Security :: BitLocker - Encrypt OS Drive Without TPM If It Is Present
Feb 12, 2014
I am "fresh" with BitLocker encryption. I need to encrpyt OS drive of laptop with Windows 8.1 and TPM chip. I have read few articles about encryption of OS drives with BitLocker ( with TPM / without TPM ) but never got a direct answer to my questions. So ... I want to ask:
1. Is it possible to encrypt the drive without using the TPM in case that there is TPM chip in the laptop because from what I have read BitLocker work with TPM by default but I don't want to use it. I have had already encrypt other laptops without TPM chips by setting up the group policies ( Computer Configuration Administrative Templates Windows Components Bit Locker Drive Encryption Operating System Drives and double click on Require additional authentication at startup ) and ... is it possible something like this to be made in this case ( when the laptop have TPM in it ).
What I want is the user to be asked for password on startup, recovery key to be saved to a file on external device( not to use usb flash drive as a key ) and to be possible simply to change my HDD in the future without need to manage TPM.
If this is not possible ... here is my second question:
2. Can I setup encryption with TPM like that:
- user to be asked for PASSWORD on startup
- recovery key to be saved to a file ( I don't want every time to use usb flash drive with recovery on it to unlock the drive ... what I want is just user to be asked for a password and when he enter the correct password the drive to be unlocked ).
I use Windows 8 PRO and BitLocker to encrypt my system drive. My notebook hasn't TPM module, so I changed group rules and allow to use BitLocker without TPM. I enabled BitLocker, write key backup to flash drive and use PIN to unlock BitLocker.
Everything works fine except one think... when I start computer, there is BitLocker start screen and I must write PIN.
Always, really ALWAYS first-time password is invalid. Tried to write it very, very slow and I'm sure its correct... but BitLocker said it isn't.
I must delete it and write again... click enter and... pass is valid! I try to use insert to show password - in this case, first-time password are correct and Bitlocker accepts its. Unfortunatelly, it isn't secure method.
when i installed win 8.1 i was having the secure boot issue it since resolved, but i notest that it did nto encrypt my drive like it suppose to and it doesn't even show up in PC Info for encryption so how do i turn this on? I have a Alienware X51 revision 1 with Bios version A12.
I've recently encrypted my main drive, and all is well. However, I would like to be able to encrypt one of my data drives as well and bitlocker isn't even detecting the drive's existence under "Fixed Drives"
I'm on windows 8.1 machine, the encrypted main drive is a SSD drive, and the data drive is a regular WD spinning drive SATA drive. I would like to have the WD data drive encrypted as well...
I have a Microsoft Surface Pro 2 and I am running Windows 8.1 Pro Update 1.
I have been unsuccessful at building a WinPE image that provides BitLocker support. I searched around the internet and found many posts. Eventually, I ended up trying to build it with the various added packages I discovered in the various posts. However, in the end, none worked and this is the message I am getting after booting into my WinPE environment:
manage-bde.exe - Application Error
The instruction at 0xa20afa3b referenced memory at 0x0000013d. The memory could not be read. Click on OK to terminate the program
Here are the commands I eventually ended up using to build my WinPE image:
I have a Windows 8 Pro laptop with a single SSD. I just encrypted the entire drive using Bitlocker. The process prompted me to save the recovery key, which I did to an external drive. The encryption was successful but nowhere during the process was I prompted to choose a password. So I have the drive encrypted but when I reboot it does so normally without asking me for a key or password to access the drive.
A few days ago I decided to encrypt a folder of pictures. I decided to do this so that the pictures would stop showing up in that pictures app window, so that only I could access said pictures, and because I wanted to know how encryption worked. So far, the pictures continue to show up in my pictures app and nobody can access the file, and I now want to just move the pictures to an external drive. However, I can't find the file (it disappeared upon encryption) and so I can't decrypt it in order to move it. How do I find the file for decryption? (I have the key, just can't find the door, so to speak)
The program Acronis True Image failed when attempting to clone win 8.1 C drive. The destination disk is now hidden in File Explorer but is present in Disk Management (and in Device Manager). The Disk Management command "Change Drive Letter ..." is grayed out. How can I unhide the drive?
The drive in question appears in attached screen shots as Disk 6 but is missing from Explorer.
I recently upgraded my windows 8.1 to windows 8.1 pro as I wanted to enable bitlocker encryption on the laptop.
The issue is that I can't seem to enable or find bitlocker in any of the area's outlined. When I try to right click on the C: drive I don't have an option for bitlocker. When I go into control panel, there's no bitlocker icon. When I do a search on the machine for bitlocker I do get a "manage bitlocker" icon, but it's doesn't do anything when I click on it.
I have followed the tutorial on this site and downloaded/installed the reg files to enable it on a non tpm device. Can see that they did update the policy on the machine, but still no joy.
When I go into PC info on the machine in question I don't see anything about bitlocker. It's like it's not there. Do you have to add a windows feature to enable it?
