Hot Take Win 11 Home User Beware - BitLocker Disk Encryption is Turned On Without Notifying You

Victor M

Level 7
Thread author
Verified
Well-known
Oct 3, 2022
314
Windows 11 Home turns ON drive encryption Without Notifying You. That means, that if BitLocker detects any other OS touching the drive, it will ask for the Recovery Key upon reboot - which you won't have. You can go online to your MS Account to retrieve it. And I advise you to do so Before anything happens. Because you may only have 1 laptop.

The bad thing about it is - it encrypted the newly made partition that holds my friend's drive image. And the Macrium Rescue Media cannot read that partition anymore. MS does this encrypting without warning. And in my friend's case, he is screwed, because he didn't have the drive image stored in duplicate to a removable drive or USB key.

The blue screen where BitLocker asks for the Recovery Key does have the address of the web site where you can retrieve your key, but it is an unnecessary hoop that you have to go thru. The encryption of the backup partition was uncalled for and should have never happened without telling the user about the Recovery Key and giving the user a chance to save it or print it like in Windows Pro.

Know also that BitLocker encryption offers no protection if your laptop is hacked or invaded by malware. Windows decrypts the contents of the drive for the intruder when you sign in to Windows just like when you are using the machine normally.
 
Last edited:

Victor M

Level 7
Thread author
Verified
Well-known
Oct 3, 2022
314
I don't have that Recovery Key web link with me. You get to see it on the blue screen when Windows prompts you for the recovery key. If you are asking for a link to the source of this 'news' - it happened to my friend.

Windows Home Control Panel does not have a BitLocker control. It is embedded into Settings under Privacy and Security where you can turn Drive Encryption off.
 
Last edited:
  • Like
Reactions: [correlate]
F

ForgottenSeer 100397

When I installed Windows 11 Pro using a local account, it automatically turned BitLocker on. However, in the Settings Panel, it said that I needed to sign in to my Microsoft account for full encryption. I could disable encryption in the Settings Panel with no recovery key. It took only a few minutes to disable the encryption successfully.
 

Victor M

Level 7
Thread author
Verified
Well-known
Oct 3, 2022
314
I didn't even notice that in Win 11 Pro that there a duplicate control for BitLocker inside Settings. I have always used the control inside Control Panel, and it has a multi-stage wizard which gives you a chance to save the Recovery Key.
 
  • Like
Reactions: [correlate]

brambedkar59

Level 29
Verified
Top Poster
Well-known
Apr 16, 2017
1,860
Windows 11 Home turns ON drive encryption Without Notifying You. That means, that if BitLocker detects any other OS touching the drive, it will ask for the Recovery Key upon reboot - which you won't have. You can go online to your MS Account to retrieve it. And I advise you to do so Before anything happens. Because you may only have 1 laptop.

The bad thing about it is - it encrypted the newly made partition that holds my friend's drive image. And the Macrium Rescue Media cannot read that partition anymore. MS does this encrypting without warning. And in my friend's case, he is screwed, because he didn't have the drive image stored in duplicate to a removable drive or USB key.

The blue screen where BitLocker asks for the Recovery Key does have the address of the web site where you can retrieve your key, but it is an unnecessary hoop that you have to go thru. The encryption of the backup partition was uncalled for and should have never happened without telling the user about the Recovery Key and giving the user a chance to save it or print it like in Windows Pro.

Know also that BitLocker encryption offers no protection if your laptop is hacked or invaded by malware. Windows decrypts the contents of the drive for the intruder when you sign in to Windows just like when you are using the machine normally.
Drive encryption is not for protecting against malware or hacker, it's purpose is to protect data from unauthorised access or theft.
I am not really worried about either of those so I disable it in first boot after clean install. Negatives outweigh the positives for me.
 

Victor M

Level 7
Thread author
Verified
Well-known
Oct 3, 2022
314
I could disable encryption in the Settings Panel with no recovery key.
I see what you are saying. But my friend tried to access the C drive using Ubuntu Try Now. And BitLocker responded by locking his drive and asking for the recovery key. I guess MS knows this and it is their way of saying 'we own this machine, now Ubuntu you go buzz off'
 
Last edited:
  • Like
Reactions: [correlate]

Victor M

Level 7
Thread author
Verified
Well-known
Oct 3, 2022
314
Microsoft has a history of anti-competitive behavior. Like when they modified the Java language standard and made their own 'Java'. They hoped to lock in users into their own version of Java and stifle the competition. It defeats the purpose of Java because Java is meant to be the language where you 'write once, run anywhere'. They are doing it again with Windows Subsystem for Linux - you can install their WSL to get a taste of Linux. But they obviously don't want you to abandon Windows for Linux. And so far WSL has proved unpopular; it offers none of the security offered by Linux and introduces new attack surface for Windows. According to one source, 96% of the top one million web sites use Linux.
 
Last edited:
  • Like
Reactions: [correlate]
F

ForgottenSeer 100397

I didn't even notice that in Win 11 Pro that there a duplicate control for BitLocker inside Settings. I have always used the control inside Control Panel, and it has a multi-stage wizard which gives you a chance to save the Recovery Key.
Hardware security could be the explanation. On our two Windows 11 Pro laptops, the status shows "standard security not supported", and there is no BitLocker section in the Settings Panel. I can find the BitLocker section in the Settings Panel of another Windows 11 Pro laptop that supports enhanced security.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,393
I see what you are saying. But my friend tried to access the C drive using Ubuntu Try Now. And BitLocker responded by locking his drive and asking for the recovery key. I guess MS knows this and it is their way of saying 'we own this machine, now Ubuntu you go buzz off'
That's what encryption does, data protection. It's been reported as early as 2022, BitLocker availability on Windows 11 Home with mixed responses. Some get encryption, some don't. Microsoft don't appear to have a clear guidelines for who's eligible..

For full disk encryption, you'll need Windows 11 Pro. Or a third-party encryption software where you can store the recovery key offline.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top