New
#1
Configuring Bitlocker on 3 x SSDs whole drives and partitions
O/S version 21H2
I have new PC with three SSDs.
1 x M2 drive O/S [C]
1 x M2 drive data (one partition) [D]
1 x standard SSD (two partitions [E & F]
The mobo is UEFI with TPM
I believe that none of the Samsung Drives are Self Encrypting (or if they are this is poorly implemented by Samsung and others and as a result MS has updated Windows to default to Bitlocker software encryption).
If I have understood all that correctly this means that even on my TPM enabled motherboard I now have to resort to software encryption. I hope there are still advantages to TPM beyond hardware encryption as I only upgraded as a result of Windows 11 not supporting non TPM hardware.
So, this is what I am trying to achieve:
1. I would like to configure all drives to be encrypted with bitlocker using a strong key for booting into windows on C (rather than relying on a much less secure Windows Login PW with PM)
2. I would like drive D and partition E to be mounted on boot.
3. I would like partition F to remain unmounted until it is mounted manually.
Before I started to attempt this I read through this post I started to configure using GPEDIT and got some error messages about bitlocker processes being in progress and to wait until these had completed. This error message cleared on reboot. So now I am going to have another go having returned all Group Policy bitlocker options to default of 'not configured'.
So I think I have to:
Leaving TPM support on on the BIOS
Edit Group Policy to enable requirement for password at boot on OS drive at boot
Edit group policy to enable requirement for password on data drives
Encrypt drives C and D and partition E using same password/key
Encrypt partition F using different password/key so that it is not mounted at boot.
Have I understood all this correctly and can I confifure for all drives/partitions to be mounted at boot apart from F?
Thank you for your time and patience with any replies.
.