Bitlocker Status Out of the Box for Win11 Pro?

Sky-Knight said:
And your reading comprehension needs so much work I'm assuming you're aging out of the industry due to neuroplasticity issues.
Click to expand...

And another cheap shot. Keep trying, as it's not working. My reading comprehension is absolutely not the problem, your blinders with resulting tunnel vision are. There will not be One True Way when it comes to computing or Windows in general, ever. Otherwise, it would die a justifiable death.
 
NviGate Systems said:
I'm dumping Windows and going Linux next week so....bye Microsoft and you convoluted ADHD ways...lol
Click to expand...

Having been in the *nix world for many years (and being a fan), if you think that "convoluted ADHD ways" are limited to Windows (or any single OS), you're in for a rude awakening!

Still, I hope you find whatever distro you settle on to be everything you need. I'm just realistic that Linux is never, ever taking over the desktop market unless something completely inconceivable and utterly improbable were to take place. As I said earlier, the strength and power of inertia is monumental.
 
Sky-Knight said:
plan accordingly
Click to expand...
And how exactly are we supposed to do that for home users? This encryption BS is the dumbest thing Microsoft has ever done. A huge percentage of my clients can't log into their Microsoft accounts to get their Bitlocker recovery key because they only created the account to sign into their fricking computer and that was years ago. If Microsoft at least required them to enter their password before logging in each time they wouldn't forget their passwords but Microsoft had the absolutely RETARDED idea of allowing users to set up a separate PIN to log in with so they don't have to remember their password!

The only thing dumber is 2FA apps that are tied to a specific device, so when people upgrade their phones they lose access to all their 2FA tokens. Somebody needs to go back in time and kill whoever thought of that so they don't inflict this hell on the world. That and the guy who invented the internal USB 3.0 header on motherboards.
 
sapphirescales said:
This encryption BS is the dumbest thing Microsoft has ever done.
Click to expand...

Abso-friggin'-loutely. It's not that encryption itself is an issue, or even that it defaults to on (per se), but that it allows the end user to be completely divorced from any knowledge and understanding of the absolute need to have a key, without which, they have zero access to their data.

The weird "half-on" state described here makes it 100 times worse.

I am not a Microsoft basher, nor a fanboy, but they screwed the pooch on this - no question about it. And not just for Windows Home, either.
 
sapphirescales said:
And how exactly are we supposed to do that for home users? This encryption BS is the dumbest thing Microsoft has ever done. A huge percentage of my clients can't log into their Microsoft accounts to get their Bitlocker recovery key because they only created the account to sign into their fricking computer and that was years ago. If Microsoft at least required them to enter their password before logging in each time they wouldn't forget their passwords but Microsoft had the absolutely RETARDED idea of allowing users to set up a separate PIN to log in with so they don't have to remember their password!

The only thing dumber is 2FA apps that are tied to a specific device, so when people upgrade their phones they lose access to all their 2FA tokens. Somebody needs to go back in time and kill whoever thought of that so they don't inflict this hell on the world. That and the guy who invented the internal USB 3.0 header on motherboards.
Click to expand...
I'm not entirely certain on how to fix that honestly, because the only answer is to maintain your blasted accounts, the same way you maintain your Google or Apple accounts. It'll boil down to, oh... you lost your account? Ok, I can nuke the machine, and you can start over. It's not an eventuality I enjoy, but that's where we will be. I suppose there will be some money to be made burning hours trying to track down an account.

@NviGate, I've tried that many times... always wind up on Windows again.

@sapphirescales The internal USB port is really useful on servers, or at least was when VMWare could boot from a USB stick. But yes, today... about as useful as a screen door on a submarine. I've never understood why that appeared in desktop boards, bonkers.
 
britechguy said:
If you can turn off encryption, and you can, then saying "every endpoint will be encrypted" is demonstrably false. Many people will choose to turn off encryption
Click to expand...
With respect would you stop being deliberately dense? What @Sky-Knight is saying is that your ability to disable encryption is going to be disabled. YES TODAY you can turn it off. 5 years from now YOU WILL NOT BE ABLE TO. He isn’t speaking of today. He speaking about tomorrow.

And it’s likely to be implemented in hardware. The drive will handle the encryption with a direct path to the TPM chip (which will be embedded in the CPU).
 
@nlinecomputers

Why you, or @Sky-Knight, believe encryption will be unable to be disabled I have no idea. There is no evidence, zero, to support that assertion.

Platforms that have had encryption on by default for years now all allow it to be disabled. Check your phone, for starters.

The short version: I'll believe these kinds assertions if and when I see them beginning to occur. They are wild speculation otherwise.

I can't count the number of, "It's going to be THIS way, in the future," assertions I've dealt with in my just short of 40 years in this business that have NOT come to pass.
 
britechguy said:
Platforms that have had encryption on by default for years now all allow it to be disabled. Check your phone, for starters.
Click to expand...
That depends on the phone. For example iPhones are always encrypted. If you turn off the passcode the encryption is simply bypassed much like when you suspend BitLocker encryption. If you have a deep hardware failure and the internal decryption key is lost you will lose all data on one.

Most Samsung devices if they have “Knox” protection are setup the same way.

As for why I believe this is going to happen is the same reason @Sky-Knight does. We have had Microsoft employees tell us so.
 
@nlinecomputers Thank you, seriously. Gets lonely in here being treated like I'm screaming into the wind, when all I'm trying to do is let people know what Microsoft has on the roadmap.
 
nlinecomputers said:
We have had Microsoft employees tell us so.
Click to expand...

