Unlocking Windows 11 Laptop

troydhector8941 · 2025-05-02T16:27:24.421Z

Good morning. I have a client whose husband passed away recently. She doesn’t know his laptop password. I have had numerous conversations with her to try and identify possible passwords, etc., all to no avail. I have reviewed the laptop; it is encrypted with BitLocker. The account is a Microsoft account. I have not had any success in unlocking it. Any ideas/suggestions are greatly appreciated.

Brandon5072 · 2025-05-02T16:48:49.217Z

Try to get into the Microsoft from another device / reset password and such. See if the bitlocker keys are stored in account online; I have found they usually are. You can now start working with ways to get access to the drive.

Rod-IT · 2025-05-02T16:59:32.126Z

This is one of the biggest issues Microsoft don’t seem to be interested in.

Do you at least know the Bitlocker PIN?

If you know the Bitlocker PIN and can get to a windows prompt, you can reboot in to a Hirens CD, open a command prompt and unlock the drive.

manage-bde -unlock X: -pin YOUR-PIN

Once the drive is unlocked, you can use the tools on the Hirens media to create a new, local admin.

While this wont reset the other account password, it will at least let you get at the files on the drive under that profile.

edt · 2025-05-03T15:35:18.660Z

That’s the thing about bitlocker; the entire point is that it is intended to prevent people from unlocking it who don’t have the PIN.

If it were that easy to unlock it, then it would be a waste of time.

matt7863 · 2025-05-09T10:14:19.030Z

Brandon5072:

Try to get into the Microsoft from another device / reset password and such

This is the only viable answer.
Reset the Microsoft account password. Hopefully the client has access to phone, other device etc or the recovery email account etc.

Everyone learn this lesson (assuming you trust your partner) - set them as the recovery address, print out your recovery codes etc and lock them away.
I realised the other year that without access to my email most things would be very difficult if I were dead or incapacitated. Whilst my wife has legal powers most organizations (here in UK at least) are actually not setup to deal with this.
It took me 6 months to deal with a utility company when dealing with an estate issue that could have been done in hours if I had access to the deceased email !

Quest-John · 2025-05-09T15:37:25.213Z

This is why every device, even personal laptops, should have 3 local accounts that are members of the local Administrators group.

Zlatko4333 · 2025-05-12T06:14:38.847Z

You can use the Utilman.exe Trick to get a local Administrator account:
https://www.top-password.com/blog/reset-forgotten-windows-11-password-with-utilman/

edt · 2025-05-12T15:37:41.898Z

That presumes being able to boot from removable media and unlock the Bitlockered drive.

Kearawill · 2025-05-23T05:14:43.622Z

Since the laptop is encrypted with BitLocker and tied to a Microsoft account, there are only a few legitimate paths forward:

Check for the BitLocker Recovery Key
The recovery key is often backed up to the deceased’s Microsoft account. If your client can access his email or other devices he used with that account, she may be able to retrieve the key from https://account.microsoft.com/devices/recoverykey.
Contact Microsoft Support
If she has legal rights (such as being the executor of his estate), Microsoft may assist with account recovery. She will need to provide documentation (like a death certificate) and proof of ownership.
No Key = No Access
Unfortunately, if BitLocker is enabled and the recovery key isn’t available, there is no way to access the data. BitLocker encryption is very secure by design.
Data Recovery Alternatives
If she only needs certain files and not access to the OS, a forensic data recovery service may be an option — but they still need the recovery key to decrypt the drive.

fr0thgar · 2025-05-23T11:56:52.038Z

I dunno if it is possible but if you can get a CM as admin up I’ve recently had to unlock my C: from bitlocker with “manage-bde -off C:” again i dunno if it helps but i thought I’d suggest it

manage-bde[.exe] -parameter [arguments]

Description:
Configures BitLocker Drive Encryption on disk volumes.

Parameter List:
-status Provides information about BitLocker-capable volumes.
-on Encrypts the volume and turns BitLocker protection on.
-off Decrypts the volume and turns BitLocker protection off.
-pause Pauses encryption, decryption, or free space wipe.
-resume Resumes encryption, decryption, or free space wipe.
-lock Prevents access to BitLocker-encrypted data.
-unlock Allows access to BitLocker-encrypted data.
-autounlock Manages automatic unlocking of data volumes.
-protectors Manages protection methods for the encryption key.
-SetIdentifier or -si
Configures the identification field for a volume.
-ForceRecovery or -fr
Forces a BitLocker-protected OS to recover on restarts.
-changepassword
Modifies password for a data volume.
-changepin Modifies PIN for a volume.
-changekey Modifies startup key for a volume.
-KeyPackage or -kp
Generates a key package for a volume.
-upgrade Upgrades the BitLocker version.
-WipeFreeSpace or -w
Wipes the free space on the volume.
-ComputerName or -cn
Runs on another computer. Examples: “ComputerX”, “127.0.0.1”
-? or /? Displays brief help. Example: “-ParameterSet -?”
-Help or -h Displays complete help. Example: “-ParameterSet -h”

Examples:
manage-bde -status
manage-bde -on C: -RecoveryPassword -RecoveryKey F:
manage-bde -unlock E: -RecoveryKey F:\84E151C1…7A62067A512.bek