Back in January Microsoft encrypted all my hard drives without saying anything. I was playing around with a dual boot yesterday and somehow aggravated Secureboot. So my C: panicked and required a 40 character key to unlock.
Your key is backed up to the Microsoft account associated with your install. Which is considerate to the hackers. (and saved me from a re-install) But if you’ve got an unactivated copy, local account, or don’t know your M$ account credentials, your boned.
Control Panel > System Security > Bitlocker Encryption.
BTW, I was aware that M$ was doing this and even made fun of the effected users. Karma.
All in the name of national security *wink
Just checked my wife’s laptop. Local account, secure boot off, windows 10. It had a message telling me to setup a microsoft account to ‘finish encrypting the device’. I clicked turn off, and it’s currently decrypting the hard drive. Blech.
Which version of Win 10 are you using? My girl’s Win 10 Pro laptop is still unencrypted.
Windows 10 Home
It’s not which version, it’s where you are. They follow some laws here some there and now that the US is fascist they roll out features like this on these easy targets first
Oh, ok. I am in EU.
Shit they do this on windows 10 too? I should check my girl laptop too.
I need to check my girl’s laptop.
I’ve actually had this occur before to a machine I specifically disabled the tpm on so that it wouldn’t happen (it was an account less frozen kiosk). I was fuming the entire time I spent rebuilding it.
When I switched to a new CPU I got a bit locker message and it was one of my biggest computer scares ever. I couldn’t remember if the shop that assembled my pc would have enabled it or not. And wasn’t available to contact.
I had to take a risk. If I continued there was a 50 50 chance my shit would have been bricked. Thankfully. That shop had the foresight to NOT randomly enable features the client didn’t ask for
I ran into a similar problem after a bios update.
Turns out “this update may wipe out your bitlocker key” also means “if you don’t have bitlocker turned on, it’ll just wipe out your windows key.”
Holy shit. This happened to me last week.
Turned off Safe Boot when going back over to Win on a dualboot after 6 months. Wanted to avoid updates nuking by dualboot option.
…enter Bitlocker recovery for Every. Single. Logon.
Just need to do one thing that meeds genuine Win11 fingerprint and then I’m doing a 22.1 fresh install.
Bit late to this thread but I know a few commands that might help if you’re stuck:
manage-bde -off C:(or any other drive) This decrypts the volume and turns off bitlockermanage-bde -lock/unlockmanage-bde -protectors -get C:(or any other drive) This displays your 48-digit key. I suggest you store it somewhere, just to be safe.Get-BitlockerVolumereveals which of your partitions are encrypted with Bitlocker.Disclaimer: I am not a terminal nerd, I just had similar problems years ago and went down the rabbit hole, used these commands and turned off bitlocker permanently. I don’t use windows anymore, but when I did, it didn’t cause any problems with bitlocker after this. If you’re concerned about your un-encrypted hard drives, consider using Veracrypt (carefully!) or similar open source encryption software.
Windows 10 or 11?
I thought bitlocker had a maximum of 20 digits or the pin and only numbers were allowed.
Don’t know the pin limit/requirements, but the recovery token is a 48 digit token
They desperately wanted to eliminate personal computers and replace them with dumb terminals running over the net.
When the public rejected this idea
THIS is their response. They are still insisting on total control of our computers.
Just wait until you learn about Intel’s Management Engine…
Good thing PCs aren’t locked into Windows.
yet
Good luck locking loose mainboards sold for the DIY market, which don’t come with anything installed by default, to a given OS, the only way that could maybe work is forcing the OS in ROM.
Another way would be to discontinue the socketed desktop form factors and replace them all with mini PCs that are as locked down as the current Macs.
Thinking for two seconds:
MS pays Google to start enforcing some device verification thing so you can only view a good chunk of the Internet if you pass verification? (Assumes Google goes even harder making the web Chrome-focused)
Ooh Cloudflare could be invited to the party here too. Constant CAPTCHAs if you’re not on an MS AUTHENTI-PC! device. (Think Private Access Token)
…fill in the gaps friends 😉 you know MS has already debated all your “suggestions” anyway
Google already does precisely that with their “open source” mobile OS. People underestimate how easily these guys can ruin stuff
:( tell me more?
