Some Bitlocker questions

Discussion in 'Windows 10' started by SL2, Mar 2, 2019.

  1. SL2

    SL2 MDL Member

    Jan 18, 2012
    154
    48
    10
    (This is not an attempt to discuss the necessity/reliability/security of Bitlocker. :) )

    If i buy a new laptop with an M2 slot and no SATA connector, and have no other computer with an M2 slot available, how do i prepare it for hardware encryption? (If the SSD supports it.)
    In the past I've just hooked up the new SSD to another computer with Windows installed, but I'm curious if this is needed.

    I'm not talking about enabling Bitlocker, but the required step before that, like I did with my Samsung 850 Evo in Samsung Magician.

    Can I enable hardware encryption from, say, a USB drive? Like some kind of bootable software, or third party software via Command Prompt before installing Windows (Shift + F10). Not talking about Windows To Go.

    Also, does the enabling of hardware encryption (still) need brand specific software, or has it become standard somehow?

    Does all SSD's still need to be enabled for hardware encryption manually, or have they become enabled by default when sold new?
     
  2. TigTex

    TigTex MDL Member

    Oct 5, 2009
    170
    143
    10
    If you have a windows PE bootable ISO you could boot a portable windows, install samsung magician and enable hardware encryption (check win10xpe project on google). If you don't have it, it's easier to install windows twice.
    Enable hardware encryption still requires brand specific software. There are some reports that if you set an HDD password in BIOS, the encryption will be enabled but I haven't tested that.
    As far as I know, all costumer SSDs are sold with hardware encryption disabled by default so that you can read your data on any device without having to input any security key.
    As an alternative, you could just use software encryption. You will have better security (some ssd's have poor security implementations with known exploits) and ease of deployment (install windows and activate bitlocker) at a cost of minimal performance impact, but if you have a powerful cpu that should not be a problem.
     
  3. toyo

    toyo MDL Senior Member

    Aug 14, 2009
    307
    195
    10
    The "HDD Password" feature seems to be mostly appearing on laptops. Pretty sure most desktop motherboards miss it, and that's what is basically having "Class 0" encryption in Magician is, I believe. Also, the HDD Password is a different feature than BIOS Admin Password.
     
  4. SL2

    SL2 MDL Member

    Jan 18, 2012
    154
    48
    10
    That contradicts what I just did. After I have enabled encryption, but before I've turned on Bitlocker, I can still open files on the SSD if I connect it to a different computer.
     
  5. pf100

    pf100 MDL Expert

    Oct 22, 2010
    1,645
    2,365
    60
    Then it's not a hard drive password even if it says it is, it's a bios hard drive lock password.
     
  6. SL2

    SL2 MDL Member

    Jan 18, 2012
    154
    48
    10
    I'm not talking about neither of that, I don't know where you got that from?
     
  7. Snuffy

    Snuffy MDL Expert

    Jan 7, 2008
    1,216
    598
    60
    as stated previously turn on your new computer, and install Windows on the M2 SSD i prefer to partition into smaller size... mine is 1TB and partitioned to 3 300 (est) size, 1= os 2= backup 3=data.
    and you can then turnon for the partition you want to protect very simple i use a sample of commands
    -status
    PS C:\WINDOWS\system32> manage-bde -status
    BitLocker Drive Encryption: Configuration Tool version 10.0.18845
    Copyright (C) 2013 Microsoft Corporation. All rights reserved.

    Disk volumes that can be protected with
    BitLocker Drive Encryption:
    Volume C: [Enterprise]
    [OS Volume]

    Size: 499.74 GB
    BitLocker Version: None
    Conversion Status: Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method: None
    Protection Status: Protection Off
    Lock Status: Unlocked
    Identification Field: None
    Key Protectors: None Found

    Volume E: [Work]
    [Data Volume]

    Size: 225.79 GB
    BitLocker Version: None
    Conversion Status: Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method: None
    Protection Status: Protection Off
    Lock Status: Unlocked
    Identification Field: None
    Automatic Unlock: Disabled
    Key Protectors: None Found

    Volume O: []
    [Data Volume]

    Size: 205.28 GB
    BitLocker Version: None
    Conversion Status: Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method: None
    Protection Status: Protection Off
    Lock Status: Unlocked
    Identification Field: None
    Automatic Unlock: Disabled
    Key Protectors: None Found

