Gee, you don't know your BitLocker keys and where they can be found? Even the HP link that you posted in your previous post and that I repost below, says 'It is vital that you back up your BitLocker recovery key, and that you know how to retrieve it.'
BitLocker Encryption is enabled, by default, on computers that support #NEW#Modern Standby#NEW#. This is true regardless of the Windows 10 version (Home,Pro, etc.) is installed.
support.hp.com
And yes, I do back up my BitLocker keys (plural) and know how to retrieve them. The HP link only mentions 1 BitLocker key but there are actually 2 BitLocker keys for each installation. I have 2 installations with 4 BitLocker keys that I backed up and know how to retrieve. Actually, I have 3 back up sets of those 4 BitLocker keys ... well just imagine 12 emojis here ... not to mention the several BitLocker-on-the-go with their keys and back ups ... my goodness talk about BitLocker key management ...
Well, that's not quite accurate. The user does need to do key management for Standard BitLocker encryption, e.g. being able to store and retrieve the BitLocker key, at the very least. The (simplified) device encryption uses the auto-unlock feature of BitLocker and hence hides key management from the user.
You're simply playing word games to avoid answering the questions. Maybe you'll impress those that don't know, but those in the know will see right through your game playing foolishness.
And yes, you obviously need to save your key if you use BitLocker. How else are you going to unlock a drive??? You game playing is akin to saying, you have to power on your PC to post in this forum to get help
If you understand it so well, perhaps you could explain something for me.
I have recently seen three clean installs of Pro. One an OEM pre-installed Windows 10 Pro, as supplied by Dell from the factory. The second a clean install of Windows 11 Pro on the same machine. The third a factory reset on a different Dell using its Dell-supplied Windows 10 Pro recovery DVD. In each case the install only had a local account, so there was no Microsoft account involved at all.
In each case manage-bde -status showed 'Conversion status: used space only encrypted', 'Percentage encrypted: 100%' and 'Lock status: Unlocked'. So, my question is the same as @Dru2 asked: Where is my key? And why at no point in the clean install was I asked to save it, of even informed that Bitlocker was being used by default?
Bree said:
I have just clean installed W11 Pro using a USB made by the MCT on a laptop with Modern Standby. That too had bitlocker encrypted drives by default.
Oddly, at no time was I asked to save any key, nor did Control Panel say that bitlocker was turned on. The properties for C: however showed it was encrypted...
1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
Hard Drives
1TB Samsung EVO 870 SSD
Internet Speed
50 Mbps
Browser
Edge, Firefox
Antivirus
Defender
Other Info
fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October 2021 it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update, and 24H2 on 3rd October 2024 through Windows Update by setting the Target Release Version for 24H2.
My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro.
My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.
My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus Insider Beta, Dev, and Canary builds (and a few others) as a native boot .vhdx.
My SYSTEM SIX is a Dell Latitude 5550, Core Ultra 7 165H, 64GB RAM, 1TB NVMe SSD, supported device, Windows 11 Pro 24H2, Hyper-V host machine.
Operating System
Windows 11 Pro
Computer type
Laptop
Manufacturer/Model
Dell Latitude E4310
CPU
Intel® Core™ i5-520M
Motherboard
0T6M8G
Memory
8GB
Graphics card(s)
(integrated graphics) Intel HD Graphics
Screen Resolution
1366x768
Hard Drives
500GB Crucial MX500 SSD
Browser
Firefox, Edge
Antivirus
Defender
Other Info
unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package. In-place upgrade to 24H2 using hybrid 23H2/24H2 install media. Also running Insider Beta, Dev, and Canary builds as a native boot .vhdx.
My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro.
My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.
My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus Insider Beta, Dev, and Canary builds (and a few others) as a native boot .vhdx.
My SYSTEM SIX is a Dell Latitude 5550, Core Ultra 7 165H, 64GB RAM, 1TB NVMe SSD, supported device, Windows 11 Pro 24H2, Hyper-V host machine.
I still have issues as to why anybody on essentially a home computer would want to encrypt anything !!! -- provided decent security of the OS is maintained anything that adds to complexity is just another component that has potential to go wrong -- also if you do bonkers things like encrypting music files etc it just adds to overhead when you want to play / stream them.
For Home machines there's IMO far too much paranoia with "Security". WD is 100% OK for these types of machines.
For business machines or other systems where "intelectual property rights" need to be protected there might well be a case for some partial encryption of data - however seems using cloud services for this type of stuff would be far better in any case.
Being aware of latest scams and how to avoid them IMO is far more important for home users than all this "extra security" stuff which smacks to me of former Security I.T people trying to hang on to jobs no longer required in Home type environments.
FYI, those BitLocker keys are randomly generated by the system so there's nothing to manage on your own.
Anyway, in doing some research I found some PC vendors (example HP) enable BitLocker by default on PC's that support Modern Standby. whether Windows 10 or 11. Didn't know this before (only buy laptops, build my own desktops), but it's not surprising, especially with Windows 11.
