Back in January Microsoft encrypted all my hard drives without saying anything. I was playing around with a dual boot yesterday and somehow aggravated Secureboot. So my C: panicked and required a 40 character key to unlock.
Your key is backed up to the Microsoft account associated with your install. Which is considerate to the hackers. (and saved me from a re-install) But if you've got an unactivated copy, local account, or don't know your M$ account credentials, your boned.
Control Panel > System Security > Bitlocker Encryption.
BTW, I was aware that M$ was doing this and even made fun of the effected users. Karma.
Respectfully, hard disagree and terrible take. I work in IT, and your stance only makes sense if people have some tech knowledge. Which is never going to happen for the average person.
I can't tell you how many older people I've had to tell that I can't save their grandkids first pics because of bitlocker
That still happens without bitlocker. Computers are dropped. Facebook passwords are forgotten.
I acknowledge automatic encryption is going to make some more cases of lost data, but, with respect, I think the benefit of making fewer cases of stolen data is worth it. I agree with the other commenter that users should be made aware of it more clearly.
Also, as much as I hate the push to Microsoft accounts, I have to admit it helps mitigate this problem: if all ordinary users have an account looking after their master keys, then they can turn to that when they forget their login password etc. but the opportunistic thief on the train can't (as easily). Not every grandma has a Millennial relative at hand to boot Linux to rescue files off her HDD. And for those who don't like to trust their master keys to Microsoft/Apple/Google? There's Linux. And external backups. And saving your password somewhere safe.
How many has it protected though? Maybe 2? It's not logical to ask the user if you want to take over their data
The push to Microsoft accounts? More people, I expect, than I'd care to admit.
Locked out recoveries, yes, but I am fairly certain that encrypting data you don't own without notifying is some kind of crime
Not nearly as much. If someone breaks their motherboard in half but the hard drive is okay, I can get their data unless they have bitlocker. Microsoft is encrypting drives and storing the keys in the TPM only, and it is insane. My grandma doesn't have state secrets on her laptop, she doesn't need encryption.
So, your grandma doesn't need encryption. She might not need a seatbelt either. But it's not only state secrets that are worth protecting. Does she have internet banking, with cookies stored in her browser? But many people do, and it's either encryption for everyone, or for (almost) no one.
Hah is there a rash of nursing home break ins that I'm unaware of? I'm in the field, the way that is happening is phishing with fake ads and emails
Very few people are breaking into a laptop for cookies, it's tremendous amounts of work, and is usually targeted. Motherboards die all the time, and take the TPM with them
I mean, not Windows user lives in a nursing home. I wish! But some lose laptops on the train, and some even throw their computers away!
Sure, most of the risk is remote through emails etc. Maybe you're right. Maybe the balance is better the other way round: let all Windows Home users' computers stay unencryptedv at rest, and keep encryption for Pro users. I grew up with a high focus on security; maybe I'm paranoid.
But phones are all encrypted these days. Obviously they're more mobile and at more risk, but that suggests to me that laptops are subject to similar, if smaller, risks.
But wtf, all thiefs want is the device, why do they want photos of her grandson?
Is this serious? Grandsons' photographs are not the only thing non-tech-savvy people keep on their laptops. Microsoft's policies are not targeting this grandma specifically.
Ok then why are we discussing this scenario specifically?
Because you asked.
I get it, but as someone who has had to tell little old ladies their data is fucked, I am beyond pissed at Microsoft's implementation. They should not be encrypting data without forcing lay people to have backup codes printed or on a flash drive or something.
They're doing this because they want to force people to her Microsoft accounts, probably just to collect more data.
And for the record, I am very pro encryption The half assed way of encrypting even if there isn't a Microsoft account connected and therefore no way to save keys somewhere is completely unacceptable
That's fair.
(Though, small point, I think you can get the encryption keys to save even without a Microsoft account? Digging in regedit or something?)
So if the device is functional you can use the manage-bde command in command prompt to disable. But that's only if the original motherboard is functional, because the key is stored in the TPM chip on the board.
That's the problem I personally deal with, someone spills soda on their laptop or something, usually that sucks but I can get the data. With bitlocker and no account? Data is gone gone