Which, while interesting, doesn't mean it will happen. Both of you know that to be true, too.

Every one of "the major players" has had more mid-course changes than I care to count.

I'll believe it if and when I see any sign, at all, that it's actually occurring.
 
britechguy said:
Which, while interesting, doesn't mean it will happen. Both of you know that to be true, too.

Every one of "the major players" has had more mid-course changes than I care to count.

I'll believe it if and when I see any sign, at all, that it's actually occurring.
Click to expand...
All true but some rumors have more weight than others. Regulatory bodies are likely to force this and Microsoft not wanting to have mixed support models will just make it happen on all product lines.
 
britechguy said:
I'll believe it if and when I see any sign, at all, that it's actually occurring.
Click to expand...
And you have been seeing it. For the past decade Microsoft has been slowly introducing Bitlocker as a default enabled service. Windows 11 upped the ante by requiring TPM 2.0 and defaulting the use of Microsoft accounts. I’d lay good money that default settings in Windows 11 24H2 will have Bitlocker turned on by default on every install not just pre installed deployments by OEMs.
 
nlinecomputers said:
And you have been seeing it.
Click to expand...

That it will be required, and not able to be turned off, well, no, I haven't. And that's the point.

I haven't said anything, at all, to indicate that device encryption is not moving toward being the ubiquitous default. But what I am saying, and will continue to say, is that on the PC platform it will be able to be selectively disabled for a very long time to come. Just the kinds of problems repeatedly discussed in this very venue indicates that the desire for encryption to be able to be switched off remains strong, and from technicians.

And, with this, I'm done. Time will tell.
 
Not to mention all mobile devices enforce the encryption now.

We're having to upgrade servers with TPM modules to enable encryption on the data at rest. And, interestingly enough... doing the certificate based encryption via VMWare isn't good enough, the insurance carriers are DEMANDING OS level encryption, which means bitlocker on Windows.

Given that many servers lack a TPM 2.0 module, this is a huge investment to fix, which is driving many organizations into Azure. Both Azure and AWS encrypt at rest by default. Cell phones encrypt at rest by default.

The very idea that someone could consider all of the above and think... nah... they won't enforce that on the desktop / laptop is baffling to me. But whatever, as I said before this cannot reasonably be enforced in the Microsoft ecosystem on the desktop until after Win10 drops support. So we shall see what happens in 2026.
 
Sky-Knight said:
The very idea that someone could consider all of the above and think... nah... they won't enforce that on the desktop / laptop is baffling to me.
Click to expand...

When I am hearing about the kinds of issues with encryption on mobile devices that we routinely see discussed here, on regular cycles, on the PC platform then we can talk. I've never heard of the kinds of disasters in relation to device encryption on mobile devices that keep being identified here on the PC platform.

How you can be baffled that there will be an immense outcry were Microsoft to attempt to enforce encryption, with no option to turn it off, so long as it remains as "fragile" as it currently is and people keep losing data because of that, baffles me.

Encryption on the PC has been a complete disaster for a huge swath of the PC user base and for reasons entirely outside their own control in many cases. That matters.

If Microsoft were to officially announce the intent to enforce encryption with no option to turn it off, I'll be the first of what I hope would be many raising the cry, "Like hell you are!"
 
britechguy said:
When I am hearing about the kinds of issues with encryption on mobile devices that we routinely see discussed here, on regular cycles, on the PC platform then we can talk. I've never heard of the kinds of disasters in relation to device encryption on mobile devices that keep being identified here on the PC platform.

How you can be baffled that there will be an immense outcry were Microsoft to attempt to enforce encryption, with no option to turn it off, so long as it remains as "fragile" as it currently is and people keep losing data because of that, baffles me.

Encryption on the PC has been a complete disaster for a huge swath of the PC user base and for reasons entirely outside their own control in many cases. That matters.

If Microsoft were to officially announce the intent to enforce encryption with no option to turn it off, I'll be the first of what I hope would be many raising the cry, "Like hell you are!"
Click to expand...

And that first paragraph is the illustration of ignorance...

We ARE having these issues with phones. The difference being that phones don't have removable storage. Have you seen most new laptops? Yup... no removable storage.

The encryption isn't fragile on the implementation side either, and it's not Microsoft's fault people don't maintain their accounts. Ignorant people will continue to pay for repairs because they do stupid things. That's great news for most of us here, job security.

As to your last point... if that rallying cry didn't happen over right to repair, or privacy... it's not happening here. You're delusional. I agree it should happen, but it won't.
 
Last edited:
@Sky-Knight,

Oh, you poor, dear thing. Contrary opinions always reduce you to, well, something. And it's never something civil or mature, nor that has any connection to reality about your targets.
 
Last edited:
Sky-Knight said:
Have you seen most new laptops? Yup... no removable storage.
Click to expand...
Only very cheap and some 2-in-1 laptops (e.g. Microsoft Surface) have soldered storage. The vast majority have M.2 drives that are removable by techs and enthusiasts. The inability to upgrade and replace parts is another trend that should be resisted.
 
You must log in or register to reply here.

Similar threads

dominexsus
The first 5 weeks of running the premises.
2
Replies
20
Views
6K
dominexsus
dominexsus
Kitten Kong
  • Sticky
Questions and Answers relating to Microsoft Licencing Guidelines.
Replies
3
Views
12K
Rosco
Rosco
Back
Top