Microsoft re enables bitlocker, locked my computer and deleted the windows hello pin after installing 23H2.

[ThrashZone]

Hi,
Yeah can't let your guard down for even a second
Funny I don't even have win-10 drivers form my new lappy.
Have to contact acer and ask why. and why tpm access is locked to.

But installing green 23h2 what were you thinking

 

[Jacky_BEL]

This is why microsoft uses linux itself.

 

[W1zzard]

Hi,
Yeah I'm not seeing anything about disabling bitlocker here ? @W1zzard

Windows 11 Tweaks for GPU Benchmark

Updated for 22H2 - Install without Internet - When it prompts you to go online, press Shift+F10 and type "OOBE\BYPASSNRO" (that's an o not a zero at the end). After the automatic reboot you can install without network - Install on systems without TPM, UEFI or other requirements...

www.techpowerup.com

Only this bit not sure it's the same or not ?

rem Disable automatic TCG/Opal disk locking on supported SSD drives with PSID
reg add HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices /v TCGSecurityActivationDisabled /t REG_DWORD /d 1 /f

Did run across this but back in April

How to prevent automatic drive encryption in Windows 11?

Not sure, if it is possible in OOBE, but disabling/removing bitlocker/EFS services should prevent it 100%. I do this post-setup: Disable decryption and decrypt, in case the disk is already encrypted. reg add "HKLM\System\CurrentControlSet\Control\BitLocker" /v "PreventDeviceEncryption" /t...

www.elevenforum.com

Any idea what qualifies a machine for automatic Bitlocker encryption? Never ran into it and I do a lot of fresh installs

 

[Ferrum Master]

Any idea what qualifies a machine for automatic Bitlocker encryption? Never ran into it and I do a lot of fresh installs

Usually laptops. Never on a desktop machine.

It happens very very often actually.

 

[GerKNG]

Any idea what qualifies a machine for automatic Bitlocker encryption? Never ran into it and I do a lot of fresh installs

it seems to be only on OEM devices and the earliest cases are from 2017.

Windows 10/11 Home Edition and the OEM Bitlocker pitfall

[German]Today a topic that might have put one or the other user in an unpleasant situation. A machine with Windows 10 Home Edition (or Windows 11 Home) suddenly requests a Bitlocker key after an update or other change. The user stands like a duck in a thunder storm, since he does not have this...

borncity.com

 

[TheinsanegamerN]

brother bought a new laptop, got his old one and wiped it.
fresh W11 Pro installation, manually disabled bitlocker and checked a couple times that it is actually disabled. (wasn't the first time i found it to be enabled again after a couple weeks)
yesterday it installed 23H2 and it restarted for like 45 minutes... now bitlocker was automatically enabled again and this time it just reset my windows hello credentials and denied access to my own fucking computer.
after finding the uploaded bitlocker key from my PC, the windows pin was reset, i couldn't log in and it required an internet connection, email verification and a new pin just to get back to the desktop.

Yup sounds like MS to me.

what is wrong with this company? it's like paying rent for restricted access to my own property.

They are a multi trillion dollar company, they OBVIOUSLY know better then you.

and how can i make sure that this shit stays disabled? (happened so far only on OEM devices like HP, Dell and Lenovo Laptops and not desktop DIY PCs.)

Step 1: use linux.
Step 2: if you must use windows, use rufus to make the install, disable the TPM, bitlocker, and online account options. Force your way into having a local admin account.

Do you guys understand what you're saying? And do you understand what I'm saying? Our opinions are not far apart - I just don't subscribe to the idea that in a corporate environment like this, not every move that goes to the public goes unvetted. Everything corporate does is intentional. They know we'll swallow it. They know they can get away with it. They do it.

I work at a company on national scale and even we vet, test and then test again everything. This topic is about the way Windows works wrt to authentication and security. You can be damn sure this is either intentional or such an edge case it was never picked up on.

And its gonna get worse. Just look at windows 12's AI "features" being promoted. A whole new level of surveillance and interconnectivity. MS is also the same company that wants its gamepass service on every device you have, and wants platform bans to travel to everything you own.

MS has always been a dystopian company, with modern tech they can finally fill those boots. And along the way, you normal users are going to get RAILROADED with "bugs". And those who dont upload all their personal info, their ID, their license, bloodwork, and DNA sample to MS are going to find these bugs a lot more often.

