Windows 11 Bitlocker Home

0 views
Skip to first unread message
Message has been deleted

Garcia Miller

unread,
Jul 14, 2024, 3:42:53 PM7/14/24
to lindlighlifit

I received my new laptop, directly from Lenovo yesterday. I've verified that the version of Windows shipped is actually Window 11 Home. And that BitLocker is encrypting all of the files on my new laptop (ThinkPad T-14 Gen3 AMD).

windows 11 bitlocker home


Descargar Zip https://tinurli.com/2yOuO4



What may be new, is that bitlocker encryption was the default. Everything I received was encrypted upon my first use. And any thing I added (programs, text ...) was encrypted, without me having to jump through any hoops.

In my experience, encryption by default is a BAD idea. First most people do not need it on their home computers. Second, I doubt if the typical user knows how important is is to back up the recovery key. Third, hard drives DO fail and most users do not backup their files regularly. Things are different in a business with a good IT team for support, but they are probably not running the home edition.

Encrypting everything presents a dramatically reduced attack surface. My guess is that MS is trying to reduce attack risk and simplify things for most users. If so, I think that is a worthy path to pursue.

Your assertion left me a slightly confused. Are you referring to way back when a setup left you with a user account and an admin account? That has been a while. When we set her laptop up initially we did have to create a Microsoft account for her in the course of the process. It was something we had never done in the past as there was really no reason for her to have one. In the end she had a single login that was an admin account.

Hard disk encryption only provides protection from someone with physical access to the computer. It does nothing to protect from the much more common online threats. I recently had someone bring me a computer that was so infested with malware that it was basically unusable. It was VERY slow due to 100% CPU usage, constant lock-ups, and frequent unexpected reboots. I see this often so I proceeded as I usually do. Boot from a flash drive, backup user files, wipe the hard drive, then re-install the operating system / applications and restore the data files. In this case I discovered that the hard drive was encrypted with bitlocker. The owner had no idea what bitlocker was and certainly had not turned it on or backed up the recovery key. Fortunately I was able to get the computer to run stable enough to turn bitlocker off and proceed as usual. It was a long, slow process that was touch and go there for a while but was ultimately successful.

The standard install process on my new PC forced me to use, or create, a MS account. My recovery key was added to the account as part of the install process. Chalkie's experience seems to have been similar. I was not worried about a lost bitlocker recovery key. And for others using a similar process for a new computer, I don't think recovering a lost recovery key is a significant issue for them either.

My approach is really old school - I've been using it for about 15 years. Here's what I've been using for all of my passwords, verification codes, account numbers etc. It hasn't been updated in many years, but for my use, it doesn't need to be. BTW, it took me years to recognize the meaning of the chosen file name: "fSekrit.exe" = file Secret. I renamed my file with a name like mysecrets.exe.

Another advantage of using fSekrit is that your un-encrypted data is never stored on your harddisk. With a traditional encryption utility you would have to decrypt your file to disk, view or edit it, and then re-encrypt it. Unless you use secure file wiping tools, it would be a trivial matter for someone to retrieve your un-encrypted data, even though you deleted the temporary file. This is not a viable attack against fSekrit, though, since it never stores your un-encrypted data on disk. (See security notes about swapping and hibernation, though!)

fSekrit uses very strong encryption to ensure that your data is never at risk. Rather than using hocus-pocus home-brewed algorithms, fSekrit uses the standard, military grade, peer-reviewed AES/Rijndael in CBC mode, with a 256-bit keysize.

Dan I do the same but used folder names and file names that one would not think were PWs and secret data. BUt first they have to find the mini flash drive. IT and its clone are not accessible without knowing where they are locked up away from the systems.

Does windows 11 home now provide pre-boot authentication too in addition to usage of tpm through the command line interface. Earlier in windows 10 home bitlocker was present with limited support. Pre-boot auth would be better instead of just relying on TPM.

I understand your point, but I think the lack of ease of use when you could just search for a generic key online is just not worth it. For example, changing your encryption password is probably going to be a pain in the ass.

and I tried to install this program to supposedly 'unlock' bitlocker on my Windows Home edition so I could encrypt my hard drive/operating system . I installed it, and it ran a DOS program for a split second, but it did not do anything after that, and neither did it even allo me to encrypt my drive.

