GTi14 Ultra 185H users -- Bitlocker Identifier might not be unique

scdang

I just found out that when I had my Beelink GTi14 Ultra 185H replaced under warranty, the main drive has exactly the same Bitlocker identifier as my previous unit’s SSD, which I was allowed to hold onto before shipping the unit back to Beelink.

I discovered this when my replacement computer crashed today from a recent windows driver update. After a couple of failed boots, the computer went into Automatic Repair. The first screen that appeared was asking for a bitlocker recovery key for the main drive. I thought I might have saved it somewhere and searched my google drive. I found the a recovery key text file but it was for the previous computer (based on the date the file was created, in Dec31, 2024). I had recieved my replacement unit on Jan 22, 2025. Anyway the bitlocker identifier matched exactly, and when I punched in the recovery key it proceeded to let me repair windows and remove/revert the latest update.

This should have never happened as drive images are generally deployed in a manner that only activates Windows afterwards, thus generating a unique Bitlocker identifier.

So all of this has me wondering if they used a drive image that already had Bitlocker on it and deployed that image to across multiple units. Please check your bitlocker identifier for your main drive (a Crucial P3 Plus M.2 2280 NVMe SSD) and tell me if it matches mine:
C8DFEA7D-9E0A-449E-9B0C-2DA92C291031

Maybe I’m just going insane.

Beelink CS-George

scdang Thank you for your feedback. Normally, pre-installed systems do not have BitLocker encryption enabled by default, so the “bulk deployment of encrypted images” situation you mentioned should not occur.

The issue you encountered is because you logged into the same Microsoft account on both machines. Windows’ BitLocker synchronization mechanism linked the recovery key from the old machine to the new machine, allowing the old key to unlock the new machine’s system.

To ensure the security of your data on your new machine, please reset BitLocker by following these steps:

Back up all important data.
In Control Panel, find “BitLocker Drive Encryption” and select “Turn off BitLocker” for the system drive.
After decryption, click “Turn on BitLocker” again. The system will generate a new identifier and recovery key that are only bound to this machine.
Please save the new recovery key to a safe location and confirm that the old key has expired.

scdang

I agree, yes normally this shouldn’t be the case, as I would expect any pc manufacturer, which is why I’m so surprised.

But actually, I never sign into a Microsoft account on any of my machines, including my replacement unit in any situation that called for it.. I strictly avoid this and use only local-only accounts and have avoided ever signing into a Microsoft for any account for any reason. I only have two accounts, my user account and the admin account which I only use to administer security updates.

As you can see my windows installation on my replacement pc has no Microsoft account linked:
Image description

scdang

Here’s proof my replacement PC was having shipped on Jan 15, 2025:
Image description

And here’s proof my Bitlocker recovery key text file for my previous pc was backed up prior to me returning the first machine, and uploaded to my Google Drive on December 31, 2024 before my replacement pc was shipped:
Image description

And here is the current drive in my replacement pc: Note the numerical password matches the filename of the backup key above:
Image description

So it boggled my mind a bit how this is possible. The only thing I could think of was that the disk image that was deployed onto the units had bitlocker already enabled. I am curious to see if any other users that have the same pc (from the same batch of GTi14’s) have the same Bitlocker key.

ps. As I mentioned in my first post, had retained the SSD in my original beelink before sending back to Beelink for replacement. Unfortunately I have since formatted and repurposed it as a temporary backup drive, so I’m not able to compare them side by side. Anyway, thank you for the fix, it’s quite simple.. I was really just calling this out and seeing if there was a mistake made on Beelink’s part.

Beelink CS-George

scdang Thank you very much for your detailed feedback and evidence; we understand your concerns.

Please rest assured that all our devices are shipped with BitLocker encryption disabled by default, and we never use pre-encrypted system images for bulk deployment. Each new device should generate its own unique BitLocker identifier and recovery key.

Regarding your situation, we have investigated and found it to be an isolated case, not part of our standard procedure. You can follow the steps we previously provided to reset BitLocker on the new device. The system will generate a completely new recovery key that is uniquely bound to the current device, completely eliminating the security risk.

Please rest assured that your data security is our top priority. If you have any further questions, please feel free to contact us.

scdang

alright.. thanks, I’m guessing it’s probably not possible then, and that I must have done something to cause my system to pick up the previous bitlocker key. I just don’t see how it can happen on your end..

Thanks again, it’s not a big issue then.

All the best,
Scott

Beelink CS-George

scdang Have a nice day！