Bitlocker Question

Hey when you say encrypt bitlocker key on a flash drive, how should I do that? Encrypt it with bitlocker? The last time I encrypt my bitlocker key last time when you helped me do this, I encrypt it with axcrypt. That is what i use for all my programs/documents on my laptop. You suggest bitlocker instead?

 

@Drew1 I personally use Bitlocker for external drives as well as internal, at least the moment. If you prefer other encryption software for your external drives, it's OK, just use what you like.

 

Thanks.


I now have another issue. My laptop battery is flashing orange right now... do you think that is a bad battery? I posted in the dell xps thread on it


I bought battery 2 weeks ago and installed and it was fine... now its flashing orange. I even opened laptop up again and took it out and put it back in...


http://forum.notebookreview.com/threads/new-dell-xps-15-9550-battery-installation-help.834307/page-3

 

I saved the bitlocker recovery key last time to my usb stick. I want to also write it down on paper. I like to know... do i need to write down the identifier as well on paper or is that not necessary?


Or is the bitlocker recovery key all I need to save?I saved the bitlocker recovery key last time to my usb stick. I want to also write it down on paper. I like to know... do i need to write down the identifier as well on paper or is that not necessary?


Or is the bitlocker recovery key all I need to save?

 

Identifier is helpful if you have many Bitlocker encrypted drives, to understand which recovery key refers to each drive. Otherwise, it is not needed.

 

Thanks @Starlight5

 

Hey again.


I want to encrypt my usb drives as well. Do i use bitlocker for this? Is that the easiest thing to do? So when i do this, it would be setting up a pin just like with my dell xps 15 9550 windows 10 pro laptop right?


So everytime i plug the usb stick in, i need to enter the bitlocker pin that i assign to it to access it? So if i have multiple usb sticks, nothing wrong with putting the same bitlocker pin for all of them right?

 

Hey starlight5,



My dell xps 15 9550 laptop that I bought 5 years ago, I am still using it but had an issue where today it didn't power on many times until it finally did and I don't want to power it off now as I think it might not power on again. Main issue is because I'm outside the US now so can't buy a new laptop here.


I enter my bitlocker pin after powering on my laptop and then type in my windows 10 password.


But if I go to bed and want to keep my laptop on without shutting it off... is there a way to password protect it besides locking the computer which just requires you to enter your windows 10 password? Someone mentioned there was a way to lock your computer with bitlocker pin.... without turning the computer off. By that... it sound like they meant you could make it where you have to enter your bitlocker pin to access your laptop while its powered on. Like imagine you going to bed and wanting to keep laptop on but make sure its protected with bitlocker pin? Do you have any advice on this? I remember you or someone mentioning just leaving your computer locked with that windows password screen isn't going to do anything as someone who has access to the laptop could easily bypass this?

 

Sure, that's the default Bitlocker behavior, and how I personally use it.

It automatically locks the drive when system is locked or put to sleep, not just when it is turned off or hibernating. Basically the drive unlocks when you sign into Windows, and locks whenever you sign out, for whatever reason.

It depends. Tech has advanced a bit since our discussion. E.g. my current laptop always encrypts all memory contents, making attacks like Ice Cold Boot irrelevant.

But you are likely referring to Bitlocker with password vs Bitlocker with TPM+pin again.
* Bitlocker with password = you type Bitlocker password when machine boots, Bitlocker remains unlocked until you turn off or hibernate. If you lock the machine in Windows or put it to sleep, Bitlocker remains unlocked.
* Bitlocker with TPM+PIN = Bitlocker keys aren't even loaded to memory until you enter pre-boot PIN. Bitlocker is unlocked when you unlock Windows by typing your PIN (or scanning your fingerprint or face, if you set that up). Bitlocker will lock itself when you lock Windows, put the machine to sleep, hibernate or turn it off.

In your current circumstances, it is better to switch to Bitlocker with TPM+PIN.

 

Hey. Well a while back you had helped me set up the bitlocker setup.


But the bitlocker setting I have at the moment is the


Bitlocker with password?



How do i check which one I am currently using? I thought I had set it up with the TPM with pin but I think I mentioned I didn't want to use numbers only and wanted letters and that is when you said go with the bitlocker with password?



The bitlocker with password vs bitlocker with tpm+pin... wasn't there a 3rd option as well? I remember a 3rd option.



Okay so the way you have it set up... bltlocker with tpm and pin... you need to type your pin whether you turn on your laptop... or when you want to unlock it right? Thus when you click lock on your computer.... then instead of just typing your windows 10 password, you need to type your bitlocker pin? I remember you said you didn't have a windows 10 password?



So doesn't it make sense to always choose bitlocker with tpm and pin compared to the bitlocker with password then? Again... I always turn off my computer when I'm done for the night. But since right now I don't want to power off my computer, then TPM plus pin is the way to go? But what are the cons of using bitlocker with pin then? I think the reason I didn't want to choose the tpm+pin option was I had thought i could only use numbers as oppose to numbers+letters so that is why i choose bitlocker with password?

 

My advice BitLocker does more damage then a password protected Admin/Owner account and user Limited Account password protect.

 

@Drew1 I honestly don't remember what you have. Type manage-bde -status in elevated command prompt, post its output here - and we'll take it from there.

 

Can you explain why you say this?

 

So command prompt... how do i do this? Do i need to run it as administrator as well? I remember doing that a while back but don't remember exactly how to get back there.

 

Press Windows key and X key simultaneously, then press A.

Yes. Elevated = as Administrator. For this command, it makes no difference whether you use Powershell or regular Command Prompt. WIN+X then A launches Powershell as Administrator.

 

When you first setup your computer if Factory OEM - the account created is the Admin/Owner account. That is why you should password protect this account and make a user Limited Account that you use for everyday and then password protect that if other family members want to use that computer create a Limited Account for them so they can't mess or install any malicious/malware onto the System account. That way should there be problem you just wipe the bad account and start over or not give them access to the computer at all. These simple things does alot to stop infection but most people use the Admin/Owner account and anything install has "Permission" to install without or without you knowing clicking "YES" to install. This is how people get " BotNets" " RansSomeWare" " Virus" " Malware Infection" onto their system and they ask why can't I get rid of it.

 

@StormJumper from my understanding, @Drew1 is mostly concerned with physical access attacks by low-skilled and mediocre malicious actors.

 

Thanks. I will get back to you on this.