Solved Minor Bitlocker Weakness


cereberus

Well-known member
Pro User
VIP
Local time
5:36 PM
Posts
2,521
OS
Windows 10 Pro + others in VHDs
So I had a bitlocked partition on 1 PC and found a simple way I could recover the partition to another PC and files on new PC are not bitlocked.

I am being deliberately vague about how I did it but it was very simple (do not want to encourage hackers).

My point is not how I did it, but the fact it was so easy, makes bitlocker effectively useless!



If I ever lose my bitlocker passwords, I can decrypt file WITHOUT any security or password. So much for AES256 (or whatever they are) algorithms!

The only point in doing it is if pc gets stolen, the average bone-head would not know how to do it LOL.

EDIT: I was using Macrium Reflect, and it turns out you can only unlock a volume using usb drive created on same device. If you try it using drive created on another PC it can only copy as bitlocked. It is advisable to not select option to automatically unlock bitlocker if you carry Macrium Reflect USB drive with a bitlocked laptop.

So what I called Major is now renamed Minor in title LOL.
 
Last edited:

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0

Haydon

Well-known member
Member
VIP
Local time
12:36 PM
Posts
982
OS
Windows 10 Pro
Frankly, I think you haven't set up BitLocker correctly.
 

My Computer

System One

  • OS
    Windows 10 Pro

cereberus

Well-known member
Pro User
VIP
Thread Starter
Local time
5:36 PM
Posts
2,521
OS
Windows 10 Pro + others in VHDs
Frankly, I think you haven't set up BitLocker correctly.
No seriously, I have. The partition is bitlocked. But I have copied it to another PC and it is not - just tested it. I will PM you as this blew my mind.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0

johnlgalt

Antidisestablishmentarianistentarianist
Power User
VIP
Local time
12:36 PM
Posts
2,517
Location
3rd Rock
OS
Windows 11 21H2
PM me as well, please - I suspect there is a disconnect here that may need to be taken into account.
 

My Computers

System One System Two

  • OS
    Windows 11 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * Corsair Vengeance 32 GB 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    Eve Spectrum ES07D02 280 Hz QHD | Eve Spectrum ES07D03 4K Gaming Monitor
    Screen Resolution
    1440p | 4k
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    ZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3 for Business
    Internet Speed
    Logitech MX Master 3 for Business
    Browser
    Nightly (default) + Firefox (stable),Chrome, Edge/ß/Dev/Canary
    Antivirus
    Defender
  • Operating System
    Windows 10 x64 Pro build 21H1
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryvill 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master (shared) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex
    Browser
    Edge Chromium | Chrome | Firefox Nightly | Brave
    Antivirus
    Defender + MB4

Comport Colin

Member
Local time
6:36 PM
Posts
37
OS
Win11
Please confirm: you have a partition that is not only bitlocked, BUT ALSO in LOCKED STATE (closed yellow lock) and you may copy it and it is unlocked?
 

My Computer

System One

  • OS
    Win11

hsehestedt

Well-known member
Power User
VIP
Local time
11:36 AM
Posts
984
Location
Texas, USA
OS
Windows 11 21H2
I know that you do not want to go into detail, but I have to ask a couple questions:

Let's assume that the drive in question is currently locked. Are you saying that you can physically take that drive to another system and unlock it?

Or are you somehow copying the contents of the drive to another system via network?

The intention of BitLocker would be only to protect you if the drive was physically moved to another system or if someone installed a new instance of Windows on the current system.

EDIT: Some additional clarification on what I'm getting at: If you are copying data over the network to another location, it would be decrypted in that case, so I just want to get a basic idea of the scenario without asking you to provide details.
 

