What bitlocker configuration do you use and why


user1010

user1010

Active member
Member
Local time
8:46 PM
Posts
98
OS
Windows 11
What bitlocker configuration do you use and why?
 
Windows Build/Version
11, 23H2

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    Intel Core i7-13700
    Motherboard
    ASUS TUF GAMING B760-PLUS WIFI
    Memory
    Corsair VENGEANCE DDR5 32GB
    Graphics Card(s)
    MSI GeForce RTX 4060 Ti VENTUS 3X 16GB OC
    Monitor(s) Displays
    Samsung LS32AG504
    Hard Drives
    Kingston Fury Renegade M.2 2TB SSD
    PSU
    Corsair RM850X 2021 / 850W / 80+ Gold
    Browser
    Chrome
    Antivirus
    Defender
I disabled the Bitlocker Service.
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦26100.4351 ♦♦♦♦♦♦♦24H2 ♦♦♦non-Insider
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 5002)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 15 years?
You will be delighted to know that Windows 10 and Windows 11 lets you enhance your files security with the help of BitLocker Encryption Method and Cipher Strength. It becomes important for you to protect your crucial data from going it into the inappropriate hands. But to offer more safety to your drives, you can modify encryption mode and cipher strength accordingly.

Windows 10 (version 1511) introduces a new disk encryption mode (XTS-AES). This mode provides additional integrity support, but is not compatible with older versions of Windows.

You could also select to use disk encryption Compatible mode (AES-CBC) that is compatible with older versions of Windows. If you're encrypting a removable drive that you're going to use on an older version of Windows, you should use AES-CBC.

Both BitLocker Drive Encryption modes above support using 128-bit or 256-bit cipher strength.

Windows 10 uses XTS-AES 128 bit by default for operating system drives as well as fixed data drives, and uses AES-CBC 128 bit by default for removable data drives.


BitLocker Drive Encryption is only available in Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education editions.


Set Default BitLocker Drive Encryption Method and Cipher Strength

1. Press the Windows + R keys to open the Run dialog, type gpedit.msc, and press the Enter key to open Local Group Policy Editor.

2. In the left pane of Local Group Policy Editor, navigate to the location below.

Code: 
Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption

WeDhHls.png


3. Shift to the right pane of BitLocker Drive Encryption and you can see a few policies. Here, locate and double-click the setting namely “Choose drive encryption method and cipher strength (Windows 10 (Version 1511) and later)“.

4. Click Enabled dot on the top left of the next window. This also enables the encryption method for OS, removable data drives, and fixed data drives as shown in the given screenshot. So, click each drop-down and select the mode as per preference.

hAb4QaJ.png


5. Finally, click Apply and OK buttons to implement the encryption changes you made above.

Hopefully, with any of the above two procedures in Windows 10, you can pretty much easily modify BitLocker Encryption Method and Cipher Strength.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Pavilion
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    Erica6
    Memory
    Micron Technology DDR4-3200 16GB
    Graphics Card(s)
    NVIDIA GeForce RTX 3060
    Sound Card
    Realtek ALC671
    Monitor(s) Displays
    Samsung SyncMaster U28E590
    Screen Resolution
    3840 x 2160
    Hard Drives
    SAMSUNG MZVLQ1T0HALB-000H1
  • Defaults for fixed drives.
  • Compatible mode for the external drives, so that they will work with Windows 10.
  • Preboot PIN because there might be exploits to get around the Windows lock screen.
  • Recovery keys not saved to the MS cloud, but saved encrypted locally in multiple places. This is just in case MS account somehow gets breached, etc. Encrypted locally just in case the computer gets breached.
  • Password protections for all non-system drives, because they may be less cumbersome than the recovery keys.
  • TPM protection for all drives, for ease of access.
 

