BitLocker questions


Ancient

Member
Local time
11:52 PM
Posts
10
OS
Windows 11 Pro
Hey all
I've never implemented BitLocker and am looking to install a form of drive encryption.
This will be for an internal SSD which has 2 partitions c:=os and d=data.
I also want to encrypt some external usb hard drives.
The only authentication at the moment is the Windows log on password on a local account. I assume I can still set it up using a local account?

My understanding is that a BitLocker pin is not really required, is this correct?
If my laptop system board became faulty, could I still remove the SSD into an external enclosure and read the data from it on another laptop? I assume it would prompt for the BitLocker key/ password?

If someone were to steal the encrypted laptop, (as the drive would be accessible after the log in ie BitLocker would proceed to unlock once it reads from the TPM) could someone still use a sam account reset usb / hiren cd to reset the local password and access the data?

Lastly what are the disadvantages of setting up bit locker on a 1.2 TPM system? compared to a newer laptop with v2.0?

Thanks in advance for any info :)
 
Windows Build/Version
Windows 11

My Computer

System One

  • OS
    Windows 11 Pro
For the actual OS drive where Windows resides, you don't need to supply a password or PIN. The fact that the drive is BitLocker encrypted will be completely transparent to you. When you encrypt the drive, Windows will force you to save the BitLocker recovery key. Make sure to keep this key someplace safe!

If something happens to your TPM or if the computer completely dies, you can still access your data by connecting the drive to another system, but you will need the recovery key.

For this same reason, if someone else gets a hold of your system or drive, they will not be able to access the data because they would need to key to unlock the drive.

For other drives or partitions on the system, you would supply a password to unlock those drives. Note that there is also a BitLocker recovery key for these drives, but you normally would not need this because the password you supply will unlock those drive(s). Note also that these drives can be set to autounlock on your system if your Windows drive is BitLocker protected. As a result, access to these drives is also completely transparent to you so that you need do nothing in order to access those drive(s).

External drives, thumb drives, etc. are basically handled the same way that other drives internally are handled. When you encrypt those drives, you will supply a password to unlock them, but you can turn on auto unlock for these as well so long as your Windows drive is BitLocker encrypted.

As far as what the precise advantages of TPM 2 vs 1.2, I would have to research that a little bit as I do not know what the technical differences are. What I can tell you is that in practice, it looks exactly the same.

Let me know if you have any further questions. I may not have all the answers, but I do use BitLocker on ALL of my systems and have a good amount of experience with it, so there's a good chance that I can answer your questions.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-built
    CPU
    Intel i7 11700K
    Motherboard
    ASUS Prime Z590-A MB
    Memory
    64GB (Waiting for warranty replacement of another 64GB for 128GB total)
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe SSD
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    3 x 512GB 2.5" SSD
    1 x 4TB 2.5" SSD
    5 x 8TB Seagate Barracuda HDD
    PSU
    Corsair HX850i
    Case
    Corsair iCUE RGB 5000X mid tower case
    Cooling
    Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Home Computer Specifications, Configuration, and Usage Notes General Specifications ASUS Prime Z590-A motherboard, serial number M1M0KC222467ARP Intel Core i7-11700K CPU (11th Gen Rocket Lake / LGA 1200 Socket) 128GB Crucial Ballistix RGB DDR4 3200 MHz DRAM (4 x 32GB) Corsair iCUE RGB 5000X mid tower case Noctua NH-D15 chromax.black CPU cooler Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Corsair LL-120 RGB Fans (Qty. 3)
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    The five 8TB drives and three 512GB SSDs are part of a DrivePool using StableBit DrivePool software. The three SSDs are devoted purely to caching for the 8TB drives. All of the important data is stored in triplicate so that I can withstand simultaneous failure of 2 disks.

