Re: How To Open Bitlocker In Windows 7
Hester Finizio
Is there a command to open the BitLocker Drive Encryption windows using PowerShell (Control Panel\System and Security\BitLocker Drive Encryption)? I do not want any changes I just want to open this window.
(not solved) The link you have sent is the same as every other bit locker encryption for Mac, can read only. The question I asked if there was any recommended ones that would let me copy the files over to my Mac without the cost of between $40-60.. for something which I will probably only use once or twice..
don't think the security of the bitlocker runs that high, its the works I.T requirement, however I can use the drive on any windows pc, insert the usb and it will ask for the password.. I think its to stop any viruses being uploaded to the PC's..which is stupid if I can unlock it on any windows enabled pc and therefore potentially take a virus form one pc to another, but hey as long as it's bitlocker protected then it'll be ok..!! That sounds really secure Microsoft...!!!
The BitLocker that I am thinking about is built into Windows Vista and later, and on recent hardware, writes its recovery key into a motherboard location known as the Trusted Platform Module (TPM). That recovery key would not be available anywhere else but on the Windows machine that bitlocker was run, and the content of your USB drive will be worthless anywhere other than on that original Windows machine.
Hello,
I've read through all the material I can. I am struggling to understand what is supposed to happen when you have Bitlocker settings enabled for the system drive.
Here is our situation. We are not joining the computers to a domain and users do not have a microsoft account. When they log into windows GCPW gives them a standard user account. On my two test machines despite having the settings enabled nothing happens regarding Bitlocker. Coming from a domain encironment I am already fairly familiar with Bitlocker so I assume this is because there is nowhere to store the recovery key and likely because they are not an administrative user.
Should we just be enabling Bitlocker using the local admin account before distributing the computer?
Will it report in the admin console correctly if it is done this way?
What is everyone else doing in regards to Bitlocker?
If you are not seeing this, can you verify that the device is successfully enrolled with advanced Windows management? You can check if device is enrolled from the settings app. You can also create logs and look at bitlocker value. -us/windows/client-management/mdm-collect-logs
Would it prompt them if they are a standard user? Standard users normally can't enable bitlocker. I have an open ticket with support and am waiting to see what they say. In the meantime I added a second test computer, same behavior. Nothing happens all other policies seem to be working.
Ah that could be the problem. Just looking into Microsoft's documentation, there seems to be new settings enabled in the OS that can make this possible. Can you use Custom settings section of Admin console to enable these settings in addition to the bitlocker settings?
I don't mind turning bitlocker on with the local administrator account. However, on my test machine when I enable bitlocker with the local administrator account, the admin console still reports that the device is unencrypted.
From what I can tell If you enable bitlocker before enrolling the device to a user the admin portal will never correctly report the device as encrypted. This creates a catch 22. You have to enroll the device before the user gets it to enable bitlocker.
The policies you listed state that they are only for Azure Active Directory Joined devices.
the local Admin account, which is censused in the Admin console in the GCPW settings, have to enable Bitlocker manually and save elsewhere the recovery key.
The key can't be stored on the same drive, but a GDrive-enabled folder (Google Drive for Desktop) does the trick.
My friends send me a USB drive which has been encrypted with a password in Windows 10 before. There are many important photos for our travel. But when I inserted it on my MacBook. It gave me the windows that the disk was not readable by this computer. I have the password and can not access the drive to get what I want!! Bad mood.
Can anyone give me suggestions? I search online and found there is a tool called iSunshare BitLocker Genius. Did anyone use it before? I know nothing about computer, just want the simplest way to get the photos and share the happy times with my family. Help!
By default, we couldn't open, read and write a BitLocker drive on Mac. But take it easy, the BitLocker Genius tool is a really simple and user-friendly tool that can help you get access to the BitLocker drive without any data loss.
When you meet "The disk you inserted was not readable by this computer" error, you can click on Ignore button. I'm also a user that know little about computer. But I insert the drive to Mac and type my password then that drive is able to work normally.