We are facing an issue with bitlocker on Windows 8 machines since its not encrypting Hard disks through GPO. we are getting the below error on the log files
failed to initiate drive encryption with the following exit code: 80070057
We are using the same GPO for windows 7 machines and its working completely fine and also Bitlcoker_to_go is working fine with both OS's.
Is there anything specific in GPO to check for bitlocker encryption in windows 8?
I have a new Windows 8.1 machine and I wish to encrypt the drive using Bitlocker. It gives me 4 options to save a recovery key
1. Save to your Microsoft account 2. Save to a USB flash drive 3. Save to a file 4. Print the recovery key
Option 1 isn't available as I'm logged on using a local account.
i. What is the difference between options 2 & 3? i.e. I could save to a file on a USB drive ii. Does option 2 mean the USB flash drive cannot then be used for other purposes? iii. Does option 2 also mean I could use a USB external hard drive, or does it have to be a flash drive? iv. Once the recovery key has been created, can the key then be copied to other locations or is it only going to work where Bitlocker puts the key? v. Just thinking about printing the recovery key - can this be used without a password to access the drive, how sensitive/important is the printed key?
After I restored to default settings in the bios , I get into this problem of bitlocker requiring the key to start. I tried to suspend bit locker but bit locker management is not available . OS is win 8.1 , product is Dell Venue Pro 11 Tablet.
When I tried to use elevated command to disable bitlocker , the system does not recognize "protectors" in the command line.
What am I to do? I am sick of entering the very long Key , each time I bootup ...
I have BitLocker enabled on a laptop's boot/OS drive. It has worked well for almost a year but it hung when shutting down the other day and I had to press and hold the power button for 4 seconds to power it off. Now when I power it back on, it asks for the password as normal but then it starts in recovery mode and asks for the recovery key as well. Unfortunately I do not have the recovery key.
I know that the password I am entering is correct because it rejects any other password (as would be expected) and only prompts for the recovery key when I enter the correct password.
Am I going to be able to recover my data without this recovery key it is asking for?
My issue first originates with going through the windows 8.1 store app to upgrade windows 8 -> to windows 8.1.
"turn off bitlocker because it isn't supported in the edition of windows you want to install"
I am not sure whether i encrypted the drives after installing windows 8 or in windows 7, nevertheless i do know the encryption passwords to the drives. The biggest problem is therefore trying to remove/disable the encryption to upgrade.
The Applet in the control panel is missing for some reason. I have seen some guides which rely on this applet which is usually situated between auto play and colour management.
I would like to remove/disable the encryption for the upgrade, or confirm the idea that if i disconnect the two drives that are encrypted i could upgrade the OS to 8.1 and wouldn't need to worry about the encryption. The concern is that the 8.1 OS would not read the drives hence the upgrading message.
My specs are this , related to Bitlocker:
Windows 8 64bit - standard (non-enterprise, pro)Hard drives:1 X 128GB SSD - C:/ windows installed here ** NOT ENCRYPTED **1 X 2TB HDD - D:/ + E:/ **ENCRYPTED**1 X 3TB HDD - F:/ **ENCRYPTED**
I'm seeking full-disk encryption software. I want to encrypt the volume that my Windows installation is on.
First of all, does Bitlocker come on the home edition of Windows 8.1? I recall on previous versions it was only available in the Pro editions.
However, I would prefer to use an open-source disk encryption solution. I've searched but I have not found any that can encryption the Windows installation volume, the ones I found (such as TrueCrypt) can only set up additional encrypted partitions which is no good for me.
I have Windows 8.1 Core and Enterprise dual booted. Now, the real question here is, well I've read online that Windows 8.1 had finally added some of the encryption functionality of Bitlocker in a limited sense setup and turned on by default in all editions of Windows including Core - similar to how it does this with RT. The thing is on that point I've read about this, but no-one on the internet seems to know how to describe this functionality with more detail than just a mention of the existence of this.
Yes, I know Windows 8.1 is a brand new OS - so new that it won't be available to the normal public for another month and a half. And yes, I know, this RTM is still incomplete and when it will be complete within this next month and half maybe some of these new features (like the default limited Bitlocker as well as the Wifi hotspot functionality (which I figured out how to setup with Powershell, but there's no easy and normal way to go about doing this (how are normal people going to set it up? Normal people are afraid of Powershell/Command Prompt! Microsoft knows this - so I assume they'll address these concerns, and if they don't - there employees and executives must be smoking crack cocaine))).
