Bỏ Bitlocker Win 11

0 views
Skip to first unread message

Vannessa Rataj

unread,
Aug 3, 2024, 6:07:57 PM8/3/24
to prevpudlide

After you type in the recovery key and the laptop boots up be sure to pause then resume bitlocker. This should reestablish the trust and stop the prompt. I would make sure the latest bios is installed and lock down the bios with a password. Also make sure the boot order is only allow the C drive to boot from.

I have a laptop running Windows 7 Ultimate. I have encrypted my drives using BitLocker. Now I have also installed Lubuntu along with Windows. But my encrypted drives are not visible in Linux. How can I fix this?

My problem was that I could not boot Windows, and I needed a way to access my files on a Bitlocked partition. In order to do this, you need a bitlocker recovery password (8 groups of digits) and the ability to boot your system from USB.

CryptSetup has added experimental support for BitLocker as of version 2.3.0 (February 2020), which is available in Ubuntu's repos for 20.10 Groovy onwards, although support will likely improve in later versions.

When setting up BitLocker on a device choose the option that encrypts the whole device (requires more time). The other option uses Encrypt-On-Write conversion model that makes sure that any new disk writes are encrypted as soon as you turn on BitLocker (data that existed on the device before encryption began can still be read and written without encryption) and is not supported by Cryptsetup.

Once the drive is decrypted, you can use TrueCrypt instead; reading a System Encryption volume under Linux isn't supported by default, but someone has figured out a work-around. See How to use TrueCrypt-encrypted Windows system drives on Linux.

I tried @SrjCoder's suggestion of using a VM. But with VirtualBox on the Linux host, I was not able to see the encrypted drive in the guest Windows system. The unmounted block device that had the encrypted drive was not visible in the VM. I didn't try VMware, and I'm not a VirtualBox expert, so maybe I missed something there.

Finally I installed Windows 10 Pro on a separate machine, and connected the encrypted drive, Windows recognized it as a Bitlocker drive, and I was able to unlock it with the recovery key, and the valuable data was saved! The end.

If you're wondering why I didn't just boot the encrypted drive, it is in a bad state and cannot boot. It blue-screened trying to go back to a restore point. Luckily the data partition was still intact.

I don't know since when nemo supports it, but I installed Ubuntu on a second SSD in my school laptop and could just see the BitLocker'd drive in the "Devices" part of nemo's sidebar as "253 GB encrypted drive". When I clicked it it asked for my BitLocker key and for how long to remember it (not at all, until logout, permanent). When I entered the key it was successfully mounted as "Windows" with the path /media//Windows.

Hello,
I've read through all the material I can. I am struggling to understand what is supposed to happen when you have Bitlocker settings enabled for the system drive.

Here is our situation. We are not joining the computers to a domain and users do not have a microsoft account. When they log into windows GCPW gives them a standard user account. On my two test machines despite having the settings enabled nothing happens regarding Bitlocker. Coming from a domain encironment I am already fairly familiar with Bitlocker so I assume this is because there is nowhere to store the recovery key and likely because they are not an administrative user.

Should we just be enabling Bitlocker using the local admin account before distributing the computer?
Will it report in the admin console correctly if it is done this way?
What is everyone else doing in regards to Bitlocker?

If you are not seeing this, can you verify that the device is successfully enrolled with advanced Windows management? You can check if device is enrolled from the settings app. You can also create logs and look at bitlocker value. -us/windows/client-management/mdm-collect-logs

Would it prompt them if they are a standard user? Standard users normally can't enable bitlocker. I have an open ticket with support and am waiting to see what they say. In the meantime I added a second test computer, same behavior. Nothing happens all other policies seem to be working.

Ah that could be the problem. Just looking into Microsoft's documentation, there seems to be new settings enabled in the OS that can make this possible. Can you use Custom settings section of Admin console to enable these settings in addition to the bitlocker settings?

I don't mind turning bitlocker on with the local administrator account. However, on my test machine when I enable bitlocker with the local administrator account, the admin console still reports that the device is unencrypted.

From what I can tell If you enable bitlocker before enrolling the device to a user the admin portal will never correctly report the device as encrypted. This creates a catch 22. You have to enroll the device before the user gets it to enable bitlocker.