My Computers

System One System Two

  • OS
    Windows 11 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-11700K
    Motherboard
    ASUS Prime Z590-A
    Memory
    128GB Crucial Ballistix 3200MHz DRAM
    Graphics Card(s)
    No GPU - CPU graphics only (for now)
    Sound Card
    Realtek (on motherboard)
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe Gen 4 x 4 SSD
    1 x 2TB NVMe Gen 3 x 4 SSD
    2 x 512GB 2.5" SSDs
    2 x 8TB HD
    PSU
    Corsair HX850i
    Case
    Corsair iCue 5000X RGB
    Cooling
    Noctua NH-D15 chromax.black cooler + 10 case fans
    Keyboard
    CODE backlit mechanical keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    300Mb down / 20Mb up
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    Additional options installed:
    WiFi 6E PCIe adapter
    ASUS ThunderboltEX 4 PCIe adapter
  • Operating System
    Windows 11 21H2
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 15-BL012DX
    CPU
    Intel i7-7500U
    Memory
    32GB
    Graphics card(s)
    Dual Intel HD 620 and Nvidia GeForce 940MX
    Sound Card
    Built-in Realtek HD Audio
    Monitor(s) Displays
    4k 15-inch
    Screen Resolution
    4k (3840 x 2160)
    Hard Drives
    1TB Seagate FireCuda 510 NVMe SSD
    Internet Speed
    300Mb down / 20Mb up
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    RAM Upgraded from 16GB to 32GB WiFi Upgraded from WiFi 5 to WiFi 6 SSD upgraded from 512GB NVMe SSD to 1TB Seagate FireCuda 510 NVMe SSD

barman58

Moderator
Staff member
Local time
5:36 PM
Posts
1,175
OS
Windows 10 Pro x64 [Latest Release Preview]
@cereberus
First of all great work and discretion in doing what you can to prevent the spread of the knowledge to those who would abuse it ...

Up to you but I think it may be a good idea to inform Microsoft of your findings - this could be a serious unknown workaround BitLocker security ( I assume it is unknown as otherwise Microsoft should have sorted the weakness out already)
 

My Computers

System One System Two

  • OS
    Windows 10 Pro x64 [Latest Release Preview]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Chillblast to my design
    CPU
    Ryzen 9 5950X, 4.9GHz
    Motherboard
    Asus Prime X570-Pro Motherboard
    Memory
    64GB DDR4 3200MHz
    Graphics Card(s)
    4GB NVIDIA GEFORCE GTX 1650 Ti - HDMI, DP
    Sound Card
    On motherboard Feeding SPDiF 5.1 system
    Monitor(s) Displays
    32" UHD 32 Bit HDR Monitor + 43" UHD 4K 32Bit HDR TV
    Screen Resolution
    2 x 3840 x 2160
    Hard Drives
    1TB M2 SSD OS, 500GB Fast Access SSD, 2 x 8TB Data + Various Externals from 1TB to 4TB, 10TB NAS
    PSU
    NZXT C750 80 PLUS Gold 750W Modular PSU
    Case
    Chillblast Silent Workstation PC Case - Black
    Cooling
    NZXT Kraken X63 280mm CPU Cooler, Quiet Case fans Fan
    Keyboard
    Wireless Logitec MX Keys + K830 [Depending on where I'm Sat]
    Mouse
    Wireless Logitec - MX Master 3 + M570 Trackball
    Internet Speed
    72 MB Down 18.5 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security 2021
    Other Info
    Also run...
    Laptop - Quad 8GB - Windows 10 Pro x64 HP 15.2"
    Nexus 7 Android tablet [x2]
    Samsung 10.2" tablet
    Blackview 10.2 Tablet
    Sony Z3 Android Smartphone
    Samsung S9 Plus Smartphone
    Samsung Note S20
    Wacom Pro Medium Pen Pad
    Wacom Pro Small Pen Pad
    Wacom ExpressKey Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control Pad
  • Operating System
    Windows 10 Pro x64 [Latest release]
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 17 9700
    CPU
    i7 10750H
    Motherboard
    Stock
    Memory
    32 GB
    Graphics card(s)
    Stock Intel + GTX 1650 Ti
    Sound Card
    Stock 4 speaker
    Monitor(s) Displays
    Stock 17"
    Screen Resolution
    3840 x 2160 HDR touchscreen
    Hard Drives
    2TB M2 NVMe
    PSU
    Stock
    Case
    Stock Aluminium / Carbon Fibre
    Cooling
    Stock + 2 fan cooling pad
    Mouse
    Stock Trackpad +Logi Mx Master 3
    Keyboard
    Stock Illuminated + Logi - MX Keys
    Internet Speed
    72 MB Down 18.5 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security 2021

hsehestedt

Well-known member
Power User
VIP
Local time
11:36 AM
Posts
984
Location
Texas, USA
OS
Windows 11 21H2
cereberus, I reread your second post where you state that you are copying it to another system. In that case, the data is being decrypted and this would be expected behavior. Remember, BitLocker decrypts the data on the fly anytime you read it while logged in with an account granted access to that volume, so copying the data performs the act of decrypting the data. If you want the data to be encrypted at the destination, then the destination must have its own encryption.