My Computer

System One

  • OS
    Windows 11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex Micro 5000
    CPU
    Intel Core i5-12500T
    Motherboard
    Dell 03V7GF
    Memory
    2 x 8GB DDR4 SO-DIMM 3200
    Graphics Card(s)
    Intel UHD Graphics 770
    Sound Card
    Intel Alder Lake-S PCH - cAVS (Audio, Voice, Speech)
    Internet Speed
    500/1,000 Mbps
    Browser
    Firefox ESR
    Antivirus
    Windows defender. One-time free scanners: ESET, Sophos
echo2446 said:
Compatible mode for the external drives, so that they will work with Windows 10.
Click to expand...
You do not need compatible mode for Win 10. It supports the enhanced mode directly.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-built
    CPU
    Intel i7 11700K
    Motherboard
    ASUS Prime Z590-A MB
    Memory
    64GB (Waiting for warranty replacement of another 64GB for 128GB total)
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe SSD
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    3 x 512GB 2.5" SSD
    1 x 4TB 2.5" SSD
    5 x 8TB Seagate Barracuda HDD
    PSU
    Corsair HX850i
    Case
    Corsair iCUE RGB 5000X mid tower case
    Cooling
    Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Home Computer Specifications, Configuration, and Usage Notes General Specifications ASUS Prime Z590-A motherboard, serial number M1M0KC222467ARP Intel Core i7-11700K CPU (11th Gen Rocket Lake / LGA 1200 Socket) 128GB Crucial Ballistix RGB DDR4 3200 MHz DRAM (4 x 32GB) Corsair iCUE RGB 5000X mid tower case Noctua NH-D15 chromax.black CPU cooler Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Corsair LL-120 RGB Fans (Qty. 3)
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    The five 8TB drives and three 512GB SSDs are part of a DrivePool using StableBit DrivePool software. The three SSDs are devoted purely to caching for the 8TB drives. All of the important data is stored in triplicate so that I can withstand simultaneous failure of 2 disks.

    Networking: 2.5Gbps Ethernet and WiFi 6e
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
None
 

My Computer

System One

  • OS
    Windows 11 Pro + Win11 Canary VM.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Zenbook 14
    CPU
    I9 13th gen i9-13900H 2.60 GHZ
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB soldered
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    laptop OLED screen
    Screen Resolution
    2880x1800 touchscreen
    Hard Drives
    1 TB NVME SSD (only weakness is only one slot)
    PSU
    Internal + 65W thunderbolt USB4 charger
    Case
    Yep, got one
    Cooling
    Stella Artois (UK pint cans - 568 ml) - extra cost.
    Keyboard
    Built in UK keybd
    Mouse
    Bluetooth , wireless dongled, wired
    Internet Speed
    900 mbs (ethernet), wifi 6 typical 350-450 mb/s both up and down
    Browser
    Edge
    Antivirus
    Defender
    Other Info
    TPM 2.0, 2xUSB4 thunderbolt, 1xUsb3 (usb a), 1xUsb-c, hdmi out, 3.5 mm audio out/in combo, ASUS backlit trackpad (inc. switchable number pad)

    Macrium Reflect Home V8
    Office 365 Family (6 users each 1TB onedrive space)
    Hyper-V (a vm runs almost as fast as my older laptop)
Preboot authentication with a start-up PIN, as thousands of laptops get stolen every day (and TPM-only is not as secure).
 
Last edited:

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
If you're on Home and have the right combination of Modern Standby, TPM 2.0, and a Microsoft Account – you can get Device Encryption. Which is really BitLocker under a different guise, but without any user settings other than On & Off.
 

My Computer

System One

  • OS
    Windows 7
echo2446 said:
  • Defaults for fixed drives.
  • Compatible mode for the external drives, so that they will work with Windows 10.
  • Preboot PIN because there might be exploits to get around the Windows lock screen.
  • Recovery keys not saved to the MS cloud, but saved encrypted locally in multiple places. This is just in case MS account somehow gets breached, etc. Encrypted locally just in case the computer gets breached.
  • Password protections for all non-system drives, because they may be less cumbersome than the recovery keys.
  • TPM protection for all drives, for ease of access.
Click to expand...
The same thing for saving Recovery keys in google drive? Like usb memory sticks?