    Networking: 2.5Gbps Ethernet and WiFi 6e
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
Hello @hsehestedt ,
Does Bitlocker encryption apply to every drive/partitions in pc wherein Windows 11 v24H2 are installed/updated ? Is bitlocker recovery key same for all drives/partitions? (If multi os Windows 11 v24H2 are installed on different partitions/drives)
If I install latest preview build/canary channel Windows 11 v24H2, does the registry trick remain unchanged when applied before installation and also post installation?
The registry trick I added to install Windows 11 v24H2 preview build/canary channel on unsupported pc is (in booable usb of Windows 11 v24H2)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker
Inside BitLocker, right-click, then on New and DWORD (32-bit) Value. Name the value PreventDeviceEncryption, double-click on it and change the Value Data to 1. Then save the changes made in registry.
Is this registry change to disable bitlocker encryption is permanent in newly installed Windows 11 v24H2 preview build/canary channel even after the Windows updates are going on?
Thanks.
 

Attachments

  • Screenshot_2024-06-28-08-15-02-021.jpeg
    Screenshot_2024-06-28-08-15-02-021.jpeg
    89.7 KB · Views: 2
Last edited:

My Computer

System One

  • OS
    Window 11 v24H2 Build 26100.2033
    Computer type
    PC/Desktop
    Manufacturer/Model
    ASSEMMBLED
    CPU
    Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz 3.10 GHz
    Motherboard
    ZEBRONICS
    Memory
    4.00 GB (3.89 GB usable)
    Graphics Card(s)
    Onboard
    Sound Card
    Onboard
    Monitor(s) Displays
    LG
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba HDD 1 TB
    Keyboard
    Mechanical
    Mouse
    Mechanical
    Internet Speed
    700 kb/s
    Browser
    Microsoft EDGE, CHROME
    Antivirus
    Microsoft Defender
Does Bitlocker encryption apply to every drive/partitions in pc wherein Windows 11 v24H2 are installed/updated ?

BitLocker will be applied to those partitions that you apply it to, not to any others. The one exception is for systems that are eligible for automatic encryption in which case the Windows partition will be automatically encrypted.

Is bitlocker recovery key same for all drives/partitions?

Every partition has its own recovery key.

If I install latest preview build/canary channel Windows 11 v24H2, does the registry trick remain unchanged when applied before installation and also post installation?

I don't have any machines that encrypt automatically so I have no experience with this, but my suspicion would be that if you set this registry entry it should prevent Windows from automatically encrypting even when upgrading to new versions. That is an assumption, so maybe someone else can say for sure.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-built
    CPU
    Intel i7 11700K
    Motherboard
    ASUS Prime Z590-A MB
    Memory
    64GB (Waiting for warranty replacement of another 64GB for 128GB total)
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe SSD
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    3 x 512GB 2.5" SSD
    1 x 4TB 2.5" SSD
    5 x 8TB Seagate Barracuda HDD
    PSU
    Corsair HX850i
    Case
    Corsair iCUE RGB 5000X mid tower case
    Cooling
    Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Home Computer Specifications, Configuration, and Usage Notes General Specifications ASUS Prime Z590-A motherboard, serial number M1M0KC222467ARP Intel Core i7-11700K CPU (11th Gen Rocket Lake / LGA 1200 Socket) 128GB Crucial Ballistix RGB DDR4 3200 MHz DRAM (4 x 32GB) Corsair iCUE RGB 5000X mid tower case Noctua NH-D15 chromax.black CPU cooler Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Corsair LL-120 RGB Fans (Qty. 3)
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    The five 8TB drives and three 512GB SSDs are part of a DrivePool using StableBit DrivePool software. The three SSDs are devoted purely to caching for the 8TB drives. All of the important data is stored in triplicate so that I can withstand simultaneous failure of 2 disks.

    Networking: 2.5Gbps Ethernet and WiFi 6e
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
Thank you very much for your response @hsehestedt .
Can registry trick , as described above, be applied to Windows 11 v23H2 for avoiding bitlocker encryption during Windows update? Will this prevent my pc from bitlocker encryption so that I will not have encrypted drive/partition in upgraded v24H2?
 

