I have one user who is unable to enter a bitlocker password, in that there appears to be a password already present, but the user is unable to delete this to enter the bitlocker password. They have to call the helpdesk each morning to obtain a new unlock key.
Apart from trying to reinstall Sophos, is there anything else that can be done to remedy this issue?
Thank you for reaching community forum. You can open an elevated command prompt and type manage-bde -protectors -disable c: then reboot the system. Once rebooted, type the same command but change the string from disable to enable. After the command is successfully run, reboot the system and observe. If the issue persist you need to remove the device encryption component from your central by navigating to Device and selecting "Manage Endpoint Software" It will show the list of all devices where Intercept X is installed as well as device encryption. Search for the hostname for your current device and remove device encryption. This process will uninstall the Device encryption component on your endpoint but not the whole endpoint software. On the endpoint side, proceeds with performing manual update and wait for the component to be uninstalled. Once done, You may proceed with Clearing the TPM on the system by following this MS documentation on how to clear TPM. Once cleared you can push Device encryption back to the endpoint machine and check for the status.
Thanks for the reply and command. I have tried disabling encryption with that command and it worked perfectly. However, upon rebooting and re-enabling encryption, the same thing is happening. When the bitlocker screen appears, it looks like some phantom is entering the bitlocker password, and then the actual end user is unable to delete this.
I will now try to completely reinstall Sophos to see if that works.
Thank you for getting back to us. I believe re-installing the endpoint is quite overboard. You can just uninstall the Device Encryption Component through your central dashboard, clear TPM, then installs it back and see for the status.
Thanks for the great tip and prompt response! Sometimes, I don't have the luxury to try out a range of possible solutions, and often, starting from scratch is the quickest way. However, I'll try your suggestion, appreciated.
Thanks again, I will report back when I had another chance to jump on the problematic laptop.
Sure thing :) Let us know if this works or not if you're able to perform it.