Solved Best business desktop?

Dru2 said:

What keys would those be? And where are they found?

Click to expand...

Gee, you don't know your BitLocker keys and where they can be found? Even the HP link that you posted in your previous post and that I repost below, says 'It is vital that you back up your BitLocker recovery key, and that you know how to retrieve it.'

And yes, I do back up my BitLocker keys (plural) and know how to retrieve them. The HP link only mentions 1 BitLocker key but there are actually 2 BitLocker keys for each installation. I have 2 installations with 4 BitLocker keys that I backed up and know how to retrieve. Actually, I have 3 back up sets of those 4 BitLocker keys ... well just imagine 12 emojis here ... not to mention the several BitLocker-on-the-go with their keys and back ups ... my goodness talk about BitLocker key management ...

Well, marne and others, just ignore

Dru2 said:

FYI, those BitLocker keys are randomly generated by the system so there's nothing to manage on your own.

Click to expand...

Haydon said:

Well, that's not quite accurate. The user does need to do key management for Standard BitLocker encryption, e.g. being able to store and retrieve the BitLocker key, at the very least. The (simplified) device encryption uses the auto-unlock feature of BitLocker and hence hides key management from the user.

Click to expand...

Dru2 said:

What keys would those be? And where are they found? Additionally, when's the last time "you" used BitLocker?

You talk about not confusing anyone, yet your post is anything but clear. And trust me, I'm far more familiar with BitLocker then you might think

Click to expand...

You're simply playing word games to avoid answering the questions. Maybe you'll impress those that don't know, but those in the know will see right through your game playing foolishness.

And yes, you obviously need to save your key if you use BitLocker. How else are you going to unlock a drive??? You game playing is akin to saying, you have to power on your PC to post in this forum to get help

Moving on.

Well, Dru2, you really don't understand BitLocker.

I am using Dell OptiPlex 9020

Haydon said:

....you really don't understand BitLocker.

Click to expand...

If you understand it so well, perhaps you could explain something for me.

I have recently seen three clean installs of Pro. One an OEM pre-installed Windows 10 Pro, as supplied by Dell from the factory. The second a clean install of Windows 11 Pro on the same machine. The third a factory reset on a different Dell using its Dell-supplied Windows 10 Pro recovery DVD. In each case the install only had a local account, so there was no Microsoft account involved at all.

In each case manage-bde -status showed 'Conversion status: used space only encrypted', 'Percentage encrypted: 100%' and 'Lock status: Unlocked'. So, my question is the same as @Dru2 asked: Where is my key? And why at no point in the clean install was I asked to save it, of even informed that Bitlocker was being used by default?

Bree said:

I have just clean installed W11 Pro using a USB made by the MCT on a laptop with Modern Standby. That too had bitlocker encrypted drives by default.

Oddly, at no time was I asked to save any key, nor did Control Panel say that bitlocker was turned on. The properties for C: however showed it was encrypted...

Click to expand...

Windows 11 encrypted my drive automatically - post #69


BTW: as I have no need or wish to be using Bitlocker I have since decrypted all the drives concerned using manage-bde -off

I still have issues as to why anybody on essentially a home computer would want to encrypt anything !!! -- provided decent security of the OS is maintained anything that adds to complexity is just another component that has potential to go wrong -- also if you do bonkers things like encrypting music files etc it just adds to overhead when you want to play / stream them.

For Home machines there's IMO far too much paranoia with "Security". WD is 100% OK for these types of machines.
For business machines or other systems where "intelectual property rights" need to be protected there might well be a case for some partial encryption of data - however seems using cloud services for this type of stuff would be far better in any case.

Being aware of latest scams and how to avoid them IMO is far more important for home users than all this "extra security" stuff which smacks to me of former Security I.T people trying to hang on to jobs no longer required in Home type environments.

Cheers
jimbo

Dru2 said:

FYI, those BitLocker keys are randomly generated by the system so there's nothing to manage on your own.

Anyway, in doing some research I found some PC vendors (example HP) enable BitLocker by default on PC's that support Modern Standby. whether Windows 10 or 11. Didn't know this before (only buy laptops, build my own desktops), but it's not surprising, especially with Windows 11.

• HP PCs - BitLocker Encryption Is Enabled by Default
• Also - Windows 10 Expert's Guide: Everything you need to know about BitLocker

Click to expand...

If and you should be using you MS account to login all you devices that have bitlocker will have keys on the MS server under your account.


Well Bitlocker is only available with the Pro versions of Windows. I purchased a HP Envy 32" All-in-One which came with Windows 10 Home. I upgrade through the MS store to Pro. Well first of all well the upgrade installed it said it was Windows Enterprise and not activated. I called MS and they gave me a generic Windows 10 Pro key. The tech said my MS account is now updated to match Pro and is activated. But after the first restart the system would boot and a screen came up asking for the Bitlocker key. I used my other PC and logged into my MS account under the my setting for the Envy and there were the Bitlocker keys. I entered and not problem since. I guess the whole issue was my MS account had to be updated and because I didn't have Bitlocker previous it was just a security check to make sure it was me.

orlbuckeye said:

If and you should be using you MS account to login all you devices that have bitlocker will have keys on the MS server under your account.