Anyone know how much the performance will be affected?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    Intel Core i7-13700
    Motherboard
    ASUS TUF GAMING B760-PLUS WIFI
    Memory
    Corsair VENGEANCE DDR5 32GB
    Graphics Card(s)
    MSI GeForce RTX 4060 Ti VENTUS 3X 16GB OC
    Monitor(s) Displays
    Samsung LS32AG504
    Hard Drives
    Kingston Fury Renegade M.2 2TB SSD
    PSU
    Corsair RM850X 2021 / 850W / 80+ Gold
    Browser
    Chrome
    Antivirus
    Defender
user1010 said:
The same thing for saving Recovery keys in google drive? Like usb memory sticks?

Anyone know how much the performance will be affected?
Click to expand...
Microsoft automatically saves the recovery keys to MS cloud for a reason, i.e. some consumers don't understand the tech and don't backup the keys anywhere, resulting in almost a certain loss of encrypted content in the future without the automatic save.

So, cloud backup is better than no backup, and it probably works splendidly for many people.

On the other hand, if you are already using 3-2-1 backup strategies, unencrypted automatic cloud backups are not needed, and will prevent people with access to your accounts (such as authorities) from having the unencrypted keys. Keep it encrypted (but you need to keep the password to decrypt it, maybe in a password manager, or keep the key in the password manager itself). Even, keep it offline.

The performance loss I heard was in a single percentage, which bore true with my own testings on SSD and HDD drives, but I have also heard that some people have experienced worse, at least some of the time.
 

My Computer

System One

  • OS
    Windows 11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex Micro 5000
    CPU
    Intel Core i5-12500T
    Motherboard
    Dell 03V7GF
    Memory
    2 x 8GB DDR4 SO-DIMM 3200
    Graphics Card(s)
    Intel UHD Graphics 770
    Sound Card
    Intel Alder Lake-S PCH - cAVS (Audio, Voice, Speech)
    Internet Speed
    500/1,000 Mbps
    Browser
    Firefox ESR
    Antivirus
    Windows defender. One-time free scanners: ESET, Sophos
echo2446 said:
Microsoft automatically saves the recovery keys to MS cloud for a reason, i.e. some consumers don't understand the tech and don't backup the keys anywhere, resulting in almost a certain loss of encrypted content in the future without the automatic save.

So, cloud backup is better than no backup, and it probably works splendidly for many people.

On the other hand, if you are already using 3-2-1 backup strategies, unencrypted automatic cloud backups are not needed, and will prevent people with access to your accounts (such as authorities) from having the unencrypted keys. Keep it encrypted (but you need to keep the password to decrypt it, maybe in a password manager, or keep the key in the password manager itself). Even, keep it offline.

The performance loss I heard was in a single percentage, which bore true with my own testings on SSD and HDD drives, but I have also heard that some people have experienced worse, at least some of the time.
Click to expand...
LastPass maybe, or Keepass.

Rather save in the google drive if I lost the password somehow. For what reason should authorities use the keys and are you meaning in US now?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    Intel Core i7-13700
    Motherboard
    ASUS TUF GAMING B760-PLUS WIFI
    Memory
    Corsair VENGEANCE DDR5 32GB
    Graphics Card(s)
    MSI GeForce RTX 4060 Ti VENTUS 3X 16GB OC
    Monitor(s) Displays
    Samsung LS32AG504
    Hard Drives
    Kingston Fury Renegade M.2 2TB SSD
    PSU
    Corsair RM850X 2021 / 850W / 80+ Gold
    Browser
    Chrome
    Antivirus
    Defender
FreeBooter said:
BitLocker Drive Encryption is only available in Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education editions.
Click to expand...
I guess that was originally written before Windows 11 came out, it's the same for 11, Bitlocker is available in Pro, Enterprise and Education editions

garlin said:
If you're on Home and have the right combination of Modern Standby, TPM 2.0, and a Microsoft Account – you can get Device Encryption. Which is really BitLocker under a different guise, but without any user settings other than On & Off.
Click to expand...
A clean install of 11 (including Home) on a compliant device will have Device Encryption turned on and set as 'unlocked'. For Pro it will then suggest you turn on BitLocker.

