Question Device Encryption On Local Account?

Toggle sidebar Toggle sidebar
ThomasKinsley

ThomasKinsley

Notable
Oct 4, 2023
385
384
1,060
I'm helping someone set up a new Windows 11 Pro machine and installed a Local Account per their wishes. After scouring the privacy settings I came across Device Encryption. It stated that the drive was encrypted and ready for BitLocker to be turned on. I ultimately chose to decrypt the drive, but does anyone have any experience on this? My understanding is that a key is required if I wanted to read the drive on another machine, but there was no key being offered without turning Bitlocker on. I didn't want to jeopardize their data integrity by being "pretty sure" it would work. Is Windows 11 actually encrypting drives without a key in some weird limbo phase or was the drive not really encrypted?
 
Sort by date Sort by votes
Ralston18

Ralston18

Titan
Moderator
Oct 11, 2014
37,130
3,819
146,290
You will need the key.

As as I understand it all, BitLocker will not offer you a key. BitLocker will ask for the key if encryption is detected.

It would not be secure if there were circumstances whereby BitLocker decides that you are an authorized user and happily provides you with the key.

Especially if simply turning BitLocker on would cause that to happen.

= = = =

That said, I am really not sure about where you are with respect to the overall processes involved.

The following Microsoft link may prove helpful:

https://learn.microsoft.com/en-us/w...ng-system-security/data-protection/bitlocker/

More needs to be known. Post accordingly.
 
Upvote 0 Downvote
ThomasKinsley

ThomasKinsley

Notable
Oct 4, 2023
385
384
1,060
Thanks for the quick response. Below is an example of the situation.

The first image below is what it showed when encryption was complete. Device encryption is on. At the same time the second image shows that BitLocker is turned off. Turning off device encryption in the first image produced a warning (third image) but it allowed me to decrypt with a simple prompt and no key.

I wanted to know exactly what state the machine is in with device encryption on but Bitlocker off because this was the default setting on the computer. How would data recovery take place if the computer died in this state with device encryption on with a local account? Etc.


windows-11-turn-on-device-encryption-on.webp

5-turn-on-BitLocker.png

confirm-turn-off-device-encryption-in-windows-11-301021.jpg
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom