password, you can still unlock the system by using the MBAM helpdesk portal.  On the password screen press the ESC key to get to the recovery screen.

  2. On the BitLocker Recovery screen take note of the Recovery Key ID.

  3. On a different computer open up a web browser, go to and login to the helpdesk portal.  Note:  if you cannot access this page contact to request access.

  4. Click on Drive Recovery in the left hand pane.

  5. Type in the first eight characters of the Recovery Key ID from step 2, select a reason for recovery from the drop down box (Lost Passphrase) and click Submit.  Note:  You do not need to fill in the "User Domain" or "User ID" fields.  Filling them in could result in not finding the recovery key for that system.

  6. The Drive Recovery Key will appear below the Key ID.Enter this 48 digit key into the recovery key box from step 2 on the locked computer.

  7. Once the system is unlocked, make sure that the computer is connected to the University of Iowa’s network and login so the new recovery key can be escrowed to the U of I MBAM server.

Article number: 
Last updated: 
September 17, 2021