My first dealings with BitLocker. What should I see? Is it really working? Are there work arounds? (I hope not)

Sorry, I guess I could answer this myself with a little effort, but haven't had the time to boot off a thumb drive or similar...

I enabled Bitlocker on win 10 pro.  My first dealings with bitlocker.  in settings-manage bitlocker- it says that bitlocker is on.

Booting up is the same as before - windows splash screen, then the normal windows login screen.

uh, I thought there'd be something before that to unlock the drive?  Years ago with some 3rd party thing, you'd get a  screen asking for a password before windows would start.

Beause this is a MS software, that's not the case?

Windows boots enough to ask for a password.  If that fails, you won't get anywhere?  If  i  boot from a thumb drive / linux / etc. I'll see gibberish? (other than maybe windows directory?

And I've done that hack of renaming utilman.exe with cmd.exe to be able to get to a dos prompt to get into a computer we're locked out of.   Same thing -  if I did that, most all of the C drive will be gibberish / not readable?  But yeah, I guess you want to rename utilman.exe back to normal again, otherwise someone could make an admin account and be able to log in?  And then by extension.... say I lost this laptop.  Someone boots from usb, does the utilman / cmd change.  creates a user... then they get to all the hard drive data?  Or at least my c:\user folder is still locked? Even with linux ignoring NTFS permissions?

Thanks!
BeGentleWithMe-INeedHelpAsked:
Who is Participating?
 
McKnifeConnect With a Mentor Commented:
You are using bitlocker in transparent mode. Everything you see is normal and OK and you are safe against the scenarios you outline. If you want it even safer, set a PIN that functions as preboot authentication: https://www.howtogeek.com/262720/how-to-enable-a-pre-boot-bitlocker-pin-on-windows/
2
 
BeGentleWithMe-INeedHelpAuthor Commented:
McKnife - as always, thanks for your great comments!

You said:

If you want it even safer, set a PIN that functions as preboot authentication:

Yes, after I posted here, I found that exact page : )

Can you describe a situation where preboot pin would make things 'even safer' / what doesn't transparent mode protect from?  I was thinking bitlocker was the be all / end all.  I even found a page talking about 2 partitions for bitlocker - I was thinking the machine boots off the unencrypted partition with just bare bones windows till you authenticate?  But I don;t think that's the case?

https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions#a-href-idbkmk-partitionsawhy-are-two-partitions-required-why-does-the-system-drive-have-to-be-so-large
0
 
BeGentleWithMe-INeedHelpAuthor Commented:
FYI - I am searching for the answer elsewhere.  to recap this is a wino 10 pro machine and has the TPM enabled if that influences your answer
0
 
BeGentleWithMe-INeedHelpAuthor Commented:
and while I'm thinking.... any comment on how would a bitlocker pin compare to a password / pin that you;d set in bios for either the hard drive or to start up (This is a dell latitude e5430)

Trying to keep people out if they find the laptop and its not powered on.
0
 
McKnifeCommented:
You cannot compare it to a hard drive password as this is a different technology and depends on the manufacturer of laptop and hard drive. I would go with the Bitlocker PIN since even a 6-digit numbers only PIN is super-secure since for brute forcing, attacker would have only 32 tries (that's the common amount of tries until TPM lockout occurs).


Without a preboot PIN, there are certain attack types possible. To keep the reasoning short: if you want to defend against the common thief, leave it as is. If you want to be safe against attackers that are real computer experts, set a PIN.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.