    Volume D: []
    [Data Volume]

    Size: 533.70 GB
    BitLocker Version: None
    Conversion Status: Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method: None
    Protection Status: Protection Off
    Lock Status: Unlocked
    Identification Field: None
    Automatic Unlock: Disabled
    Key Protectors: None Found

    Volume F: [Video]
    [Data Volume]

    Size: 309.03 GB
    BitLocker Version: None
    Conversion Status: Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method: None
    Protection Status: Protection Off
    Lock Status: Unlocked
    Identification Field: None
    Automatic Unlock: Disabled
    Key Protectors: None Found

    Volume I: [Scripts]
    [Data Volume]

    Size: 87.07 GB
    BitLocker Version: None
    Conversion Status: Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method: None
    Protection Status: Protection Off
    Lock Status: Unlocked
    Identification Field: None
    Automatic Unlock: Disabled
    Key Protectors: None Found

    Volume M: [USB_STRELEC]
    [Data Volume]

    Size: 14.42 GB
    BitLocker Version: None
    Conversion Status: Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method: None
    Protection Status: Protection Off
    Lock Status: Unlocked
    Identification Field: None
    Automatic Unlock: Disabled
    Key Protectors: None Found

    Volume N: [My Passport Gold]
    [Data Volume]

    Size: 1862.98 GB
    BitLocker Version: None
    Conversion Status: Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method: None
    Protection Status: Protection Off
    Lock Status: Unlocked
    Identification Field: None
    Automatic Unlock: Disabled
    Key Protectors: None Found

    Volume G: [ISO]
    [Data Volume]

    Size: 306.82 GB
    BitLocker Version: None
    Conversion Status: Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method: None
    Protection Status: Protection Off
    Lock Status: Unlocked
    Identification Field: None
    Automatic Unlock: Disabled
    Key Protectors: None Found

    Volume H: [Games]
    [Data Volume]

    Size: 315.67 GB
    BitLocker Version: None
    Conversion Status: Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method: None
    Protection Status: Protection Off
    Lock Status: Unlocked
    Identification Field: None
    Automatic Unlock: Disabled
    Key Protectors: None Found

    Volume L: [Programs]
    [Data Volume]

    Size: 289.23 GB
    BitLocker Version: None
    Conversion Status: Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method: None
    Protection Status: Protection Off
    Lock Status: Unlocked
    Identification Field: None
    Automatic Unlock: Disabled
    Key Protectors: None Found

    Volume J: [UUPs]
    [Data Volume]

    Size: 70.83 GB
    BitLocker Version: None
    Conversion Status: Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method: None
    Protection Status: Protection Off
    Lock Status: Unlocked
    Identification Field: None
    Automatic Unlock: Disabled
    Key Protectors: None Found

    PS C:\WINDOWS\system32>

    manage-bde -status

    manage-bde -lock D: -fd = lock

    manage-bde -off D: = decrypt

    manage-bde -unlock D: -pw

    manage-bde -protectors [{-get|-add|-delete|-disable|-enable|-adbackup|-aadbackup}] <Drive>

    manage-bde -protectors -delete D:

    manage-bde -protectors -disable D:

    manage-bde -protectors

    manage-bde -protectors

    Disable-BitLocker -MountPoint "D:"

    Suspend-BitLocker -MountPoint "C:" -RebootCount 0

    Suspend-BitLocker -MountPoint "D:"

    per volume
    Disable-BitLocker -MountPoint "C:"

    all volume
    PS C:\>$BLV = Get-BitLockerVolume
    PS C:\>Disable-BitLocker -MountPoint $BLV

    auto unlock
    PS C:\>Enable-BitLockerAutoUnlock -MountPoint "E:"
     
  8. SL2

    SL2 MDL Member

    Jan 18, 2012
    154
    48
    10
    It does. I've already read that article, that's not why I'm posting...
     
  9. whitestar_999

    whitestar_999 MDL Addicted

    Dec 9, 2011
    561
    236
    30
    I think you also need to set a password without which enabling encryption is practically no different than no encryption.e.g.earlier wd my passport ultra portable hdd came with hardware encryption so it was enabled by default but as long as one does not set a password they can be used with any pc.