First off, Google has made agressive deals with phone manufacturers to ship spyware with their phones by default, and some of the stuff can only get taken out by rooting/jailbreaking the phone. By doing so, they acquired nearly 100% of the app store market share, and then used it to make “useful features” such as integrity checks that are tied to the Play Services app (which is an always on spyware background app).
The end result is, even if you manage to root your phone and install a custom ROM (which is not always available to every model), a bunch of apps will refuse to work properly because you fail the Google Play fingerprinting steps and are assumed to be a security vulnerability. If I’m not mistaken there’s also some shady stuff with certificates, too
So you’re suggesting MS will somehow block non-Windows OSes from installing, even on hardware like loose mainboards for building your own PC with, or even on barebones mini PC kits or certain laptop SKUs, which don’t ship with an OS installed to begin with and expect the user to install it themselves? I mean, unless something extreme happens like changing the entire PC platform to be like the current Macs, that won’t be feasible.
Also, doing that would kill the Steam Deck which I doubt Valve would take sitting down.
Ah no
so you can only view a good chunk of the Internet if you pass verification
/
Constant CAPTCHAs
Get Google & Cloudflare to make the internet suck if you didn’t pay Microsoft[‘s vendors] “enough” for hardware
Just sounds great doesn’t it?!
SecureBoot pretty much does this. There is nothing preventing motherboard manufacturers from blocking adding non-MS keys if they wanted to.
No just some laws
This is already part of the trusted computing spec its called “remote attestation” I would actually expect it more targeted at multimedia who are hot to keep you from copying their stuff and banks.
They desperately wanted to eliminate personal computers and replace them with dumb terminals running over the net.
I don’t know about that.
Dumb terminal concept was more what Chromebook was doing.
Microsoft is doing something even stupider.
MS execs blathered about “the age of software running locally being over” long before Chromebooks.
Dumb terminal concept was more what Chromebook was doing.
I mean, for a lot of people they’re fine especially if they’re priced appropriately. Especially with a lot more software as a service out there. My problem is that all of them have a built in drop dead date on when they’re going to stop getting updates and there’s not really a great option for the devices post ChromeOS.
ChromeOS certainly can be a good system. I still have my old CR-48 from when I got selected to test the OS and even when it was in its infancy, it was solid. I used it for a lot of my college career because it was better than my Asus eeePC which had Ubuntu on it.
I had an Intel Chromebox that I ran galliumOS on. The problem is locked bootloaders which should be illegal
I have never bought a device I could not own completely and flash the rom with what I want. Except once I had iPhone 3 but it was easily jail broken, but I still feel dirty. How can someone think they own and control something I bought? There is something fundamentally wrong with that and I agree it should be illegal
Agreed. It’s unacceptable that things have gotten this.had. we need to fight back
If my Chromebook could run Linux or even pure Android, I’d probably use it way more often. But it being a locked down distro with android bolted on is useless to me.
- I can’t really do anything major on it that I can on a cheap laptop
- I can’t really use it for the same games or programs on Android, as the form factor really gets in the way, even in tablet mode.
It feels like the worst of both worlds. It’s fine for people who use a laptop/OS as a bootloader to a web browser, its not fine for weirdos like me.
Funny thing is that a cheap netbook has stats that would be fine for anything we did in the 90’s maybe even some games too
The Chromebook I have, is overall fine. It runs ChromeOS pretty well, and most web pages don’t make me beg for more RAM or CPU. ChromeOS does a fine job, to the point I wonder if I ran Arch or something on it, it’s a crapshoot.
I think most laptops these days, even the cheap ones, are probably fine when you run a light OS on em. I’ve used computers that were 10 years old and ran most things decently well.