As an example, Macrium Reflect (and othe backup programs) make it a point to tell you to use their encryption for backups originating from a BitLocker volume and destined for a non BitLocker volume because the data would otherwise be unencrypted.
 

My Computers

System One System Two

  • OS
    Windows 11 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-11700K
    Motherboard
    ASUS Prime Z590-A
    Memory
    128GB Crucial Ballistix 3200MHz DRAM
    Graphics Card(s)
    No GPU - CPU graphics only (for now)
    Sound Card
    Realtek (on motherboard)
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe Gen 4 x 4 SSD
    1 x 2TB NVMe Gen 3 x 4 SSD
    2 x 512GB 2.5" SSDs
    2 x 8TB HD
    PSU
    Corsair HX850i
    Case
    Corsair iCue 5000X RGB
    Cooling
    Noctua NH-D15 chromax.black cooler + 10 case fans
    Keyboard
    CODE backlit mechanical keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    300Mb down / 20Mb up
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    Additional options installed:
    WiFi 6E PCIe adapter
    ASUS ThunderboltEX 4 PCIe adapter
  • Operating System
    Windows 11 21H2
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 15-BL012DX
    CPU
    Intel i7-7500U
    Memory
    32GB
    Graphics card(s)
    Dual Intel HD 620 and Nvidia GeForce 940MX
    Sound Card
    Built-in Realtek HD Audio
    Monitor(s) Displays
    4k 15-inch
    Screen Resolution
    4k (3840 x 2160)
    Hard Drives
    1TB Seagate FireCuda 510 NVMe SSD
    Internet Speed
    300Mb down / 20Mb up
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    RAM Upgraded from 16GB to 32GB WiFi Upgraded from WiFi 5 to WiFi 6 SSD upgraded from 512GB NVMe SSD to 1TB Seagate FireCuda 510 NVMe SSD

pparks1

Well-known member
Power User
VIP
Local time
12:36 PM
Posts
393
OS
Windows 11 Pro
As others have stated, the value of Bitlocker is that if you leave your laptop someplace or somebody physically steals your hard drive, the data on it is encrypted. They cannot remove the drive easily from the lost system, and place it into a known working system and have access to the data that is on it.


If however, they are able to logon to Windows (for example, they know your password, or guess it), the drive is then in a decrypted state and they can do whatever they want with the data. If the data was backed up while unencrypted, it's unencrypted data on the destination source. If the computer is turned on and there are available network shares that provide access to the entire drive, they will be accessible to anybody across the network who has access to the machine.

Bitlocker is only providing protection from a hard drive being physically stolen and then attempted to be used in another physical system.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Beelink SEI8
    CPU
    Intel Core i5-8279u
    Motherboard
    AZW SEI
    Memory
    32GB DDR4 2666Mhz
    Graphics Card(s)
    Intel Iris Plus 655
    Sound Card
    Intel SST
    Monitor(s) Displays
    Asus ProArt PA278QV
    Screen Resolution
    2560x1440
    Hard Drives
    512GB NVMe
    PSU
    NA
    Case
    NA
    Cooling
    NA
    Keyboard
    NA
    Mouse
    NA
    Internet Speed
    500/50
    Browser
    Edge
    Antivirus
    Defender
    Other Info
    Mini PC used for testing Windows 11.

cereberus

Well-known member
Pro User
VIP
Thread Starter
Local time
5:36 PM
Posts
2,521
OS
Windows 10 Pro + others in VHDs
As others have stated, the value of Bitlocker is that if you leave your laptop someplace or somebody physically steals your hard drive, the data on it is encrypted. They cannot remove the drive easily from the lost system, and place it into a known working system and have access to the data that is on it.


If however, they are able to logon to Windows (for example, they know your password, or guess it), the drive is then in a decrypted state and they can do whatever they want with the data. If the data was backed up while unencrypted, it's unencrypted data on the destination source. If the computer is turned on and there are available network shares that provide access to the entire drive, they will be accessible to anybody across the network who has access to the machine.

Bitlocker is only providing protection from a hard drive being physically stolen and then attempted to be used in another physical system.
Sure thing, the weakness though is that if laptop is stolen, and user boots into Winpe mode, the data is still accessible.

I actually did an interesting test - I disabled the TPM before copying bitlocked partition to an external drive and then when I copied partition to new PC, it was copied in bitlocked state, so I could not get access to the data.

I agree if hard drive is stolen but not pc, then it is virtually impossible to access drive.

