Solved Is there a reason why I would not turn on BitLocker on a removeable data drive?


S

stuart253

Well-known member
Local time
1:09 PM
Posts
12
OS
Windows 11
Hello,

My machine is a Dell XPS 8960 running Windows 11 Pro.

After noticing that one of the data drives had BitLocker turned off, I turned it back on.

I also notice that my removable drives have it turned off.

1728055004666.png
Is there any reason why I should leave it off on my removable data drives?

Thanks in advance

Stu
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell XPS 8960
stuart253 said:
Hello,

My machine is a Dell XPS 8960 running Windows 11 Pro.

After noticing that one of the data drives had BitLocker turned off, I turned it back on.

I also notice that my removable drives have it turned off.

View attachment 111167
Is there any reason why I should leave it off on my removable data drives?

Thanks in advance

Stu
Click to expand...
There is no single reason to do it or not.

It is purely a judgement call.

If usb drives has important/critical documents e.g. legal documents, then using bitlocker makes sense.

If it is just inane selfies from down the pub, you would only need to bitlock it if the pictures were so embarrasing, you would "die" if they got spread on internet.

If you are obsessive about privacy - then bitlock it.

If data is not critical, the bitlocking is a PITA, needing password to access your data.

Personally, I do not bother but never store passwords type stuff on a usb drive.

In the end, it is down to you to assess and classify your data.
 

My Computer

System One

  • OS
    Windows 11 Pro + Win11 Canary VM.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Zenbook 14
    CPU
    I9 13th gen i9-13900H 2.60 GHZ
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB soldered
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    laptop OLED screen
    Screen Resolution
    2880x1800 touchscreen
    Hard Drives
    1 TB NVME SSD (only weakness is only one slot)
    PSU
    Internal + 65W thunderbolt USB4 charger
    Case
    Yep, got one
    Cooling
    Stella Artois (UK pint cans - 568 ml) - extra cost.
    Keyboard
    Built in UK keybd
    Mouse
    Bluetooth , wireless dongled, wired
    Internet Speed
    900 mbs (ethernet), wifi 6 typical 350-450 mb/s both up and down
    Browser
    Edge
    Antivirus
    Defender
    Other Info
    TPM 2.0, 2xUSB4 thunderbolt, 1xUsb3 (usb a), 1xUsb-c, hdmi out, 3.5 mm audio out/in combo, ASUS backlit trackpad (inc. switchable number pad)

    Macrium Reflect Home V8
    Office 365 Family (6 users each 1TB onedrive space)
    Hyper-V (a vm runs almost as fast as my older laptop)
cereberus said:
If it is just inane selfies from down the pub, you would only need to bitlock it if the pictures were so embarrasing, you would "die" if they got spread on internet.
Click to expand...
😁
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 Build 22631.5472
    Computer type
    PC/Desktop
    Manufacturer/Model
    Sin-built
    CPU
    Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz (4th Gen?)
    Motherboard
    ASUS ROG Maximus VI Formula
    Memory
    32.0 GB of I forget and the box is in storage.
    Graphics Card(s)
    Gigabyte nVidia GeForce GTX 1660 Super OC 6GB
    Sound Card
    Onboard
    Monitor(s) Displays
    5 x LG 25MS500-B - 1 x 24MK430H-B - 1 x Wacom Pro 22" Tablet
    Screen Resolution
    All over the place
    Hard Drives
    Too many to list.
    OS on Samsung 1TB 870 QVO SATA
    PSU
    Silverstone 1500
    Case
    NZXT Phantom 820 Full-Tower Case
    Cooling
    Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.
    Keyboard
    Corsair K95 / Logitech diNovo Edge Wireless
    Mouse
    Logitech: G402 / G502 / Mx Masters / MX Air Cordless
    Internet Speed
    1000/400Mbps
    Browser
    All sorts
    Antivirus
    Kaspersky Premium
    Other Info
    I’m on a horse.
  • Operating System
    Windows 11 Pro 23H2 Build: 22631.4249
    Computer type
    Laptop
    Manufacturer/Model
    LENOVO Yoga 7i EVO OLED 14" Touchscreen i5 12 Core 16GB/512GB
    CPU
    Intel Core 12th Gen i5-1240P Processor (1.7 - 4.4GHz)
    Memory
    16GB LPDDR5 RAM
    Graphics card(s)
    Intel Iris Xe Graphics Processor
    Sound Card
    Optimized with Dolby Atmos®
    Screen Resolution
    QHD 2880 x 1800 OLED
    Hard Drives
    M.2 512GB
    Antivirus
    Defender / Malwarebytes
    Other Info
    …still on a horse.
I use BitLocker on literally every machine I own including most external drives and thumb drives.

