[TIP] Cases of BitLocker Being On Without User's Knowledge

britechguy · Jan 13, 2022

Porthos said:
Wish in one hand.......

You'll note, though, that I didn't say I actually expected it, just that it should be expected!

You're absolutely right, as is @nlinecomputers, about the actuality of things.

Diggs · Jan 13, 2022

The Lenovo Yoga I just reset (wipe everything) set itself back up with device encryption turned on. I assume it's a Lenovo decision and not MS (Win10).

britechguy · Jan 13, 2022

Diggs said:
The Lenovo Yoga I just reset (wipe everything) set itself back up with device encryption turned on. I assume it's a Lenovo decision and not MS (Win10).

What's the hardware configuration?

If that's correct, there's no way to differentiate. If it's not, then Lenovo has to have some hand in things.

Also remember that a Windows Reset and a Completely Clean Reinstall while similar, are NOT the same. And I'd be willing to bet that the Reset inherits whatever's already been configured at the OS level, even if the data is wiped.

Porthos · Jan 13, 2022

Diggs said:
I just reset (wipe everything) set itself back up with device encryption turned on.

If using Lenovo recovery of course it did. If you install from an ISO it would not.

nlinecomputers · Jan 13, 2022

Porthos said:
If using Lenovo recovery of course it did. If you install from an ISO it would not.

This. The OEM gets to decide it. It can only be setup if they do the proper setup when creating the image AND if the proper hardware is set. It’s on by default using the scripts provided by Microsoft but the OEM can edit this just like they can add logos and software to their image.

Diggs · Jan 13, 2022

Porthos said:
If using Lenovo recovery of course it did.

Not really. There is no online MS account like before. Win10 was installed offline with a local account. I didn't really expect bitlocker to be turned on in that circumstance.

nlinecomputers · Jan 13, 2022

Diggs said:
Not really. There is no online MS account like before. Win10 was installed offline with a local account. I didn't really expect bitlocker to be turned on in that circumstance.

If all you did was a reset in windows with no drive reformat then any encryption that exists before the reset remains after. I think you are going to be surprised by the number of systems that are encrypted and you didn't realize it because you failed to check. I've done the same. I'm trying to get in the habit of checking on this during my initial survey of the machine.

Diggs · Jan 13, 2022

In turn, I'm a bit worried that no customer data was in the Macrium image I had that was made with bitlocker turned on. Macrium said it was restoring the data without bitlocker turned on but there was no customer data in the documents/pictures/etc. folders when it was done. Folders were there but empty. Defeats the purpose of an image.

Porthos · Jan 13, 2022

Diggs said:
Folders were there but empty. Defeats the purpose of an image.

Did the user use One Drive? You might have to dig in a different folder.
Was it a 2 drive setup? With users, folders moved to a second drive or partition?

[TIP] Cases of BitLocker Being On Without User's Knowledge

britechguy

Well-Known Member

Diggs

Well-Known Member

britechguy

Well-Known Member

Porthos

Well-Known Member

nlinecomputers

Well-Known Member

Diggs

Well-Known Member

nlinecomputers

Well-Known Member

Diggs

Well-Known Member

Porthos

Well-Known Member

Similar threads