If and you should be using you MS account to login all you devices that have bitlocker will have keys on the MS server under your account.
Well Bitlocker is only available with the Pro versions of Windows. I purchased a HP Envy 32" All-in-One which came with Windows 10 Home. I upgrade through the MS store to Pro. Well first of all well the upgrade installed it said it was Windows Enterprise and not activated. I called MS and they gave me a generic Windows 10 Pro key. The tech said my MS account is now updated to match Pro and is activated. But after the first restart the system would boot and a screen came up asking for the Bitlocker key. I used my other PC and logged into my MS account under the my setting for the Envy and there were the Bitlocker keys. I entered and not problem since. I guess the whole issue was my MS account had to be updated and because I didn't have Bitlocker previous it was just a security check to make sure it was me.
I still have issues as to why anybody on essentially a home computer would want to encrypt anything !!! -- provided decent security of the OS is maintained anything that adds to complexity is just another component that has potential to go wrong -- also if you do bonkers things like encrypting music files etc it just adds to overhead when you want to play / stream them.
For Home machines there's IMO far too much paranoia with "Security". WD is 100% OK for these types of machines.
For business machines or other systems where "intelectual property rights" need to be protected there might well be a case for some partial encryption of data - however seems using cloud services for this type of stuff would be far better in any case.
Being aware of latest scams and how to avoid them IMO is far more important for home users than all this "extra security" stuff which smacks to me of former Security I.T people trying to hang on to jobs no longer required in Home type environments.
If you understand it so well, perhaps you could explain something for me.
I have recently seen three clean installs of Pro. One an OEM pre-installed Windows 10 Pro, as supplied by Dell from the factory. The second a clean install of Windows 11 Pro on the same machine. The third a factory reset on a different Dell using its Dell-supplied Windows 10 Pro recovery DVD. In each case the install only had a local account, so there was no Microsoft account involved at all.
In each case manage-bde -status showed 'Conversion status: used space only encrypted', 'Percentage encrypted: 100%' and 'Lock status: Unlocked'. So, my question is the same as @Dru2 asked: Where is my key? And why at no point in the clean install was I asked to save it, of even informed that Bitlocker was being used by default?
MS does make mistakes in this regard, perhaps the best indicator is missing pieces of documentation, on the following webpage for example. One tab of the webpage for W10 is populated, the other tab for W11 is empty.
Learn about BitLocker Device Encryption in Windows and how to enable it.
support.microsoft.com
MS appears to do irregular things these days so as not to do any damage.
I am not a BitLocker expert, BTW, but I have very carefully read up and discussed BitLocker (not on this forum, on a couple of other security forums) for about 6 months before turning it on on a W8.1 test machine. Turns out it was easier done than studied, in this case. I expected to do another 6 months of trials, but after another month, I turned it on on my main work computer (also W8.1 at the time) There is a LOT of misinformation by 'experts' on the net, and that can be very dangerous.
BitLocker is like a very dangerous pet tiger. If something goes wrong with BitLocker, it can be like getting hit by ransomware. So, I made precautions to not get eaten. When I upgraded to W10, I upgraded my test machine first to see if I can live with the little changes and not make habitual type of errors with BitLocker. Only after about a year of adaptation time with my test machine, did I upgrade my main work computer to W10. Moreover, I practice other safety precautions, like having 2 archives in addition to my backup. Only 1 of the 2 archives is connected to the live system at any one point in time, which is the same precaution against ransomware.
The socalled BitLocker that MS allegedly automatically activates is NOT standard BitLocker encryption. It is an emasculated version, dubbed 'device encryption'. Still, it is BitLocker technology and potentially disastrous if it malfunctions (Murphy's law) and MS is no doubt trying to prevent disasters. Maybe hiding the key and doing auto-recovery behind the scenes is one of those disaster prevention things that MS tacitly does. Maybe not rolling out open automatic activation all at once and only tacitly trying out parts of the population is what happening. Maybe only populating part of the documentation when it can be safely done, and leaving other parts of the documentation empty ...
Edit: I do buy into the value propositions of BitLocker that you can read about on pertinent MS webpages. It is even obvious that I love BitLocker, LOL. That does not mean that you have to buy into those value propositions, to each his own.
Well, maybe I can talk about one value proposition of BitLocker that I appreciate a lot. I use BitLocker-to-go (encrypted USB stick) when I am on the go. That means that you have to enter the BitLocker key if you want to access the contents of that USB stick. Except when I stick that USB stick into my main work computer, because I have auto-unlock activated for that USB stick (you would still have to unlock my main work computer, though)
Office apps like PowerPoint have a built-in capability for encryption, i.e. you can protect a PowerPoint slide deck with a password. This is where I use passphrases that I talked about in a parallel thread, i.e. a really long password made up of words (from 5 different languages) interspersed with symbols and numbers, that I can easily remember so that I don't have to access my password manager if I have to give a presentation, LOL
Should I lose that USB stick, then an attacker would have to break through 2 levels of encryption to access the content of the PowerPoint slide deck. That's one of those things that I appreciate about BitLocker.