Personally I feel this is all an unnecessary complication for my devices that are never going to go outside my home, so the first thing I do is remove device encryption with manage-bde C: -off
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    150 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October 2021 it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update, and 24H2 on 3rd October 2024 through Windows Update by setting the Target Release Version for 24H2.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro.

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus Insider Beta, Dev, and Canary builds (and a few others) as a native boot .vhdx.

    My SYSTEM SIX is a Dell Latitude 5550, Core Ultra 7 165H, 64GB RAM, 1TB NVMe SSD, supported device, Windows 11 Pro 24H2, Hyper-V host machine.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package. In-place upgrade to 24H2 using hybrid 23H2/24H2 install media. Also running Insider Beta, Dev, and Canary builds as a native boot .vhdx.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro.

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus Insider Beta, Dev, and Canary builds (and a few others) as a native boot .vhdx.

    My SYSTEM SIX is a Dell Latitude 5550, Core Ultra 7 165H, 64GB RAM, 1TB NVMe SSD, supported device, Windows 11 Pro 24H2, Hyper-V host machine.
Bree said:
Personally I feel this is all an unnecessary complication for my devices that are never going to go outside my home, so the first thing I do is remove device encryption with manage-bde C: -off
Click to expand...
Why?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    Intel Core i7-13700
    Motherboard
    ASUS TUF GAMING B760-PLUS WIFI
    Memory
    Corsair VENGEANCE DDR5 32GB
    Graphics Card(s)
    MSI GeForce RTX 4060 Ti VENTUS 3X 16GB OC
    Monitor(s) Displays
    Samsung LS32AG504
    Hard Drives
    Kingston Fury Renegade M.2 2TB SSD
    PSU
    Corsair RM850X 2021 / 850W / 80+ Gold
    Browser
    Chrome
    Antivirus
    Defender
user1010 said:
Why?
Click to expand...
What protection does Device Encryption (as opposed to bitlocker) provide? Very little, really.

It's completely transparent to the Windows user, being 'open' means they never need (or even see) a key to boot into the installed Windows. The only protection is that it makes the drive unreadable if removed from the PC, or when booted from a USB with another OS (such as WinRE, Linux, Reflect rescue, etc.). As the last is something I'll often do then I prefer my drives unencrypted.
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    150 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October 2021 it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update, and 24H2 on 3rd October 2024 through Windows Update by setting the Target Release Version for 24H2.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro.

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus Insider Beta, Dev, and Canary builds (and a few others) as a native boot .vhdx.

    My SYSTEM SIX is a Dell Latitude 5550, Core Ultra 7 165H, 64GB RAM, 1TB NVMe SSD, supported device, Windows 11 Pro 24H2, Hyper-V host machine.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package. In-place upgrade to 24H2 using hybrid 23H2/24H2 install media. Also running Insider Beta, Dev, and Canary builds as a native boot .vhdx.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro.

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus Insider Beta, Dev, and Canary builds (and a few others) as a native boot .vhdx.

    My SYSTEM SIX is a Dell Latitude 5550, Core Ultra 7 165H, 64GB RAM, 1TB NVMe SSD, supported device, Windows 11 Pro 24H2, Hyper-V host machine.
Bree said:
The only protection is that it makes the drive unreadable if removed from the PC, or when booted from a USB with another OS (such as WinRE, Linux, Reflect rescue, etc.).
Click to expand...
Seems enough.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    Intel Core i7-13700
    Motherboard
    ASUS TUF GAMING B760-PLUS WIFI
    Memory
    Corsair VENGEANCE DDR5 32GB
    Graphics Card(s)
    MSI GeForce RTX 4060 Ti VENTUS 3X 16GB OC
    Monitor(s) Displays
    Samsung LS32AG504
    Hard Drives
    Kingston Fury Renegade M.2 2TB SSD
    PSU
    Corsair RM850X 2021 / 850W / 80+ Gold
    Browser
    Chrome
    Antivirus
    Defender
user1010 said:
LastPass maybe, or Keepass.