 

[ThrashZone]

Any idea what qualifies a machine for automatic Bitlocker encryption? Never ran into it and I do a lot of fresh installs

Hi,
No idea
Limited bios access on laptops/ thought most susceptible would be 11 home but seems pro is also being bitlocked to
Here's another on an oem only common part is oem and 23h2 hehe

All partitions are Bitlocker on Win 11 Home SL?

Just made a clean install on a M.2 NVMe on a Samsung Book X30 It says that all data partitions are Bitlocker encrypted. - Its a Win 11 Home SL -Never set any Bitlocker encryption. What´s going on?

www.elevenforum.com

I just got a new acer lappy so this issue is interesting to say the least I'm on 22h2 though 11 pro.

Found this bit on 11 forum not sure you saw this or not so here it is again

Hi,
MS rarely follows GP.

By the way I didn't read any that helped turn bl off just jumps from hardware to software usage of it.

I asked the dude on 11f and said I got E & F to if this would work and he said it should

reg add "HKLM\System\CurrentControlSet\Control\BitLocker" /v "PreventDeviceEncryption" /t REG_DWORD /d "1" /f
fsutil behavior set disableencryption 1
manage-bde -off C:
manage-bde -off D:
manage-bde -off E:
manage-bde -off F:
cipher /d /e /f /s:C:\
sc config EFS start= disabled
sc config BDESVC start= disabled

 

[kapone32]

I don't have any data but I have a strange suspicion that Game pass is somehow hooked into Bitlocker in some way.

 

[ThrashZone]

I don't have any data but I have a strange suspicion that Game pass is somehow hooked into Bitlocker in some way.

Hi,
Yeah that ms account
MS has to protect that money maker info for themselves

Begs the quest if using local account what stops ms from one day using info from it to create a ms account of some sort
They already suggest names for email addresses.

Ever log into a hotmail/... using win-11 ? I have looks like all ms needs is to use that info and auto switch me off local

 

[kapone32]

Hi,
Yeah that ms account
MS has to protect that money maker info for themselves

Begs the quest if using local account what stops ms from one day using info from it to create a ms account of some sort
They already suggest names for email addresses.

Ever log into a hotmail/... using win-11 ? I have looks like all ms needs is to use that info and auto switch me off local

F'ing scary but true. MS has never been our friend. Like why are PC Games suddenly $100 Canadian or more than console Games for the base from studios they are buying.

 

[Space Lynx]

it seems to be only on OEM devices and the earliest cases are from 2017.

Windows 10/11 Home Edition and the OEM Bitlocker pitfall

[German]Today a topic that might have put one or the other user in an unpleasant situation. A machine with Windows 10 Home Edition (or Windows 11 Home) suddenly requests a Bitlocker key after an update or other change. The user stands like a duck in a thunder storm, since he does not have this...

borncity.com

I was using an OEM Win 11 Pro key when it messed up my Kingston KC3000 drive. It all makes sense now, heh. Win 10 Home OEM key no issues, because no bitlocker on Home Win 10.

 

[ThrashZone]

Hi,
Yeah updates tend to reset registry setting and or just regular personal privacy... setting to it's own advantage in the word of "best experience" why do you think onedrive/ teams/ ... keep reappearing lol
Group policy wise a lot is just ignored on some features and or EOLed and not cleaned out so this is not a reliable course.

I've noticed on multiple occasions going through settings for a split second the setting is not what I set it to but default but quickly changes when I switching to it lol
Setting preferences are also likely ignored and just there for show.

 

[kapone32]

Explain to me how you could change a drive letter in Disk Management and lose access to your Game Pass library

 

[Assimilator]

Explain to me how you could change a drive letter in Disk Management and lose access to your Game Pass library

View attachment 324256

For fuck's sake. How exactly is an application supposed to magically know when you've changed the drive letter underneath it? It doesn't. Steam, or in fact literally any application ever, will have the exact same problem if you do the exact same thing.

 

[kapone32]

For fuck's sake. How exactly is an application supposed to magically know when you've changed the drive letter underneath it? It doesn't. Steam, or in fact literally any application ever, will have the exact same problem if you do the exact same thing.

First of all I have 9 drives in my PC. I did not change the drive letter that Gamepass files are saved on. There was no issue with Steam as it was a formatted drive that was empty. If you are so confident about Gamepass not being able to do that do you realize it is offered as a part of Windows Install if you click Gaming in the settings. Why do we not have access to the files?