I’ve got an entry level desktop from 2009 I’m gonna throw arch on and run some stuff
You could always put Linux on it. I believe there is a way to do that for most ChromeBooks nowadays.
I tried, doesn’t work. There’s no documentation for my laptop or its board codename. I briefly got it to consider an Arch Linux ARM ISO but it just looped an error code on boot until you turned it off.
I think they want you to only use Windows and pay for cloud storage.
By enforcing BitLocker and Secure Boot, they are trying to eliminate dual-booting (you don’t need to dual-boot Windows/Linux anyway, as you can just use WSL2 /s).
By enforcing disk encryption, in general, they try to force the use of cloud storage, by making data recovery nearly impossible. Most people are probably too lazy to buy external storage, and manually copy their files over.
This guarantees 2 money streams. One from Windows’s tracking/advertising and the other from OneDrive subscriptions.
It does not guarantee any revenue stream. It is just incompetence
you don’t need to dual-boot Windows / Linux anyway
Exactly, as I can just wipe the disc and install OpenBSD.
Data recovery isn’t impossible. You can easily back up the recovery key. This is just typical Microsoft shit design.
My parents wouldn’t even notice that their computer decided to encrypt their files. And they will blame the service guy for not being able to recover their photos, in case of hardware failure.
Not to mention DRM. They want to own your computer and prevent any kind of modification so that movie producers give them money.
Movie producers?
Yeah, shit like HDCP is pushed by the film and TV industry.
Not really. Your problem in us is the lobbying lawyers. It’s a political systematic problem. The demonic corp entities that crave endless growth will never not do anything that could potentially suck any data from or control a customer. The ones that get “money” for things like this are your law makers. The Republican authoritarian faschists are the winners, along with billionaires that can afford to buy laws. No movie producer. No one in any business except exploitation on the mass scale can profit from these moves. In some countries it is illegal. In the us it is business
No idea how you say all that but can’t put together which industry specifically benefits from HDCP.
So not movie producers. You just mentioned them as another category being fucked? Because that’s what they are
The film industry benefits from HDCP and all DRM, they aren’t being fucked. I’ve looked back over the conversation, I think you have it flipped in your head.
Alright, lol, I’ll be the guy
Hey OP, ever heard of Linux?
*You’re
You’re boned
MY boned?
OUR boned
Why cant windows copy luks and let you choose your own password
because people will set hunter2 and be done with it.
How did you get my password?
All I see is *******. What do you see?
So?
I’m power sure you can get your recovery key and write that down elsewhere.
Ik that
deleted by creator
“do not redeem!” - microsoft, probably
This was the exact same situation I experienced with my old Surface 6. Started to look into Linux firmware on Surface devices and deactivated secure boot because it wouldn’t boot Ventoy at all and do nothing, so I figured to try again with no secure boot. It still didn’t work so I turned it on again, but was then greeted with this Bitlocker screen which I didn’t even know it had activated up until this point. I set up a local account so I had no key to reset or something and was literally not able to do anything besides reinstalling the entire system.
Luckily I had nothing important on it lol
Weirdly the activation was saved on the MS servers so I didn’t need to do that again at least (was a preinstalled system so I wouldn’t have known the activation key anyways, I thought “When it doesn’t work I’ll switch to Linux fully because I’m not paying for that garbage system”).
After I updated Ventoy I was able to boot again even with secure boot on, there seems to have been an issue with that specific version.
I had Windows on my device since I bought it (around 2018) only upgraded to W11. It never mentioned anything about Bitlocker before this incident so if I had important stuff on it it would have been so over. Well, never save important files on Windows without backup is what I got out of it
This caused me literally bigger problems than my switch to Arch Linux after having only used Windows the entire time xD
I mean you can write your Bitlocker key down and store it safely or put it somewhere else safe… Lol
The main problem here is Bitlocker is being turned on by default on fresh 24H2 installs, most people that don’t know how to bypass the online account requirement are making burner Microsoft accounts (Boomers), therefore do not know the credentials in 3-4 years when their computer needs a repair.