Rather save in the google drive if I lost the password somehow. For what reason should authorities use the keys and are you meaning in US now?
Click to expand...

Yeah, in the US, they can subpoena your keys from Microsoft. In other countries, it may be more challenging, but some might resort to pressuring you until you comply.
 

My Computer

System One

  • OS
    Windows 11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex Micro 5000
    CPU
    Intel Core i5-12500T
    Motherboard
    Dell 03V7GF
    Memory
    2 x 8GB DDR4 SO-DIMM 3200
    Graphics Card(s)
    Intel UHD Graphics 770
    Sound Card
    Intel Alder Lake-S PCH - cAVS (Audio, Voice, Speech)
    Internet Speed
    500/1,000 Mbps
    Browser
    Firefox ESR
    Antivirus
    Windows defender. One-time free scanners: ESET, Sophos
echo2446 said:
Yeah, in the US, they can subpoena your keys from Microsoft. In other countries, it may be more challenging, but some might resort to pressuring you until you comply.
Click to expand...
Hehe ok. I guess that is a problem when you do something you shouldn't.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    Intel Core i7-13700
    Motherboard
    ASUS TUF GAMING B760-PLUS WIFI
    Memory
    Corsair VENGEANCE DDR5 32GB
    Graphics Card(s)
    MSI GeForce RTX 4060 Ti VENTUS 3X 16GB OC
    Monitor(s) Displays
    Samsung LS32AG504
    Hard Drives
    Kingston Fury Renegade M.2 2TB SSD
    PSU
    Corsair RM850X 2021 / 850W / 80+ Gold
    Browser
    Chrome
    Antivirus
    Defender
Bree said:
I guess that was originally written before Windows 11 came out, it's the same for 11, Bitlocker is available in Pro, Enterprise and Education editions


A clean install of 11 (including Home) on a compliant device will have Device Encryption turned on and set as 'unlocked'. For Pro it will then suggest you turn on BitLocker.

Personally I feel this is all an unnecessary complication for my devices that are never going to go outside my home, so the first thing I do is remove device encryption with manage-bde C: -off
Click to expand...
Yes @Bree old archived tutorial i had.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Pavilion
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    Erica6
    Memory
    Micron Technology DDR4-3200 16GB
    Graphics Card(s)
    NVIDIA GeForce RTX 3060
    Sound Card
    Realtek ALC671
    Monitor(s) Displays
    Samsung SyncMaster U28E590
    Screen Resolution
    3840 x 2160
    Hard Drives
    SAMSUNG MZVLQ1T0HALB-000H1
@FreeBooter it seems that it's only possible to encrypt my C drive. My other disk/volumes isn't available if I go to Manage BitLocker. F: is a usb-drive and is encrypted since earlier.
 

Attachments

  • bitlocker1.png
    bitlocker1.png
    13.2 KB · Views: 1
  • diskpart.png
    diskpart.png
    2.7 KB · Views: 1

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    Intel Core i7-13700
    Motherboard
    ASUS TUF GAMING B760-PLUS WIFI
    Memory
    Corsair VENGEANCE DDR5 32GB
    Graphics Card(s)
    MSI GeForce RTX 4060 Ti VENTUS 3X 16GB OC
    Monitor(s) Displays
    Samsung LS32AG504
    Hard Drives
    Kingston Fury Renegade M.2 2TB SSD
    PSU
    Corsair RM850X 2021 / 850W / 80+ Gold
    Browser
    Chrome
    Antivirus
    Defender
You must log in or register to reply here.

Similar threads

Which Edge flags do you use?
Replies
0
Views
200
Sheikh
Sheikh
Do you use Insider on production PC?
2
Replies
33
Views
999
Josey Wales
Josey Wales
  • Poll Poll
Do you use any software updater programs?
2
Replies
25
Views
1K
abactuon
abactuon
Do you use AI. Is your computer acting up. Check this out
Replies
8
Views
507
bobkn
bobkn
  • Locked
uBlock Origin: How do you use it?
Replies
1
Views
868
trevo
trevo

Latest Support Threads

Latest Tutorials

Back
Top Bottom