In the end, which is more likely - laptop getting stolen, or thief swipes hard drive (years ago, that sort of theft along with RAM was common but not nowadays)

Fortunately most thieves are scumbag opportunists and do not really care about the data and would wipe drive anyway. You would be very unlucky to have pc stolen by somebody data harvesting.

Bearing all this in mind, I have locked down bios on my travel laptop so a usb drive cannot be used, and also set a bios password. As it is an emmc device, you cannot even remove drive anyway.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0

Comport Colin

Member
Local time
6:36 PM
Posts
37
OS
Win11
"the weakness though is that if laptop is stolen, and user boots into Winpe mode, the data is still accessible"
No, booting WINPE will not allow you to access bitlocked drives. Bitlocker was made for this scenario. We use it for over a decade and often use WinPE - never accessible without providing the numerical recovery password, no.

So you did not answer my question, was the partition locked before copying or not?
 

My Computer

System One

  • OS
    Win11

cereberus

Well-known member
Pro User
VIP
Thread Starter
Local time
5:36 PM
Posts
2,521
OS
Windows 10 Pro + others in VHDs
"the weakness though is that if laptop is stolen, and user boots into Winpe mode, the data is still accessible"
No, booting WINPE will not allow you to access bitlocked drives. Bitlocker was made for this scenario. We use it for over a decade and often use WinPE - never accessible without providing the numerical recovery password, no.

So you did not answer my question, was the partition locked before copying or not?
Yes it was locked, and I did not specify which WinPE item I booted from. It was not a windows installation drive but a different app that boots in WinPe and it copied a bitlocked partition without a password. That is my whole point!
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0

hsehestedt

Well-known member
Power User
VIP
Local time
11:36 AM
Posts
984
Location
Texas, USA
OS
Windows 11 21H2
Yes it was locked, and I did not specify which WinPE item I booted from.
If by any chance the WinPE item you booted from was Macrium Reflect, bear in mind that reflect has an option to allow access to your BitLocker drive(s) when the rescue media is booted.

I always add the option to enable BitLocker support but don't allow it to unlock my volumes automatically.

Image1.jpg
 

My Computers

System One System Two

  • OS
    Windows 11 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-11700K
    Motherboard
    ASUS Prime Z590-A
    Memory
    128GB Crucial Ballistix 3200MHz DRAM
    Graphics Card(s)
    No GPU - CPU graphics only (for now)
    Sound Card
    Realtek (on motherboard)
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe Gen 4 x 4 SSD
    1 x 2TB NVMe Gen 3 x 4 SSD
    2 x 512GB 2.5" SSDs
    2 x 8TB HD
    PSU
    Corsair HX850i
    Case
    Corsair iCue 5000X RGB
    Cooling
    Noctua NH-D15 chromax.black cooler + 10 case fans
    Keyboard
    CODE backlit mechanical keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    300Mb down / 20Mb up
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    Additional options installed:
    WiFi 6E PCIe adapter
    ASUS ThunderboltEX 4 PCIe adapter
  • Operating System
    Windows 11 21H2
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 15-BL012DX
    CPU
    Intel i7-7500U
    Memory
    32GB
    Graphics card(s)
    Dual Intel HD 620 and Nvidia GeForce 940MX
    Sound Card
    Built-in Realtek HD Audio
    Monitor(s) Displays
    4k 15-inch
    Screen Resolution
    4k (3840 x 2160)
    Hard Drives
    1TB Seagate FireCuda 510 NVMe SSD
    Internet Speed
    300Mb down / 20Mb up
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    RAM Upgraded from 16GB to 32GB WiFi Upgraded from WiFi 5 to WiFi 6 SSD upgraded from 512GB NVMe SSD to 1TB Seagate FireCuda 510 NVMe SSD

cereberus

Well-known member
Pro User
VIP
Thread Starter
Local time
5:36 PM
Posts
2,521
OS
Windows 10 Pro + others in VHDs
Ok, as people surmised I was using Macrium Reflect and I have done more testing based on some pm suggestions and I am glad to say you can only use the Rescue Drive to unlock in winpe mode if the Rescue Drive is made on same PC.

OK, I admit it is not a MAJOR weakness, but you should not carry Rescue Drive with Laptop if travelling or bitlock the Rescue Drive Z as well.

Nonetheless this has made me think what you need to do to secure a travel laptop i.e.

1) bitlock drives

2) add a PIN to preboot TPM (not same as windows PIN

3) Do not select option (uncheck) to autounlock Bitlocked partitions (thanks to @hsehestedt for this suggestion, and @Fabler2 for help).