I bet you are attacking me for no reason because you are bored.

 

[R-T-B]

Any idea what qualifies a machine for automatic Bitlocker encryption? Never ran into it and I do a lot of fresh installs

I'm pretty sure its part of the TrustedCore bios builds on OEM machines. Most white box builds will not run into this.

 

[remixedcat]

@GerKNG Pretty sure this is how my Kingston KC3000 1tb got fucked up before I did the RMA on it, bitlocker encrypted it without my permission, then I went to clean install Linux one day and the two OS's waged a war somehow, cause Linux was trying to overwrite it, and then it just all got fucked up from there I guess. No idea. BUt I RMA'd got a new drive, and Win 10 Home has been treating me good ever since, I am not upgrading my OS until 2026, fuck that noise.

did you install windows first? immediatly disable bitlocker and fast startup in order to dual boot you gotta install windows first, than linux. . Did that on my new dell that'm using and that worked. I also have windows updates firewalled on my meraki mx64 router... there's even a "windows updates" preset for it lol... n that's what I have configured on my firewall

 

[RJARRRPCGP]

the windows pin was reset, i couldn't log in and it required an internet connection, email verification and a new pin just to get back to the desktop.

This can also happen if Secure Boot is disabled. Same with updating the UEFI-BIOS. You can run into this situation if the BIOS gets updated, also the same if you change the CPU, IIRC!

Windows 11's login portion gets very sus if Secure Boot gets disabled. Even more likely if the BIOS settings are lost, where CSM is enabled! But it's highly likely just from Secure Boot being disabled by default with each BIOS update! In a way, it seems trigger-happy, like XP, when there was no such thing as UEFI! Because back in the legacy-BIOS days, BIOS updating was rare on an existing installation, compared to now!

 

[lexluthermiester]

Any idea what qualifies a machine for automatic Bitlocker encryption? Never ran into it and I do a lot of fresh installs

Same here, I've never seen it auto-enable.

Windows 11's login portion gets very sus if Secure Boot gets disabled.

This is not correct. I have been using 11 since the first days of the beta program and have never used SecureBoot. No issues whatsoever.

 

[GerKNG]

Same here, I've never seen it auto-enable.

went through three more systems (DIY, Dell Laptop and HP Laptop)
DIY is automatically disabled.
OEMs seems to get recommended by microsoft to auto enable device encryption. (was a reply on a HP forum)
and on both laptop it was auto enabled after a fresh install from my 23H2 USB Drive.

 

[ThrashZone]

Hi,
God I love new rufus

 

[lexluthermiester]

went through three more systems (DIY, Dell Laptop and HP Laptop)
DIY is automatically disabled.
OEMs seems to get recommended by microsoft to auto enable device encryption. (was a reply on a HP forum)
and on both laptop it was auto enabled after a fresh install from my 23H2 USB Drive.
View attachment 325146

I don't think all OEM systems are being done like this. But who knows. It's really kinda stupid.

Hi,
God I love new rufus

Right?

 

[ThrashZone]

Hi,
Yeah hopefully I got the acer crapware off my lappy that would approve such a features as bitlocker
But had to install a few to get oc features back after clean install of 22h2
Offline install is #1 rufus iso prep #2 hehe.

 

[cst1992]

Hi,
God I love new rufus

Right?

I installed Win11 using Rufus in my new rig and honestly couldn't understand what the fuss was about about Win11.
Then I realized Rufus took care of it all:
- Removed any crap regarding online Microsoft account requirements
- Removed OOBE (so you can click "I don't have Internet" during setup)
- Removed Secure Boot requirement, requirement for 4GB+ RAM and TPM 2.0
- Disabled telemetry questions
- Created a local account with my name
- Disabled BitLocker

 

[ThrashZone]

I installed Win11 using Rufus in my new rig and honestly couldn't understand what the fuss was about about Win11.
Then I realized Rufus took care of it all:
- Removed any crap regarding online Microsoft account requirements
- Removed OOBE (so you can click "I don't have Internet" during setup)
- Removed Secure Boot requirement, requirement for 4GB+ RAM and TPM 2.0
- Disabled telemetry questions
- Created a local account with my name
- Disabled BitLocker

Hi,
Yep I'll mount 23h2 using rufus prepping the iso before as well
Way to easy