The policies you listed state that they are only for Azure Active Directory Joined devices.

the local Admin account, which is censused in the Admin console in the GCPW settings, have to enable Bitlocker manually and save elsewhere the recovery key.
The key can't be stored on the same drive, but a GDrive-enabled folder (Google Drive for Desktop) does the trick.

Don't have to use any passwords. You setup your Microsoft account and local. Then you get win10 startup with your choice of pin, face with ir camera, and finger print. You can turn all that off also to log in how you like.

now here comes the problem. You need the bitlocker key if going to do any resets or restoring from any backups. They are locked to your Microsoft account. That key will let you back in that drive or anyother drive you have bitlocked..

Trying to install 20.04 from a flash drive into an HP ProDesk with a Toshiba SSD, alongside Win 10. All goes well until I get to a screen that tells me to disable the bitlocker manager. So I go to the system in Control Panel, as instructed, and it tells me bitlocker is not active. And that is where I am stuck. How do I get past this?

I faced the same scenario as I try to setup up the dual boot after having received a factory new dell laptop. Turned out for me that the "activation required" step simply is a UI stage as Windows wants me to savely store the recovery key on some media. After having done this and the "activation step" has been completed the device is shown to be encrypted without any processing. So the encryption was already in place, as the disk management and ubuntu both remark.

One of this 3 commands worked but I do not know witch one ?! After that I have seen that in Disk Management the drive is without the word Bitlocker . Then back to Ubuntu installation and it worked perfect and I could install Ubuntu 20.04 in a dual boot with Win 10 64

You don't need to mess with powershell to workaround this.You just need to activate bitlocker and then deactivate it. You can do this from within the UI as well.The problem is with bitlocker encrypting disks by default, even in "suspended" state, so in order to "disable" bitlocker you have to enable it first...

@Henke I guess what I was trying to say is that you can still get the VM backed up and restored if needed, however when it comes to the datavolumes, my understanding is that you would not be able to backup that up while the volume is locked.

For VMware or other VSA style backups, you can backup the volume no problem, but file level browse wont work since that would require the decryption key and code to process bitlocker volumes. You could still do a full VM restore or restore/attach the volume back to another VM to decrypt it

I've created a ps1 file that runs on our UTIL server for all workstations on our domain that checks if the computer is online, skips offline computers, checks bitlocker status, formats results, and writes to a CSV file.

The script essentially uses manage-bde -cn $Computer -status C: and works great on most machines. However, there are a few machines that are confirmed on the network and online that do not reply with the status.

I ran the same command manually in powershell on the UTIL server to the affected machines and get the result "ERROR: An error occurred while connecting to the Bitlocker management interface. Check that you have administrative rights on the computer and the computer name is correct" If I connect to the computer and check status on the computer itself, it displays results no problem.

I'm logged into the UTIL server as an admin running powershell as admin. My question is, what would cause some computers to return results successfully and others to have an issue connecting to the Bitlocker management interface? Has anyone seen this before?

I had the same issue in my net.Solved by setting up one rule for remote client Windows firewall. Ther rule is intended to allow WMI (Windows Management Instrumentation) access to Remote Machine (see this link for further info -US/a2f2abb3-35f6-4c1a-beee-d09f311b4507/group-policy-to-allow-wmi-access-to-remote-machine?forum=winservergen ) Regards

Hello. My personal usage with bit-locker encryption and Norton "backup" is that Norton doesn't play well with that. As far as running Norton on an encrypted drive OS I have never had issues doing so. Just keep in mind that Bitlocker SHOULD provide you with its own recovery key which you will need in the event of a drive recovery.

a few months ago there was a microsoft update forget the kb # addressing bitlocker , which for many caused some issues with a random blue screen of enter your bitlocker number etc... ( when you turn on device)

Hi mgm71

With regards to Bitlocker, that is just a drive encryption option, which is different functionality to Norton Anti-virus and is another layer or protection, should your PC be stolen, but has nothing to do with protection from malware on your PC . . .

c80f0f1006
Reply all
Reply to author
Forward
0 new messages