Thanks for replies.
 
Last edited:

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0

hsehestedt

Well-known member
Power User
VIP
Local time
11:36 AM
Posts
984
Location
Texas, USA
OS
Windows 11 21H2
Very cool. I do carry my rescue disk with me, but I make sure not to select the option to auto unlock BitLocker volumes when I create it. That way it neuters the rescue disk rendering it safe. :)
 

My Computers

System One System Two

  • OS
    Windows 11 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-11700K
    Motherboard
    ASUS Prime Z590-A
    Memory
    128GB Crucial Ballistix 3200MHz DRAM
    Graphics Card(s)
    No GPU - CPU graphics only (for now)
    Sound Card
    Realtek (on motherboard)
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe Gen 4 x 4 SSD
    1 x 2TB NVMe Gen 3 x 4 SSD
    2 x 512GB 2.5" SSDs
    2 x 8TB HD
    PSU
    Corsair HX850i
    Case
    Corsair iCue 5000X RGB
    Cooling
    Noctua NH-D15 chromax.black cooler + 10 case fans
    Keyboard
    CODE backlit mechanical keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    300Mb down / 20Mb up
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    Additional options installed:
    WiFi 6E PCIe adapter
    ASUS ThunderboltEX 4 PCIe adapter
  • Operating System
    Windows 11 21H2
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 15-BL012DX
    CPU
    Intel i7-7500U
    Memory
    32GB
    Graphics card(s)
    Dual Intel HD 620 and Nvidia GeForce 940MX
    Sound Card
    Built-in Realtek HD Audio
    Monitor(s) Displays
    4k 15-inch
    Screen Resolution
    4k (3840 x 2160)
    Hard Drives
    1TB Seagate FireCuda 510 NVMe SSD
    Internet Speed
    300Mb down / 20Mb up
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    RAM Upgraded from 16GB to 32GB WiFi Upgraded from WiFi 5 to WiFi 6 SSD upgraded from 512GB NVMe SSD to 1TB Seagate FireCuda 510 NVMe SSD

cereberus

Well-known member
Pro User
VIP
Thread Starter
Local time
5:36 PM
Posts
2,521
OS
Windows 10 Pro + others in VHDs
Very cool. I do carry my rescue disk with me, but I make sure not to select the option to auto unlock BitLocker volumes when I create it. That way it neuters the rescue disk rendering it safe. :)
That is good advice - I have updated my post above.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0

Fabler2

Well-known member
Power User
VIP
Local time
5:36 PM
Posts
1,864
OS
Win 11 Pro & Dev.

My Computers

System One System Two

  • OS
    Win 11 Pro & Dev.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    INTEL SSD 660p 512GB NVMe
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    16 GB (2 x 8 GB) DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    1.024 TB SSD M.2 2280 - Samsung
    PSU
    180 Watt, 19.5 V
    Mouse
    Logitech
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender

cereberus

Well-known member
Pro User
VIP
Thread Starter
Local time
5:36 PM
Posts
2,521
OS
Windows 10 Pro + others in VHDs
Can you boot from a Bitlocked drive? It won't be any use if it's needed.

No - good point but you can create a Windows to Go usb drive which is bootlocked with a PIN so you cannot start it without entering PIN. This is a sledgehammer solution though - simply easier to select Reflect option not to automatically unlock bitlocked volumes is easier. Earlier post updated.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0

johnlgalt

Antidisestablishmentarianistentarianist
Power User
VIP
Local time
12:36 PM
Posts
2,517
Location
3rd Rock
OS
Windows 11 21H2
And that was one of the things I wondered why it was included in the first place - the auto unlock is a dangerous thing to have there. I suppose someone,. somewhere screamed about it until it got added or something.
 

My Computers

System One System Two

  • OS
    Windows 11 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * Corsair Vengeance 32 GB 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    Eve Spectrum ES07D02 280 Hz QHD | Eve Spectrum ES07D03 4K Gaming Monitor
    Screen Resolution
    1440p | 4k
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    ZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3 for Business
    Internet Speed
    Logitech MX Master 3 for Business
    Browser
    Nightly (default) + Firefox (stable),Chrome, Edge/ß/Dev/Canary
    Antivirus
    Defender
  • Operating System
    Windows 10 x64 Pro build 21H1
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryvill 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master (shared) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex
    Browser
    Edge Chromium | Chrome | Firefox Nightly | Brave
    Antivirus
    Defender + MB4
Top Bottom