The rule of thumb that I have is simple: If a drive contains any hint of data I would be upset to have stolen, it gets encrypted. If it nothing private like movies, music, etc. then I don't encrypt that drive.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-built
    CPU
    Intel i7 11700K
    Motherboard
    ASUS Prime Z590-A MB
    Memory
    64GB (Waiting for warranty replacement of another 64GB for 128GB total)
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe SSD
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    3 x 512GB 2.5" SSD
    1 x 4TB 2.5" SSD
    5 x 8TB Seagate Barracuda HDD
    PSU
    Corsair HX850i
    Case
    Corsair iCUE RGB 5000X mid tower case
    Cooling
    Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Home Computer Specifications, Configuration, and Usage Notes General Specifications ASUS Prime Z590-A motherboard, serial number M1M0KC222467ARP Intel Core i7-11700K CPU (11th Gen Rocket Lake / LGA 1200 Socket) 128GB Crucial Ballistix RGB DDR4 3200 MHz DRAM (4 x 32GB) Corsair iCUE RGB 5000X mid tower case Noctua NH-D15 chromax.black CPU cooler Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Corsair LL-120 RGB Fans (Qty. 3)
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    The five 8TB drives and three 512GB SSDs are part of a DrivePool using StableBit DrivePool software. The three SSDs are devoted purely to caching for the 8TB drives. All of the important data is stored in triplicate so that I can withstand simultaneous failure of 2 disks.

    Networking: 2.5Gbps Ethernet and WiFi 6e
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Keyboard
    Backlit, spill resistant keyboard
    Mouse
    Buttonless Glass Precision Touchpad
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
Thanks to all who have responded.

Since nothing on my externals drives is critical and I am not too paranoid, just slightly....,I will not activate BitLocker on them.

Thanks again
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell XPS 8960
Note that if you are a BitLocker user, as I am, that you can set BitLocker on portable drives to automatically unlock when they are attached to your computer. There is a checkbox to set when you enter your password to unlock the drive. After checking that box, BitLocker is then totally transparent, and the drive behaves like a normal drive as soon as you attach it.

My data is very important to me. I've used BitLocker since 2007.
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 16 9640
    CPU
    Intel Core Ultra 9 185H
    Memory
    32GB LPDDR5x 7467 MT/s
    Graphics Card(s)
    NVIDIA GeForce RTX 4070 8GB GDDR6
    Monitor(s) Displays
    16.3 inch 4K+ OLED Infinity Edge Touch
    Screen Resolution
    3840 x 2400
    Hard Drives
    1 Terabyte M.2 PCIe NVMe SSD
    Cooling
    Vapor Chamber Cooling
    Mouse
    None
    Internet Speed
    960 Mbps Netgear Mesh + 2 Satellites
    Browser
    Microsoft Edge (Chromium)
    Antivirus
    Microsoft Windows Security (Defender)
    Other Info
    Microsoft 365 subscription
    Microsoft OneDrive 1TB Cloud
    Microsoft Visual Studio
    Microsoft Visual Studio Code
    Microsoft Sysinternals Suite
    Microsoft BitLocker
    Microsoft Copilot
    Macrium Reflect X subscription
    Dell Support Assist
    Dell Command | Update
    1Password Password Manager
    Amazon Kindle for PC
    Lightroom/Photoshop subscription
    Interactive Brokers Trader Workstation
TraderGary said:
Note that if you are a BitLocker user, as I am, that you can set BitLocker on portable drives to automatically unlock when they are attached to your computer. There is a checkbox to set when you enter your password to unlock the drive. After checking that box, BitLocker is then totally transparent, and the drive behaves like a normal drive as soon as you attach it.
Click to expand...
Good point, but just to clarify one aspect of this: You can only automatically unlock a data drive if the Windows OS drive is BitLocker encrypted.

Also, the autounlock needs to be enabled separately on each system that you want it to autounlock on.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-built
    CPU
    Intel i7 11700K
    Motherboard
    ASUS Prime Z590-A MB
    Memory
    64GB (Waiting for warranty replacement of another 64GB for 128GB total)
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe SSD
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    3 x 512GB 2.5" SSD
    1 x 4TB 2.5" SSD
    5 x 8TB Seagate Barracuda HDD
    PSU
    Corsair HX850i
    Case
    Corsair iCUE RGB 5000X mid tower case
    Cooling
    Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Home Computer Specifications, Configuration, and Usage Notes General Specifications ASUS Prime Z590-A motherboard, serial number M1M0KC222467ARP Intel Core i7-11700K CPU (11th Gen Rocket Lake / LGA 1200 Socket) 128GB Crucial Ballistix RGB DDR4 3200 MHz DRAM (4 x 32GB) Corsair iCUE RGB 5000X mid tower case Noctua NH-D15 chromax.black CPU cooler Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Corsair LL-120 RGB Fans (Qty. 3)
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    The five 8TB drives and three 512GB SSDs are part of a DrivePool using StableBit DrivePool software. The three SSDs are devoted purely to caching for the 8TB drives. All of the important data is stored in triplicate so that I can withstand simultaneous failure of 2 disks.