But, what I'm getting at is this - is it safe for me to set up Bitlocker on the Enterprise edition/drive and let the Core edition/drive be as it is now? Is there a specific way I should go about doing this? If my concern on this is warranted - and it's a dangerous thing to try to do - which could have negative and unwanted consequences - than maybe I should just remove Enterprise, well if I should, then suggest that too. I like Bitlocker encryption for my more sensitive data - but I also like this Windows To Go feature as well. I would remove Enterprise if it's probably the best option. I am concerned of this too because I remember reading years ago that in reality having a dual boot setup of 2 editions of the same version of Windows (or just 2 editions of different versions) was/is actually something that isn't a good idea to have setup because it messes with the 2 versions of Windows somehow and drive C:, but I assume that as time has passed and technology has advanced maybe those issues that were authentic issues in the past might've been addressed with the new technology - but am unsure of this.
So, basically, the real question is - is dual booting these 2 editions of Windows safe in the new world of today with these new technologies - and if it is - is having the full Bitlocker functionality with Enterprise setup and having the Core OS setup as the main OS as well - safe?
Recently upgraded to Windows OS 8.1 Pro and cannot encrypt my HP external hard drive. Encryption pauses and states that disk has errors and please run chkdsk. Ran chkdsk and no errors found. Had no difficulty encrypting the C drive with the OS.
I turned on Bitlocker on three new Windows 8.1 laptops and saved the 48-digit recovery keys and associated identifiers, but I forgot to indicate which laptops they are associated with. Is there any way to find the identifiers/recovery keys on my laptops so I can document this? Or do I have to decrypt the laptop drives, turn off Bitlocker, and start all over again to generate new identifiers/recovery keys? My only options under Manage Bitlocker are Suspend protection, Back up your recovery key, and Turn off BitLocker.
I activated Bitlocker for my Operating system drive on a Windows 8 machine. But when starting the process I only can back up the recovery key. I have no dialog to choose how to unlock the drive. Thus even though Bitlocker is running, the PC can be turned and windows can be accessed by common user authentication. No password prompt appears at an early instant of the boot-process.
See, my little brother accidentally formatted an encrypted partition of my HDD (Disk drive D: 100 GB to be exact) which contained really important data that I need back! It had all of my photographs from the past 5 years (which I was too lazy to back up on cloud storage).
Would this recover the lost data? I do have the password and the recovery key. I hope this works...
I have found out how to encrypt a folder I would sent to the Cloud. I also saw how to decrypt the folder.
I saw mention of backing up the cetificate which sems to complicate the process.. if you can decrypt a folder you have encrypted, why is it necessary to backup the certificate? Is it because the first time a certificate is generated and without it you cannot open the folder?
If so where do you back the certificate up to in case of drive failure?
So, the device uses an eMMC for the drive. Is it possible to set the ATA security password on the drive, just like you can for regular hard drives? I don't see an option in the BIOS to set it. Perhaps the option is there somewhere though.
I basically want to protect the data on the tablet. I don't think the BIOS administrator/user password provides sufficient security since that password can be reset and the data can then be accessed. I don't want to use software encryption since I don't want to slow the device down.
I had recently replaced my HDD with SSD, So I had backed up & erased all the personal files including music, videos etc from respective folders, Actually there is no files other than system files, programs, softwares in the SSD now, I had done disk cleanup, defrag , clearing of temp, prefetch folders etc before starting the cloning everything from HDD to SSD,
After replacement, now I could see all my collection of songs/music in the Now Playing section of Music App (Modern app), No music files are actually present for me to locate in any of the folders when I go through for explorer,
I'm not able to play the music files by clicking it from Music App , & when I delete it from there by right clicking it - temporarily goes away but returns when i close the App and opens it again..
I had unchecked & checked the indexing option in the Music folder (File Explorer) - properties & restarted system, checked, But still all the music files are listed in the App, how to clear the music file listings from the Music app permanently which are not really present in the system?
I can't create a simple text file and place it on my C: drive in Win 8.1 - says that I don't have permission. The properties of the drive show that I do - full control, every class of user. Am I missing something really simple?
I use O&O Disk Image 7.2 to make images of my Windows 8 drive. Occasionally I need to mount an image to access folders and files. One folder I can't access is my user folder. I get the message 'You don't currently have permission to access this folder.' I took ownership of the folder but that didn't work. I get a similar result for the folder "C:WindowsCSC" if you want to see how my user folder behaves.
How can I access my user folder on my mounted image?
I have a laptop that has win 8 but not the Pro version.And it apparently does not have Bitlocker on it.
I have the win 8 Pro upgrade software but i think its the full version which i bought for another pc.And the upgrading instructions on the outside of the box talks about upgrading from vista or xp only.I am running win 8.
The only reason I am wanting to upgrade to win 8 Pro is to have Bitlocker.
Is it not possible to install the win 8 Pro OS?
Or is there another way of obtaining Bitlocker?
Its an acer laptop. The system info says: The system type is a "x64 based-pc" Celeron cpu 1017u 1.6 ghz,2 cores,2 logical processors, Win 8 version is 6.2.9200 build 9200
I did a fresh install of Windows 8.1 pro and activated it.After that i upgarded to windows media center pack.Now my OS is Windows 8.1 pro with Media center,But Bitlocker is missing from the control panel,i can't find it anywhere.