Personally I'd just ask whoever sent you the encrypted drive to just put the files on an unencrypted drive. Or give them an ExFAT formatted USB key of sufficient size and ask them to put the files there.
If you have the password, and you know that the drive works in Windows, then I think the simplest way would be to borrow a computer with Windows and copy the files off the drive to another drive that you can use with your Mac. Alternatively, get a copy of Windows and run on your Mac with VirtualBox, VMWare, etc.., should be able to copy the files to your host Mac system with shared directory or something. It looks like you can download a Windows ISO here, which you would use to create the virtual machine on your Mac, not sure if you need a registration key just to install and load the OS, in my past experiences you've been able to get to the desktop without registering.
Apple still does not provide an official tool to access BitLocker encrypted driver on Mac. Mostly because BitLocker is a patent protected technology. You have to use third-party apps to complete the job up to now.
macOS only can read an NTFS volume but can't Write and Copy files from an NTFS formatted drive. Only FAT32 or exFAT. And Bitlocker is a Windows encryption program which is not supported on macOS,so,you may need a professional utility to unlock bitlocker-encrypted drive on your macOS, or you can open BitLocker USB drive on Mac using Virtualbox.See more: -to-open-bitLocker-encrypted-drive-on-mac.html
and I tried to install this program to supposedly 'unlock' bitlocker on my Windows Home edition so I could encrypt my hard drive/operating system . I installed it, and it ran a DOS program for a split second, but it did not do anything after that, and neither did it even allo me to encrypt my drive.
@ajaaron: the test program outputs that BitLocker is disabled and so VeraCrypt should have displayed the same since they are both using the same code, but for some reason the behavior between the two is different. Something is definitely strange.
Concerning the program you installed, it looks suspicious to me especially after inspecting their website. In your place, I would be concerned about what this program did to the PC after installing it.
@enigma2illusion: the "EncryptionInProgress" is what is returned by the Windows API but it doesn't necessarily means that there is an encryption and that's why I ignore it. Somehow, Windows sets this value to 2 (or 4 in the case of OP) instead of 0.
Okey dokey...thanks for all your help Mounir. I managed to go to encryption settings area in windows and it gave me the option to 'decrypt' the drive, which I did...it took around 30min or so. it appears that dodgy program did something to make windows think it was encrypted. (not sure whether it really was encrypted or not, but I certainly didn't create an enceyption password, nor did I need to enter a password at any time).
Naturally I feel that I have to ask this question, since it's a built-in feature in Windows. Let's say someone has physical access to my PC, is there an easy way for them to access a BitLocker protected drive without physically tampering with the PC (such as hardware keyloggers)?
There is currently only one cold boot attack I know of that works against bitlocker. However it would need to be executed seconds after the computer has been turned off (it can be extended to minutes if the DRAM modules are cooled down significantly) but due to the timeframe of execution it's rather implausible. Bitlocker is secure as long as your machine is completely turned off when you store it (hibernate is also ok, but sleep needs to be disabled).
In general, Bitlocker is secure and is used by companies all over the world. You can't just extract keys out of the TPM hardware. Evil maid attacks are mitigated also since TPM will validate the pre-boot components to make sure that nothing has been tampered with. Booting into another OS like Linux to extract passwords or the data will not be possible also, since the TPM will not release its keys if it sees you're booting into another OS (even if it is another Windows OS).
If you pass the TPM's integrity check, then the keys will be released to be used for on-the-fly encryption and decryption. Failing which, you get a Bitlocker recovery key lockout, and must supply the recovery key in order to unlock the drive. The attacker should not be in possession of this key. Therefore, never put both the recovery key and your computer together.
Some answers alluded to various forensic tools. However, I am personally not convinced that they work on all systems. For example in TrueCrypt, the key is actually derived from the password which the user keys in. You cannot feasibly brute force AES. As for Bitlocker, the TPM is a hardware solution that stores the key. You can't extract the key with software.
d3342ee215