Click to expand...

Yes, that's true, I use the feature myself and have said so many times. That said, you need to make sure to choose that option

And while Home doesn't support BitLocker it does support Device Encryption:

• How to Check if Device Encryption is Supported in Windows 10
• How to Turn On or Off Device Encryption in Windows 10

jimbo45 said:

I still have issues as to why anybody on essentially a home computer would want to encrypt anything !!! -- provided decent security of the OS is maintained anything that adds to complexity is just another component that has potential to go wrong -- also if you do bonkers things like encrypting music files etc it just adds to overhead when you want to play / stream them.

For Home machines there's IMO far too much paranoia with "Security". WD is 100% OK for these types of machines.
For business machines or other systems where "intelectual property rights" need to be protected there might well be a case for some partial encryption of data - however seems using cloud services for this type of stuff would be far better in any case.

Being aware of latest scams and how to avoid them IMO is far more important for home users than all this "extra security" stuff which smacks to me of former Security I.T people trying to hang on to jobs no longer required in Home type environments.

Cheers
jimbo

Click to expand...

I have in the past encrypted personal files and folders with Veracrypt. I never had a need to encrypt the whole drive.

Bree said:

If you understand it so well, perhaps you could explain something for me.

I have recently seen three clean installs of Pro. One an OEM pre-installed Windows 10 Pro, as supplied by Dell from the factory. The second a clean install of Windows 11 Pro on the same machine. The third a factory reset on a different Dell using its Dell-supplied Windows 10 Pro recovery DVD. In each case the install only had a local account, so there was no Microsoft account involved at all.

In each case manage-bde -status showed 'Conversion status: used space only encrypted', 'Percentage encrypted: 100%' and 'Lock status: Unlocked'. So, my question is the same as @Dru2 asked: Where is my key? And why at no point in the clean install was I asked to save it, of even informed that Bitlocker was being used by default?

Windows 11 encrypted my drive automatically - post #69


BTW: as I have no need or wish to be using Bitlocker I have since decrypted all the drives concerned using manage-bde -off

Click to expand...

MS does make mistakes in this regard, perhaps the best indicator is missing pieces of documentation, on the following webpage for example. One tab of the webpage for W10 is populated, the other tab for W11 is empty.

Populated tab for W10

Empty tab for W11

MS appears to do irregular things these days so as not to do any damage.

I am not a BitLocker expert, BTW, but I have very carefully read up and discussed BitLocker (not on this forum, on a couple of other security forums) for about 6 months before turning it on on a W8.1 test machine. Turns out it was easier done than studied, in this case. I expected to do another 6 months of trials, but after another month, I turned it on on my main work computer (also W8.1 at the time) There is a LOT of misinformation by 'experts' on the net, and that can be very dangerous.

BitLocker is like a very dangerous pet tiger. If something goes wrong with BitLocker, it can be like getting hit by ransomware. So, I made precautions to not get eaten. When I upgraded to W10, I upgraded my test machine first to see if I can live with the little changes and not make habitual type of errors with BitLocker. Only after about a year of adaptation time with my test machine, did I upgrade my main work computer to W10. Moreover, I practice other safety precautions, like having 2 archives in addition to my backup. Only 1 of the 2 archives is connected to the live system at any one point in time, which is the same precaution against ransomware.

The socalled BitLocker that MS allegedly automatically activates is NOT standard BitLocker encryption. It is an emasculated version, dubbed 'device encryption'. Still, it is BitLocker technology and potentially disastrous if it malfunctions (Murphy's law) and MS is no doubt trying to prevent disasters. Maybe hiding the key and doing auto-recovery behind the scenes is one of those disaster prevention things that MS tacitly does. Maybe not rolling out open automatic activation all at once and only tacitly trying out parts of the population is what happening. Maybe only populating part of the documentation when it can be safely done, and leaving other parts of the documentation empty ...

Edit: I do buy into the value propositions of BitLocker that you can read about on pertinent MS webpages. It is even obvious that I love BitLocker, LOL. That does not mean that you have to buy into those value propositions, to each his own.

Well, maybe I can talk about one value proposition of BitLocker that I appreciate a lot. I use BitLocker-to-go (encrypted USB stick) when I am on the go. That means that you have to enter the BitLocker key if you want to access the contents of that USB stick. Except when I stick that USB stick into my main work computer, because I have auto-unlock activated for that USB stick (you would still have to unlock my main work computer, though)

Office apps like PowerPoint have a built-in capability for encryption, i.e. you can protect a PowerPoint slide deck with a password. This is where I use passphrases that I talked about in a parallel thread, i.e. a really long password made up of words (from 5 different languages) interspersed with symbols and numbers, that I can easily remember so that I don't have to access my password manager if I have to give a presentation, LOL

Should I lose that USB stick, then an attacker would have to break through 2 levels of encryption to access the content of the PowerPoint slide deck. That's one of those things that I appreciate about BitLocker.

As I said, to each his own.