Were piloting Windows 7 for 50 users and I applied bitlocker during machine installation. Password recovery keys are written in AD fine. Bitlocker advanced tools are not installed. The problem is that some of users have been reporting that bitlocker sometimes requires recovery password during the startup. I know theoretically, why this usually happends but is there any way to track down the real reason for bitlocker requiring recovery password? Another question - is there anyway to provide user rights to suspend and decrypt the system drive?

Try the steps here: 1. Suspend Bitlocker drive encryption by typing "manage-bde -protectors -disable c: from an elevated command prompt. 2. Go into the BIOS and change the Boot Order so the OS HDD is first in the list. By default from most hardware vendors, the HDD is not the first boot device. If you have a laptop with a docking station, make sure that it is plugged into the docking station, in order to make sure that the external devices presented by the docking station are present in BIOS. 3. Boot into the Operating System and run "manage-bde -protectors -enable c:" For more information, please refer to: http://blogs.technet.com/b/askcore/archive/2010/08/04/issues-resulting-in-bitlocker-recovery-mode-and-their-resolution.aspx Regards, MiyaMiya Yao TechNet Community Support

Thanks! To prevent all the bitlocker recovery password requests, I think that I need to: - disable USB as a boot device in bios - set system hdd to a first boot device We had an intresting case going on, where users complained about bitlocker recovery password request after they plug-in a desktop printer. It turned out, that this pronter had a build-in memory with driver included, and a our Win7 laptops actually tried to boot from it while system startup.

Thanks! To prevent all the bitlocker recovery password requests, I think that I need to: - disable USB as a boot device in bios - set system hdd to a first boot device We had an intresting case going on, where users complained about bitlocker recovery password request after they plug-in a desktop printer. It turned out, that this pronter had a build-in memory with driver included, and a our Win7 laptops actually tried to boot from it while system startup.

Is there any way to dig up the real reason for Bitlocker asking recovery password through some logs? I need to see a real cause, what device had launched the bitlocker to go for recovery mode.

Is there any way to dig up the real reason for Bitlocker asking recovery password through some logs? I need to see a real cause, what device had launched the bitlocker to go for recovery mode.