My Computer

System One

  • OS
    Window 11 v24H2 Build 26100.2033
    Computer type
    PC/Desktop
    Manufacturer/Model
    ASSEMMBLED
    CPU
    Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz 3.10 GHz
    Motherboard
    ZEBRONICS
    Memory
    4.00 GB (3.89 GB usable)
    Graphics Card(s)
    Onboard
    Sound Card
    Onboard
    Monitor(s) Displays
    LG
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba HDD 1 TB
    Keyboard
    Mechanical
    Mouse
    Mechanical
    Internet Speed
    700 kb/s
    Browser
    Microsoft EDGE, CHROME
    Antivirus
    Microsoft Defender
Thank you very much for your response @hsehestedt .
Can registry trick , as described above, be applied to Windows 11 v23H2 for avoiding bitlocker encryption during Windows update? Will this prevent my pc from bitlocker encryption so that I will not have encrypted drive/partition in upgraded v24H2?
Why bother. If drive gets encrypted, simply turn it off. Once off, it remains unencrypted.
 

My Computer

System One

  • OS
    Windows 11 Pro + Win11 Canary VM.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Zenbook 14
    CPU
    I9 13th gen i9-13900H 2.60 GHZ
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB soldered
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    laptop OLED screen
    Screen Resolution
    2880x1800 touchscreen
    Hard Drives
    1 TB NVME SSD (only weakness is only one slot)
    PSU
    Internal + 65W thunderbolt USB4 charger
    Case
    Yep, got one
    Cooling
    Stella Artois (UK pint cans - 568 ml) - extra cost.
    Keyboard
    Built in UK keybd
    Mouse
    Bluetooth , wireless dongled, wired
    Internet Speed
    900 mbs (ethernet), wifi 6 typical 350-450 mb/s both up and down
    Browser
    Edge
    Antivirus
    Defender
    Other Info
    TPM 2.0, 2xUSB4 thunderbolt, 1xUsb3 (usb a), 1xUsb-c, hdmi out, 3.5 mm audio out/in combo, ASUS backlit trackpad (inc. switchable number pad)

    Macrium Reflect Home V8
    Office 365 Family (6 users each 1TB onedrive space)
    Hyper-V (a vm runs almost as fast as my older laptop)
Why bother. If drive gets encrypted, simply turn it off. Once off, it remains unencrypted.
Thanks @cereberus .
Should I need password/recovery key to enter in that case?
As I was asked for key after windows updated build 26085.
There are much more details in thread
Thanks evryone.
 
Last edited:

My Computer

System One

  • OS
    Window 11 v24H2 Build 26100.2033
    Computer type
    PC/Desktop
    Manufacturer/Model
    ASSEMMBLED
    CPU
    Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz 3.10 GHz
    Motherboard
    ZEBRONICS
    Memory
    4.00 GB (3.89 GB usable)
    Graphics Card(s)
    Onboard
    Sound Card
    Onboard
    Monitor(s) Displays
    LG
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba HDD 1 TB
    Keyboard
    Mechanical
    Mouse
    Mechanical
    Internet Speed
    700 kb/s
    Browser
    Microsoft EDGE, CHROME
    Antivirus
    Microsoft Defender
Hey all
I've never implemented BitLocker and am looking to install a form of drive encryption.
This will be for an internal SSD which has 2 partitions c:=os and d=data.
I also want to encrypt some external usb hard drives.
The only authentication at the moment is the Windows log on password on a local account. I assume I can still set it up using a local account?

My understanding is that a BitLocker pin is not really required, is this correct?
If my laptop system board became faulty, could I still remove the SSD into an external enclosure and read the data from it on another laptop? I assume it would prompt for the BitLocker key/ password?

If someone were to steal the encrypted laptop, (as the drive would be accessible after the log in ie BitLocker would proceed to unlock once it reads from the TPM) could someone still use a sam account reset usb / hiren cd to reset the local password and access the data?

Lastly what are the disadvantages of setting up bit locker on a 1.2 TPM system? compared to a newer laptop with v2.0?

Thanks in advance for any info :)
I recommend you do some reading before you decide on how you are going to do it. There are many different configurations possible. Take a look at the tutorial index. Scroll down to the BitLocker section.

