Reformatting a locked Surface Pro 4

[Meatball]

My friend has managed to completely lock himself out of his Surface Pro 4:

- It's locked with Bitlocker but we don't have the decryption key and it's not stored with his Microsoft account
- He doesn't remember the pin
- We can access the Microsoft account he used with it but the tablet won't accept the password "you cannot sign into this device right now." It has an active internet connection and the password is 100% correct. We've tried the onscreen and attachable keyboard.
- it won't boot from a USB stick he was sent by Microsoft. I've tried holding the volume down key on power up but it just won't boot. I've also tried booting it via the recovery menu.

Is the device effectively a £1200 paperweight? I can't do ANYTHING without the Bitlocker key which we don't have. Every recovery option I have tried required this key.

I can't even reformat it and start again as it just won't boot to USB (I'm assuming because the drive is locked)

 

[deuse]

This may help https://www.niallbrady.com/2012/08/28/how-can-i-retrieve-my-bitlocker-recovery-key/

edit=maybe not

 

[Meatball]

I'm all out of ideas with it. It's like an iCloud locked iPhone I can't do anything with it!

 

[flying grouse]

don't see why its not in his account
http://www.top-password.com/blog/recover-bitlocker-recovery-key-for-surface-pro/

 

[Rroff]

On my tablet bitlocker key backup isn't working properly I guess I should turn it off really as there doesn't seem to be a way to fix it.

 

[ED209]

have you tried this link? there is one there to get the recovery key?

https://support.microsoft.com/en-gb...b-aa71c00ea55e/find-my-bitlocker-recovery-key

not too sure if it helps or something you tried already.

 

[Django x2]

My friend has managed to completely lock himself out of his Surface Pro 4:

- We can access the Microsoft account he used with it but the tablet won't accept the password "you cannot sign into this device right now." It has an active internet connection and the password is 100% correct. We've tried the onscreen and attachable keyboard.

Can you elaborate on this, if you can't get passed BL, how are you getting to the point of putting in a password?

It sounds like the TPM is now locked out. How has he forgotten the PIN? For TPM lockout reset, you need to leave it powered up for at least 24 hours and ideally don't let it sleep or hibernate.

There's a big issue with Windows 10 at the minute in that the TPM owner password is no longer stored or escrowed away from the device, it's purged at first boot.

Have you tried suspending bitlocker from the recovery console or does it ask for the owner pass?

 

[Meatball]

have you tried this link? there is one there to get the recovery key?

https://support.microsoft.com/en-gb...b-aa71c00ea55e/find-my-bitlocker-recovery-key

not too sure if it helps or something you tried already.

We've already tried this, it's not stored and he hasn't made a note of any key .

Can you elaborate on this, if you can't get passed BL, how are you getting to the point of putting in a password?

It sounds like the TPM is now locked out. How has he forgotten the PIN? For TPM lockout reset, you need to leave it powered up for at least 24 hours and ideally don't let it sleep or hibernate.

There's a big issue with Windows 10 at the minute in that the TPM owner password is no longer stored or escrowed away from the device, it's purged at first boot.

Have you tried suspending bitlocker from the recovery console or does it ask for the owner pass?

We get to the sign-in screen and it won't accept his current Microsoft account password. It's definitely the right password as we can sign-in online with it. We've tried entering the previous password and changed it to a new password which it won't accept either.

He doesn't remember setting a pin although he must have done as he was using Windows Hello.

I can't do any recovery options (reset, revert) as it asks for the BL key. I assume it won't boot from the USB installer supplied from Microsoft as its BL locked.

 

[andshrew]

Have you tried temporarily turning off the TPM from the UEFI.... or does it ask for they key to do that?

You turn it off in the Security section of the UEFI.

 

[Django x2]

Hold on, you get to the sign in screen, so you get past the BitLocker PIN entry screen on boot?

But it's at the sign in that it won't accept his password?

 

[opethdisciple]

You want to get in to the device or you don't mind reformatting it?

Can you not create a bootable usb key and reformat the device?

 

[pcfarrar]

Just boot from a Windows 10 install USB and reinstall/format it. It doesn't matter that it has bitlocker on you can just format the drive in the windows installer.

 

[Django x2]

Guys, It's an SP4 with UEFI and it's bitlockered, which means safe boot is enabled, which means no USB. You could PXE boot, possibly, but that is only going to present you with the same options, but might let a fresh copy of Windows install.

 

[pcfarrar]

It doesn't matter about UEFI and Bitlocker with a Windows 10 USB installer. Create a Windows 10 install USB using the media creation tool.

https://www.microsoft.com/en-gb/software-download/windows10

Then on the Surface 4 hold down the volume up button and press and release the power button when switching on. Once in the BIOS change the boot config so USB is first.

Then power down, insert the USB installer, press and hold the volume down button on surface. Whilst holding the button press and release the power button. It will then boot from the Windows 10 USB installer.

 

[Django x2]

Except the tool you are telling him to use won't work on UEFI systems. Rufus will.

 

[pcfarrar]

Except the tool you are telling him to use won't work on UEFI systems. Rufus will.

The windows 10 media creation tool creates a UEFI compliant USB installer. I've used it on surface pros myself and it works fine.

 

[Django x2]

Oh, they must have just changed it then. As of December 2016, it didn't and you had to use an alternative. Either way, it won't work in this case, but I'm happy to see if it does. I still don't understand what the issue is if the OP can get passed the BitLocker PIN to the login screen. Surely simply using the built in recovery partition is just as viable if that's the case

 

[Meatball]

We were supplied a Windows 10 installer from Microsoft. I've tried to boot from it using the volume down button and selecting it as the first boot device in the UEFI but it won't boot to it. I could try making another one.

 

[Skynet5]

I've never seen my sp4 ask for a PIN.

But if you download the media from MS and plug it in and press some buttons on boot you can just reformat.

I didn't actually think you could get it to prompt for a PIN on the Sp4

 

[Django x2]

I've never seen my sp4 ask for a PIN.

But if you download the media from MS and plug it in and press some buttons on boot you can just reformat.

I didn't actually think you could get it to prompt for a PIN on the Sp4

It's BitLocker. Entering a PIN is one of the protectors you can specify when setting it up (or enable via group or local policy)

@Meatball, can you confirm you know the PIN, as you say you can get to the logon screen