Proper Bitlocker Management w/new PC

In My Humble Opinion
1

Condensed Backstory: My teen son’s PC of 3 years recently became a brick thanks to Bitlocker and the initiating screen saying “apply” or “skip”. Unaware, he clicked “skip” and there was no going back. Out of the blue, the Bitlocker screen arose after a bootup one day, and now he is locked out having no password or “key”. I think, at one point, he had a chance to synch with his MS account, but he may not have had an MS account at the time. As I understand it, he thought he could retroactively synch the two, but that was not to be.

Anyhow, in need of a working PC, we bought him a new PC for the coming holidays . How can he avoid the same thing happening? Googling, I read this complicated rigmarole by Microsoft making sure the BIOS has this or that, plus other esoteric steps foreign to me, the average user. While I do see where Bitlocker seems to be part of the Control Panel, my questions boil down to this:

A) To avoid stepping into the same trap, will a brand new PC (upon initial boot-up or soon thereafter) go through some Bitlocker Wizard for easy setup (as long as he doesn’t click “skip”)? Or, is the user expected to initiate it (i.e., access via Control Panel)?

B) If the user is expected to initiate Bitlocker, does one have to be some computer wizard to set-up Bitlocker checking for a TPM chip, some firmware stored in the BIOS, and a hard drive partition formatted with an NTFS file system, or such IT-jargon. Is it really this difficult because I have no clue how to check and/or manipulate such things.

C1) Can some IT-guru post simpler steps to follow, or a link for dummies to walk through Bitlocker setup?
C2) Last, it true that, since Bitlocker encrypts the hard drive, all files are encrypted and cannot be shared? :rollseyes:

2

I am not an expert, but here’s my understanding of it:

  • If you don’t have the key, it will not be possible to recover the data on the hard disk, even by transferring the disk to another PC.
  • Even though the contents of the hard disk is lost, it may be possible to reinstall Windows 10 and start over, instead of buying a new PC.
  • BitLocker is available in Windows 10 (Pro edition and up) but is not mandatory. You can use a Windows PC without BitLocker, and AFAIK it’s not active by default when you first start a new computer. (Frankly, I don’t see much necessity for it outside a corporate setting, but that’s an individual choice.)
  • There are a few ways to save the BitLocker key in advance to avoid this situation in the future. As you mention, a Microsoft account is one way.
  • BitLocker shouldn’t prevent sharing functionality from working.
3

Sorry, double post.

4

Thanks for sharing, Heracles! I should share the following interesting Bitlocker experience: You know what is really weird? I perform support work for the US Army in an Army facility. My PC is a Government-owned PC. And, as you can imagine, our PCs are “locked down” pretty securely to minimize the risk of a security breach. One day (prior to my son’s experience), I booted up my work PC and got the Bitlocker screen asking for a password (or key). I had no idea what the heck this was, so I simply rebooted my PC. It booted right up just fine like nothing ever happened. How can that be explained? Is this a fluke?

Note: Based on this experience with my work PC, I tried simply rebooting my son’s PC to get around the Bitlocker screen, but the PC would only get so far before Bitlocker was in control once more.

5

My replies/comments are provided below:

6

I want to share what I have found after much research on Bitlocker for what I have discovered is very interesting: First, I spoke to the owner of a local computer repair shop. (I know, his shop is a rarity in that it has been in business for like 20 years now where all others I knew have failed.) Anyway, when picking his brains, he mentioned that Bitlocker is NOT a part of Windows Home versions, but it IS part of Windows Pro versions. And, curiously, I hit on a Microsoft forum thread claiming the same thing (ironically in rebuttal to a guy who had my exact same experience - denying that it’s possible to engage Bitlocker or have any Bitlocker experience with a Windows Home version!) Yet, paradoxically… My daughter has the same PC as my son with the same Windows 10 Home and IT DOES SHOW BITLOCKER (as an option to set up)! THiS IS SO DISGUSTING THAT MS DOES NOT KNOW THEIR OWN PRODUCTS NOR DO THEY WARN THE END-USER!

Just had to add this to my thread for the benefit of the SDopers who may be in the same boat looking for answers.

7

OF COURSE you don’t have to buy a new PC.

Get on any PC that has an internet connection and at least 10 GB of free space.

Go here:
https://www.microsoft.com/en-us/software-download/windows10

Download the (very small) media creation tool by clicking on “Download Tool Now”

Follow the instructions (on the same page) for “Using the tool to create installation media to install Windows on a different PC” to download and create the large (4GB or so) Windows 10 installation on a thumb drive (preferably USB 3 and at least 16GB, easily found for less than $10).

Plug the thumb drive into the bricked PC, turn it on, hit whatever key (usually Delete) it needs to boot from the USB drive rather than the internal drive, begin the Windows installation. Early on in the installation, it will ask you where you want to install it, and show you the partitions on your drive. Use that screen to delete all the partitions (unless you have some data partitions that have not been encrypted), including all the reserved or system partitions. When you have a completely empty drive (or a large (at least 60GB) empty space before your unencrypted data partitions), tell windows to install in that empty space.

In hundreds of installations with Windows Pro, I have never been asked if I want to turn on Bitlocker, but if you are, just say no.

If you do want to protect your data with encryption, go to the VeraCrypt website

and download that (very small) program. I prefer the portable version. It will allow you to encrypt by file, by partition, by drive, or any combination. I leave my system partition unencrypted and store all my sensitive data (OK, fine, it’s porn) on an encrypted partition. So I never have to worry about being locked out of my PC.

One last thing: I usually don’t use the Windows tool to directly write to the USB, because it hasn’t always worked for me. Instead, I use it to create an .iso file, and then use the Rufus tool to create the USB image from that.

It requires no installation, you just download it and run it. Enter your version of windows, leave the other settings on their default, and it will format your USB and transfer the .iso file to it.

Good luck.

8

I discovered one more thing people should know: The bottom line with whether Windows 10 Home has Bitlocker or not seems to depend on the version or build of Windows 10 Home. Having to buy a new PC thanks to Bitlocker, I found one PC has Bitlocker ; yet, another PC does not have Bitlocker - both with Windows 10 Home, but different versions and/or builds. It seems that even Microsoft (MS) themselves has no clue that this is the case based on how they respond to MS forum questions and (to lesser extent) the generic and very loosely written instructions one can find under Control Panel regarding encryption - of which it seems there are two options, one of which is Bitlocker (if available).

Again, I hope this information may help others experiencing the same trauma (and sticker shock) having been victimized by Bitlocker.