 

My Computer

System One

  • OS
    Windows 11 Pro
@hsehestedt Thank you for the detailed and helpful info, I appreciate it.
Just a couple of follow up questions:
Does it give the option to set up the auto unlock when initially configuring BitLocker?
Can the auto unlock be turned off so that it prompts for a password, eg if I wanted to change it to that method at a later date?

For the external drive if I set it as auto unlock, I assume that would only work on the laptop where I originally set the encryption?
For any other laptop, will it prompt for the password?

Last time I read up on this was a few years ago, I remember reading that the recovery key would need to be backed up on a Microsoft account, is this still the case (ideally, I prefer to log in with a local account) / if I'm logged in with a local account does it prompt to save the key as text file on other usb drives/ storage device?

Many thanks
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Pro
I also have another question. I lost my Bitlocker recovery key but I can still log in using my pin.

Since I still have access to the system, Is the recovery key stored on the OS somewhere so's I can copy it for future reference?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Microsoft Surface Pro
    Memory
    32GB
  • Operating System
    Windows 11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad P14s Gen 3 Intel (14”) Mobile Workstation - Type 21AK
    Memory
    32GB

My Computer

System One

  • OS
    Windows 10
    Computer type
    Laptop
    Manufacturer/Model
    HP
    CPU
    Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz
    Motherboard
    Product : 190A Version : KBC Version 94.56
    Memory
    16 GB Total: Manufacturer : Samsung MemoryType : DDR3 FormFactor : SODIMM Capacity : 8GB Speed : 1600
    Graphics Card(s)
    NVIDIA Quadro K3100M; Intel(R) HD Graphics 4600
    Sound Card
    IDT High Definition Audio CODEC; PNP Device ID HDAUDIO\FUNC_01&VEN_111D&DEV_76E0
    Hard Drives
    Model Hitachi HTS727575A9E364
    Antivirus
    Microsoft Defender
    Other Info
    Mobile Workstation
@zbook Thanks.

I thought it might be stored locally, though. After all, I still have the pin and I can still log on.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Microsoft Surface Pro
    Memory
    32GB
  • Operating System
    Windows 11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad P14s Gen 3 Intel (14”) Mobile Workstation - Type 21AK
    Memory
    32GB
Does it give the option to set up the auto unlock when initially configuring BitLocker?
No. Autounlock is configured individually on a per partition basis for drives that you encrypt AFTER configuring BitLocker on the Windows drive.

NOTE: If a drive has been BitLocker encrypted previously, simply connect it to your system, right-click the drive, manage BitLocker, turn on Auto unlock.
Can the auto unlock be turned off so that it prompts for a password, eg if I wanted to change it to that method at a later date?

Yes, you can turn on / off auto unlock any time you want either using the GUI or command line.

For the external drive if I set it as auto unlock, I assume that would only work on the laptop where I originally set the encryption?
For any other laptop, will it prompt for the password?

You have that precisely correct. Auto unlock is enabled independently.

on each system. So, let's say you have a thumb drive that is BitLocker encrypted and you have 3 computers. You would turn on auto unlock on all 3 systems (assuming it you want it to auto unlock on each system).

I remember reading that the recovery key would need to be backed up on a Microsoft account
No, you have several options. When you BitLocker encrypt a drive it will force you to save the key. The choices are to print the key, save it to a file, or save it to your Microsoft account. Note that when saving it, it won't let you save it to a BitLocker encrypted drive. As a trick, I tell it to print the key, choose the Print to PDF option, and then I can save it to my desktop even that is on a BitLocker encrypted drive. If you do something like that, make sure to move that PDF to someplace safe immediately!
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-built
    CPU
    Intel i7 11700K
    Motherboard
    ASUS Prime Z590-A MB
    Memory
    64GB (Waiting for warranty replacement of another 64GB for 128GB total)
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe SSD
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    3 x 512GB 2.5" SSD
    1 x 4TB 2.5" SSD
    5 x 8TB Seagate Barracuda HDD
    PSU
    Corsair HX850i
    Case
    Corsair iCUE RGB 5000X mid tower case
    Cooling
    Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Home Computer Specifications, Configuration, and Usage Notes General Specifications ASUS Prime Z590-A motherboard, serial number M1M0KC222467ARP Intel Core i7-11700K CPU (11th Gen Rocket Lake / LGA 1200 Socket) 128GB Crucial Ballistix RGB DDR4 3200 MHz DRAM (4 x 32GB) Corsair iCUE RGB 5000X mid tower case Noctua NH-D15 chromax.black CPU cooler Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Corsair LL-120 RGB Fans (Qty. 3)
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    The five 8TB drives and three 512GB SSDs are part of a DrivePool using StableBit DrivePool software. The three SSDs are devoted purely to caching for the 8TB drives. All of the important data is stored in triplicate so that I can withstand simultaneous failure of 2 disks.

