My first dealings with BitLocker. What should I see? Is it really working? Are there work arounds? (I hope not)

Sorry, I guess I could answer this myself with a little effort, but haven't had the time to boot off a thumb drive or similar...

I enabled Bitlocker on win 10 pro.  My first dealings with bitlocker.  in settings-manage bitlocker- it says that bitlocker is on.

Booting up is the same as before - windows splash screen, then the normal windows login screen.

uh, I thought there'd be something before that to unlock the drive?  Years ago with some 3rd party thing, you'd get a  screen asking for a password before windows would start.

Beause this is a MS software, that's not the case?

Windows boots enough to ask for a password.  If that fails, you won't get anywhere?  If  i  boot from a thumb drive / linux / etc. I'll see gibberish? (other than maybe windows directory?

And I've done that hack of renaming utilman.exe with cmd.exe to be able to get to a dos prompt to get into a computer we're locked out of.   Same thing -  if I did that, most all of the C drive will be gibberish / not readable?  But yeah, I guess you want to rename utilman.exe back to normal again, otherwise someone could make an admin account and be able to log in?  And then by extension.... say I lost this laptop.  Someone boots from usb, does the utilman / cmd change.  creates a user... then they get to all the hard drive data?  Or at least my c:\user folder is still locked? Even with linux ignoring NTFS permissions?

Thanks!
BeGentleWithMe-INeedHelpAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
You are using bitlocker in transparent mode. Everything you see is normal and OK and you are safe against the scenarios you outline. If you want it even safer, set a PIN that functions as preboot authentication: https://www.howtogeek.com/262720/how-to-enable-a-pre-boot-bitlocker-pin-on-windows/
2

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BeGentleWithMe-INeedHelpAuthor Commented:
McKnife - as always, thanks for your great comments!

You said:

If you want it even safer, set a PIN that functions as preboot authentication:

Yes, after I posted here, I found that exact page : )

Can you describe a situation where preboot pin would make things 'even safer' / what doesn't transparent mode protect from?  I was thinking bitlocker was the be all / end all.  I even found a page talking about 2 partitions for bitlocker - I was thinking the machine boots off the unencrypted partition with just bare bones windows till you authenticate?  But I don;t think that's the case?

https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions#a-href-idbkmk-partitionsawhy-are-two-partitions-required-why-does-the-system-drive-have-to-be-so-large
0
BeGentleWithMe-INeedHelpAuthor Commented:
FYI - I am searching for the answer elsewhere.  to recap this is a wino 10 pro machine and has the TPM enabled if that influences your answer
0
BeGentleWithMe-INeedHelpAuthor Commented:
and while I'm thinking.... any comment on how would a bitlocker pin compare to a password / pin that you;d set in bios for either the hard drive or to start up (This is a dell latitude e5430)

Trying to keep people out if they find the laptop and its not powered on.
0
McKnifeCommented:
You cannot compare it to a hard drive password as this is a different technology and depends on the manufacturer of laptop and hard drive. I would go with the Bitlocker PIN since even a 6-digit numbers only PIN is super-secure since for brute forcing, attacker would have only 32 tries (that's the common amount of tries until TPM lockout occurs).


Without a preboot PIN, there are certain attack types possible. To keep the reasoning short: if you want to defend against the common thief, leave it as is. If you want to be safe against attackers that are real computer experts, set a PIN.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.