@mark12: "It sound like perhaps bitlocker just encrypts one small part of the NTFS file system to stop you reading files"
No, all the disk is fully encrypted. What's happening is that they normally have a "main" key for the disk which itself is always encrypted by another key - Usually one somehow derived from your password. Which is the reason you can change your password so easily without reprocessing the whole of the disk volume.
All Microsoft have to do is temporarily encrypt the "main" key with a "known" (to their software that is) key instead, and flag they did that, and the disk will be accessible without any passwords. They call this a "Clear Key". They would also have a copy of the normally used encrypted copy of the key to put back or enable when their clear "period" has ended.
I've been writing quite similar stuff professionally for nearly 18 years, so I know how it works - I hope!
Biting the hand that feeds IT