    Networking: 2.5Gbps Ethernet and WiFi 6e
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
Thank you for all your help and clear instructions, appreciated :)
 

My Computer

System One

  • OS
    Windows 11 Pro
Thank you for all your help and clear instructions, appreciated :)
Glad to be able to help! If you have more questions please do feel free to ask.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-built
    CPU
    Intel i7 11700K
    Motherboard
    ASUS Prime Z590-A MB
    Memory
    64GB (Waiting for warranty replacement of another 64GB for 128GB total)
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe SSD
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    3 x 512GB 2.5" SSD
    1 x 4TB 2.5" SSD
    5 x 8TB Seagate Barracuda HDD
    PSU
    Corsair HX850i
    Case
    Corsair iCUE RGB 5000X mid tower case
    Cooling
    Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Home Computer Specifications, Configuration, and Usage Notes General Specifications ASUS Prime Z590-A motherboard, serial number M1M0KC222467ARP Intel Core i7-11700K CPU (11th Gen Rocket Lake / LGA 1200 Socket) 128GB Crucial Ballistix RGB DDR4 3200 MHz DRAM (4 x 32GB) Corsair iCUE RGB 5000X mid tower case Noctua NH-D15 chromax.black CPU cooler Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Corsair LL-120 RGB Fans (Qty. 3)
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    The five 8TB drives and three 512GB SSDs are part of a DrivePool using StableBit DrivePool software. The three SSDs are devoted purely to caching for the 8TB drives. All of the important data is stored in triplicate so that I can withstand simultaneous failure of 2 disks.

    Networking: 2.5Gbps Ethernet and WiFi 6e
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
One last question... is there ever a need to manually suspend BitLocker eg for Windows updates or Bios updates?
 

My Computer

System One

  • OS
    Windows 11 Pro
One last question... is there ever a need to manually suspend BitLocker eg for Windows updates or Bios updates?
I've never needed to do anything to BitLocker for Windows Updates or BIOS updates on my Microsoft Surface computer.

I never need to do anything to BitLocker for Windows Updates on my Dell computer either.

For BIOS updates on my Dell computer I use Dell Command Update or Dell Support Assist utilities and they handle BitLocker automatically and transparently.

The bottom line, it's totally transparent that I even have BitLocker running on either of my computers. I like that.
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 16 9640
    CPU
    Intel Core Ultra 9 185H
    Memory
    32GB LPDDR5x 7467 MT/s
    Graphics Card(s)
    NVIDIA GeForce RTX 4070 8GB GDDR6
    Monitor(s) Displays
    16.3 inch 4K+ OLED Infinity Edge Touch
    Screen Resolution
    3840 x 2400
    Hard Drives
    1 Terabyte M.2 PCIe NVMe SSD
    Cooling
    Vapor Chamber Cooling
    Mouse
    None
    Internet Speed
    960 Mbps Netgear Mesh + 2 Satellites
    Browser
    Microsoft Edge (Chromium) + Bing
    Antivirus
    Microsoft Windows Security (Defender)
    Other Info
    Microsoft 365 subscription
    Microsoft OneDrive 1TB Cloud
    Microsoft Visual Studio
    Microsoft Visual Studio Code
    Microsoft Sysinternals Suite
    Microsoft BitLocker
    Microsoft Copilot
    Macrium Reflect X subscription
    Dell Support Assist
    Dell Command | Update
    1Password Password Manager
    Amazon Kindle for PC
    Lightroom/Photoshop subscription
    Interactive Brokers Trader Workstation
One last question... is there ever a need to manually suspend BitLocker eg for Windows updates or Bios updates?