@ajaaron: the test program outputs that BitLocker is disabled and so VeraCrypt should have displayed the same since they are both using the same code, but for some reason the behavior between the two is different. Something is definitely strange.

Concerning the program you installed, it looks suspicious to me especially after inspecting their website. In your place, I would be concerned about what this program did to the PC after installing it.

@enigma2illusion: the "EncryptionInProgress" is what is returned by the Windows API but it doesn't necessarily means that there is an encryption and that's why I ignore it. Somehow, Windows sets this value to 2 (or 4 in the case of OP) instead of 0.

Okey dokey...thanks for all your help Mounir. I managed to go to encryption settings area in windows and it gave me the option to 'decrypt' the drive, which I did...it took around 30min or so. it appears that dodgy program did something to make windows think it was encrypted. (not sure whether it really was encrypted or not, but I certainly didn't create an enceyption password, nor did I need to enter a password at any time).

I just bought a Inspiron 13 2-in-1. Now i see that my OS is Windows 10 home but my C: drive is 'Bitlocker encrypted'. As far as I know the Home edition doesn't have the Bitlocker application. How can i remove this encryption?

I was bit shocked to see warning on bitlocker encryption when doing Bios and TPM upgrade from within windows 10 Home to restore Biometric functionality for Fingerprint reader and Windows hello as after last windows patch it stopped working completely.

my primary question now is what to do next, what can a user do to recover from this, I have at this point sent harddrive to a professional recovery company who has determined this to be a non recoverable situation. I cannot afford this to have happened. I cant see any reason for this to have happened in first place, but it did. according to the recovery company the bitlocker recovery key within the harddrive that was encrypted has been corrupted sowehow, possibly due to a recovery attempt prior to disabling bitlocker, which how could one disable something that they did not even know existed at all

This is wonderful info, especially when your computer operates so you can do this, what if your pc crashes, win 10 home version and user or owner in my case and administrator has no knowledge about encryption nor that is on my system, especially when everything I have read states that bitlocker is not supported by win 10 home. There is no way to boot the system at all, again, no knowledge about encryption at all after using pc for 1 year nothing ever indicated bitlocker encryption, however I just read where if your pc meets certain standards auto encryption happens similar to that of cell phone, however that same article assumes the user is fully aware of that happening and has the ability to disable it prior to a crash or needed service, would that not be a good thing to know especailly when you never know when your drive will crash in first place. I dont send it in for an oil change or tire rotation. There are a lot of problems with this situation and I have lost years worth of work because of it. which took many hours of research and looking into this from a paid tech locally, i now have the bitlocker key, but is useless because system will not accept it it is that messed up, why does this now show to be an automatic happening, once your system is setup and running, seems odd that a user does not have the knowledge of this yet it is presumed that a user will know his key and how to disable this operation prior to a computer crash

I am a South Korean user of a Dell laptop.
Bitlocker was never solved in any way. "Never" "Never"
Because of this, I have blown away all of the incredibly important biological research data for five years. I lost about 700,000 dollars in research expenses. And I couldn't submit research evidence, so I became a researcher.
I am Very very angry. I hated Dell computers.
Throwing Dell computers out of the window right now is good for mental health.

to all
Windows 11 HOME, and DISK ENCRYPTION. it APPEARS that it is actually BITLOCKER. See attached, in gpedit.msc, and manage-BDE, all the references are the SAME as in Windows 10 PRO bitlocker, and it appears that all the same POLICIES can be configured.

I have a windows 11 HOME new laptop. I would LIKE it to actually start like my windows 10 PRO machine, where the BITLOCKER UNLOCK SCREEN comes up when machine is turned on, to requre/enter a PIN, and it THEN goes to the normal microsoft USERS screen for username and PIN/PASSWORD.

IS THIS POSSIBLE to do; i do not want to create a BRICK out of my laptop.
this question is beyond a beginner reply, unless you have actually TRIED this yourself. I am requesting a reply from someone who has WORKED with bitlocker and might be able to answer this.
I appreciate any feedback.
thanks
nick

d3342ee215
Reply all
Reply to author
Forward
0 new messages