    Networking: 2.5Gbps Ethernet and WiFi 6e
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Keyboard
    Backlit, spill resistant keyboard
    Mouse
    Buttonless Glass Precision Touchpad
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
If you're using it for backups, you wouldn't want a drive that is locked because you dont have the recovery key anymore. Lock it in a safe. Nothing beats real security.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ASUS ROG Strix G18
Thorshammer342 said:
If you're using it for backups, you wouldn't want a drive that is locked because you dont have the recovery key anymore.
Click to expand...

Hey? Why?

TraderGary said:
Note that if you are a BitLocker user, as I am, that you can set BitLocker on portable drives to automatically unlock when they are attached to your computer. There is a checkbox to set when you enter your password to unlock the drive. After checking that box, BitLocker is then totally transparent, and the drive behaves like a normal drive as soon as you attach it.
Click to expand...

🙏
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 Build 22631.5472
    Computer type
    PC/Desktop
    Manufacturer/Model
    Sin-built
    CPU
    Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz (4th Gen?)
    Motherboard
    ASUS ROG Maximus VI Formula
    Memory
    32.0 GB of I forget and the box is in storage.
    Graphics Card(s)
    Gigabyte nVidia GeForce GTX 1660 Super OC 6GB
    Sound Card
    Onboard
    Monitor(s) Displays
    5 x LG 25MS500-B - 1 x 24MK430H-B - 1 x Wacom Pro 22" Tablet
    Screen Resolution
    All over the place
    Hard Drives
    Too many to list.
    OS on Samsung 1TB 870 QVO SATA
    PSU
    Silverstone 1500
    Case
    NZXT Phantom 820 Full-Tower Case
    Cooling
    Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.
    Keyboard
    Corsair K95 / Logitech diNovo Edge Wireless
    Mouse
    Logitech: G402 / G502 / Mx Masters / MX Air Cordless
    Internet Speed
    1000/400Mbps
    Browser
    All sorts
    Antivirus
    Kaspersky Premium
    Other Info
    I’m on a horse.
  • Operating System
    Windows 11 Pro 23H2 Build: 22631.4249
    Computer type
    Laptop
    Manufacturer/Model
    LENOVO Yoga 7i EVO OLED 14" Touchscreen i5 12 Core 16GB/512GB
    CPU
    Intel Core 12th Gen i5-1240P Processor (1.7 - 4.4GHz)
    Memory
    16GB LPDDR5 RAM
    Graphics card(s)
    Intel Iris Xe Graphics Processor
    Sound Card
    Optimized with Dolby Atmos®
    Screen Resolution
    QHD 2880 x 1800 OLED
    Hard Drives
    M.2 512GB
    Antivirus
    Defender / Malwarebytes
    Other Info
    …still on a horse.
Thorshammer342 said:
If you're using it for backups, you wouldn't want a drive that is locked because you dont have the recovery key anymore. Lock it in a safe. Nothing beats real security.
Click to expand...
When you use BitLocker To Go encryption on a backup drive, you have many different ways to unlock the drive.
1. The BitLocker key stored in your Microsoft Account
2. The BitLocker key stored in your choice of locations.
3. The Password set in the drive when you encrypted it.
4. A hardware key you have purchased such as Yubikey.
5. You've chosen the option to auto-unlock when attached to the main BitLocker Drive.

Since I store my BitLocker keys in my Microsoft Account, I can use any one of options 1, 3, or 5. The convenience of option 5 has served me well for many years.

I keep all my data and photos in the OneDrive folder of my C: drive. I make daily Macrium Reflect images of my C: drive on two Samsung T9 4TB Portable SSD Drives, each rotating 7 images.