I only suspend Bitlocker before Windows updates when I don't want to have to authenticate on reboot. I do this before other reboots if I think about it. As for BIOS updates, my Asus motherboard does warn to suspend Bitlocker before proceeding, which if you didn't do it, of course means rebooting into Windows so you can.
 

My Computer

System One

  • OS
    Windows 11
One last question... is there ever a need to manually suspend BitLocker eg for Windows updates or Bios updates?
Yes and no. There are a number of things that do require BitLocker to be suspended. Most notably, this happens if you have Secure Boot enabled. Especially with Secure Boot enabled, some very minor things can cause BitLocker to ask for a recovery key UNLESS you suspend protection first.

I have also found that this seems to vary from MB to MB. I have an older MSI MB that asks for the BitLocker recovery key at the slightest provocation, but I have an ASUS MB that tolerates a lot more before it wants a recovery key.

On my Lenovo laptop it specifically tells me that it is going to suspend BitLocker protection before it performs a BIOS update and it then suspends it for me.

To suspend protection, all you have to do is right click the drive, select the option to manage BitLocker and then choose to suspend protection. Note that when you suspend protection, that suspension is good for one boot. In other words, the next time Windows starts, BitLocker protection will automatically be re-enabled.

As a rule of thumb, I simply disable protection anytime I am going to do anything at all in the BIOS. It takes all of like two seconds to do so it is super easy.

There are some other circumstances as well, but many of those will pop up a warning that says something like, Hey, you have BitLocker enabled. Before you do this you should suspend BitLocker.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-built
    CPU
    Intel i7 11700K
    Motherboard
    ASUS Prime Z590-A MB
    Memory
    64GB (Waiting for warranty replacement of another 64GB for 128GB total)
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe SSD
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    3 x 512GB 2.5" SSD
    1 x 4TB 2.5" SSD
    5 x 8TB Seagate Barracuda HDD
    PSU
    Corsair HX850i
    Case
    Corsair iCUE RGB 5000X mid tower case
    Cooling
    Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Home Computer Specifications, Configuration, and Usage Notes General Specifications ASUS Prime Z590-A motherboard, serial number M1M0KC222467ARP Intel Core i7-11700K CPU (11th Gen Rocket Lake / LGA 1200 Socket) 128GB Crucial Ballistix RGB DDR4 3200 MHz DRAM (4 x 32GB) Corsair iCUE RGB 5000X mid tower case Noctua NH-D15 chromax.black CPU cooler Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Corsair LL-120 RGB Fans (Qty. 3)
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    The five 8TB drives and three 512GB SSDs are part of a DrivePool using StableBit DrivePool software. The three SSDs are devoted purely to caching for the 8TB drives. All of the important data is stored in triplicate so that I can withstand simultaneous failure of 2 disks.

    Networking: 2.5Gbps Ethernet and WiFi 6e
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
Thanks @hsehestedt .
I had Windows 11 v24H2 insider preview /canary channel build 26085 installed on my desktop pc which has No TPM and No secure boot enabled. Still then after some updates, the drive(SSD 128 GB) was encrypted automatically and was asking for key to unlock it. Since I had to do some other installation on the same , I did format the encrypted drive. My pc has 8 to 10 years old hardware configuration.
I also want to thank @Brink for tutorial
 

My Computer

System One

  • OS
    Window 11 v24H2 Build 26100.2033
    Computer type
    PC/Desktop
    Manufacturer/Model
    ASSEMMBLED
    CPU
    Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz 3.10 GHz
    Motherboard
    ZEBRONICS
    Memory
    4.00 GB (3.89 GB usable)
    Graphics Card(s)
    Onboard
    Sound Card
    Onboard
    Monitor(s) Displays
    LG
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba HDD 1 TB
    Keyboard
    Mechanical
    Mouse
    Mechanical
    Internet Speed
    700 kb/s
    Browser
    Microsoft EDGE, CHROME
    Antivirus
    Microsoft Defender

Latest Support Threads

Back
Top Bottom