BitLocker on (Locked) on data partition - How safe to upgrade os?

Page 1 of 2 12 LastLast

  1. Posts : 135
    Windows 10
       #1

    BitLocker on (Locked) on data partition - How safe to upgrade os?


    I have a laptop I use for offline purposes only. It is Windows 10 Pro version 1709. It is BitLocker protected on the C drive and also the D (data) drive partition.

    If I unlock the operating system drive (which I have to anyway in order to access the operating system) and upgrade Windows 10 to the latest version, but leave the D drive locked where my data is i.e. in 'BitLocker on (Locked)' state, is there any risk that data on my D drive could be read or hacked into through a potential Windows upgrade process? This laptop does not have a TPM.

    Many thanks for any advice.
      My Computer


  2. Posts : 30
    Windows 10 1511
       #2

    If you fear that the windows upgrade process is malicious, you shouldn't use windows or at least do all updates offline. Any windows update as well as feature upgrade (as in 1709->21H1) is possible offline.
    Since the system account has access to recovery keys, it could unlock the partitions at any time if MS were to get your BL partition.
      My Computer

  3. Pejole2165's Avatar
    Posts : 866
    Windows 10 Pro
       #3

    Personally I would decrypt both drives, download latest ISO for the build you want, unplug the data drive, mount the ISO and run setup, then when the OS is upgraded re attach data drive and re encrypt. Also would strongly suggest using Macrium Reflect or a similar app to create an image of your system drive (preferably to an external drive) and create a Macrium boot USB flash drive (or similar app's boot disk) and test it before doing anything.
      My Computer


  4. Posts : 135
    Windows 10
    Thread Starter
       #4

    Comport Colin said:
    If you fear that the windows upgrade process is malicious, you shouldn't use windows or at least do all updates offline. Any windows update as well as feature upgrade (as in 1709->21H1) is possible offline.
    Since the system account has access to recovery keys, it could unlock the partitions at any time if MS were to get your BL partition.
    Many thanks for your helpful advice.

    I have a Windows account on this computer and not a Microsoft account.

    I have also been thinking of possibly completely removing the data and copying it to an external drive and then doing the updates rather than doing an offline update.

    I would also as a one off process wish to scan the entire HDD for malware. I normally scan data on another online computer before copying it into the offline one, which is a pain in the neck, but there is now no way to know if this laptop is 100% malware free, unless of course there is an offline way to check this through a security scan. My main internet security software is Kaspersky Internet Security.

    The other option is to copy the data, reformat the disk and clean install Windows 10. I guess I would not need a license key for this as activation says 'Windows is activated with a digital license'. if I am not sure if my license keys for an old Office 2007 would still work though.

    If I take the offline upgrade route is all I need a Windows 10 iso? I would need a backup plan if something went wrong with the upgrade process.

    - - - Updated - - -

    Pejole2165 said:
    Personally I would decrypt both drives, download latest ISO for the build you want, unplug the data drive, mount the ISO and run setup, then when the OS is upgraded re attach data drive and re encrypt. Also would strongly suggest using Macrium Reflect or a similar app to create an image of your system drive (preferably to an external drive) and create a Macrium boot USB flash drive (or similar app's boot disk) and test it before doing anything.
    Sorry I forgot to make it clear. I have one laptop HDD with two separate partitions - operating system and data.

    Thanks for the advice on Macrium.
      My Computer


  5. Posts : 30
    Windows 10 1511
       #5

    "If I take the offline upgrade route is all I need a Windows 10 iso?"
    Yes. You need a backup anyway, so not only when you upgrade or update windows.
      My Computer


  6. Posts : 135
    Windows 10
    Thread Starter
       #6

    I have started working on this now:

    1. I am scanning the offline computer for malware with a Kaspersky app called Kaspersky Virus Removal Tool, which of course can be used on offline: Free Virus Removal Tool | Free Virus Scanner and Cleaner | Kaspersky

    2. I am trying to download Windows 10 as an .iso from my online laptop using the Media Creation Tool so it can be used on the offline laptop: https://www.microsoft.com/en-us/soft...load/windows10 but am getting errors. I will try again.

    3. I will look at all backup options before installing Windows 10 as an upgrade, possibly including setting a manual restore point, but as Pejole2165 says it makes sense to decrypt both the operating system and the data partitions first before installing Windows 10 as an offline install though the .iso.

    4. From what I can see Rufus: Rufus - Create bootable USB drives the easy way can be used to install Windows 10 as an .iso on a USB flash drive.
      My Computer


  7. Pejole2165's Avatar
    Posts : 866
    Windows 10 Pro
       #7

    Although Rufus can be a useful tool I would use the Microsoft media creation tool to create the USB install disk, it can also make just the ISO if you would prefer.
    The MS created USB is bootable under both legacy and UEFI systems, it would be wise to use something like a 16Gb USB flash drive which allows you to add your own tools/ boot time driver files (F6 option during install, useful for loading RAID or other specific drivers needed at install time). Be aware the MS tool will format the USB at creation time so don't have any personal files on it till after creation.
      My Computer


  8. Posts : 30
    Windows 10 1511
       #8

    You don't need a bootable stick, since for upgrading, you cannot boot from it, only for new installations will a stick work when booted!
    So save the ISO to the stick, double click it, start setup and that's it.
      My Computer


  9. Posts : 135
    Windows 10
    Thread Starter
       #9

    Thanks both Pejole2165 and Comport Colin for your replies. I had no idea that you could just click on the .iso and run setup!

    I am fighting two problems today. One is a slow internet connection and I have had to downgrade the network to 3G, but the other one, which started yesterday, is error message 0x8007000D - 0x9002 when trying to download the .iso by running the MediaCreationTool21H1 (.exe). I have started going through these suggestions but it's hit and miss as to how this problem may be solved: 5 Ways to Fix Windows 10 Upgrade Error Code 0x8007000D-0x90002!!

    I even found suggestions elsewhere that the problem may be linked to conflicting language settings in Windows 10 i.e. English (United States) vs. English (United Kingdom), however changing the installation language in the media creation tool did not work.
      My Computer


  10. Posts : 30
    Windows 10 1511
       #10

    You may download the ISO on another site. Please note that this is easier and still, the download comes from Microsoft servers:
    TechBench by WZT (v4.1.1) (rg-adguard.net)
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 14:02.
Find Us




Windows 10 Forums