I'm very mobile and travel a lot with my laptop and Samsung SSD backups. Security is vitally important to me and that's why I use BitLocker.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 16 9640
    CPU
    Intel Core Ultra 9 185H
    Memory
    32GB LPDDR5x 7467 MT/s
    Graphics Card(s)
    NVIDIA GeForce RTX 4070 8GB GDDR6
    Monitor(s) Displays
    16.3 inch 4K+ OLED Infinity Edge Touch
    Screen Resolution
    3840 x 2400
    Hard Drives
    1 Terabyte M.2 PCIe NVMe SSD
    Cooling
    Vapor Chamber Cooling
    Mouse
    None
    Internet Speed
    960 Mbps Netgear Mesh + 2 Satellites
    Browser
    Microsoft Edge (Chromium)
    Antivirus
    Microsoft Windows Security (Defender)
    Other Info
    Microsoft 365 subscription
    Microsoft OneDrive 1TB Cloud
    Microsoft Visual Studio
    Microsoft Visual Studio Code
    Microsoft Sysinternals Suite
    Microsoft BitLocker
    Microsoft Copilot
    Macrium Reflect X subscription
    Dell Support Assist
    Dell Command | Update
    1Password Password Manager
    Amazon Kindle for PC
    Lightroom/Photoshop subscription
    Interactive Brokers Trader Workstation
TraderGary said:
When you use BitLocker To Go encryption on a backup drive, you have many different ways to unlock the drive.
1. The BitLocker key stored in your Microsoft Account
2. The BitLocker key stored in your choice of locations.
3. The Password set in the drive when you encrypted it.
4. A hardware key you have purchased such as Yubikey.
5. You've chosen the option to auto-unlock when attached to the main BitLocker Drive.

Since I store my BitLocker keys in my Microsoft Account, I can use any one of options 1, 3, or 5. The convenience of option 5 has served me well for many years.

I keep all my data and photos in the OneDrive folder of my C: drive. I make daily Macrium Reflect images of my C: drive on two Samsung T9 4TB Portable SSD Drives, each rotating 7 images.

I'm very mobile and travel a lot with my laptop and Samsung SSD backups. Security is vitally important to me and that's why I use BitLocker.
Click to expand...


Yes, I know there are ways to recover the encrypted drive. I just mean in an "If all else fails" scenario for some reason. Microsoft account can be deactivated for a number of reasons, and backup files could be stored on physical media which have failed. Or the backup files could be stored on a file system which has become corrupt. Print that key on a piece of paper.

And if youre backing up over 10GB of data, good luck finding cloud storage which you dont have to pay through the nose for.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ASUS ROG Strix G18
I wrote a small program for myself to encrypt my recovery key. The idea is that it uses a simple method using a key that I keep in my head. That way I can decrypt the key on the fly in my head. But I can put the encrypted key on a label and slap it on the machine out in the open with no fear that anyone can do anything with it.

Technically, you don't need a program to do that, it just makes it faster and removes the human error element.

The point is that you could do this manually as well. As an example, suppose I have a partial key like this:

57645-01842

A key I keep in my head is 0423. Note: In real life key can be any length you want.

Now add them like this, one digit at a time, repeating the key you have in your head as often as needed. If result is greater than ten, simply drop the tens column:

57645-01842
04330 42304
--------------
51975 43146

Now I put the "51975 43146" on a label and attach it to my machine. 100% safe even though it is out in the open.

To decrypt do a subtraction of the same key from your encrypted key.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-built
    CPU
    Intel i7 11700K
    Motherboard
    ASUS Prime Z590-A MB
    Memory
    64GB (Waiting for warranty replacement of another 64GB for 128GB total)
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe SSD
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    3 x 512GB 2.5" SSD
    1 x 4TB 2.5" SSD
    5 x 8TB Seagate Barracuda HDD
    PSU
    Corsair HX850i
    Case
    Corsair iCUE RGB 5000X mid tower case
    Cooling
    Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Home Computer Specifications, Configuration, and Usage Notes General Specifications ASUS Prime Z590-A motherboard, serial number M1M0KC222467ARP Intel Core i7-11700K CPU (11th Gen Rocket Lake / LGA 1200 Socket) 128GB Crucial Ballistix RGB DDR4 3200 MHz DRAM (4 x 32GB) Corsair iCUE RGB 5000X mid tower case Noctua NH-D15 chromax.black CPU cooler Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Corsair LL-120 RGB Fans (Qty. 3)
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    The five 8TB drives and three 512GB SSDs are part of a DrivePool using StableBit DrivePool software. The three SSDs are devoted purely to caching for the 8TB drives. All of the important data is stored in triplicate so that I can withstand simultaneous failure of 2 disks.

    Networking: 2.5Gbps Ethernet and WiFi 6e
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Keyboard
    Backlit, spill resistant keyboard
    Mouse
    Buttonless Glass Precision Touchpad
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
You must log in or register to reply here.

Latest Support Threads

Latest Tutorials

Back
Top Bottom