Installed Bitlocker does not ask for password on computer start-up!

Page 1 of 2 12 LastLast

  1. Posts : 6
    Windows 10
       #1

    Installed Bitlocker does not ask for password on computer start-up!


    SOLVED - see last post.

    My query is regarding a brand new i7 sixth generation computer with Windows 10 Professional, including all the Windows upgrades, and a new Samsung SSD hard-drive.

    The reason I bought Windows 10 Professional was for the full hard-drive encryption provided by Bitlocker in case my computer gets lost or stolen, as has happened to me previously. However, I have an ongoing problem with it and can't find a solution anywhere. I have tried to telephone Microsoft's telephone support several times but it has been beyond a joke with their outsource staff in far-flung countries with poor English claiming Windows 10 Professional does not have the option of Bitlocker or any form of encryption to all kinds of other absurdities.

    Whenever I start my computer it does not ask me to enter a Bitlocker username or password (I am asked for the Windows password, but, as everyone knows, those are not totally secure and do no protect hard-drive data access). Also, in the Bitlocker section in Control Panel, I am not giving the option to edit a Bitlocker password, even though that option exists in all the other screenshots I have seen on the web.

    How can I set my computer up to present me with a Bitlocker password on boot-up?

    My system does say my hard-drive is encrypted, but how can I certain of that if there is not even password protection?

    Here is what I see in my Windows Control Panel > Bitlocker section:



    I note the warning message about rights being restricted to the system adminstrator, but I am the system adminstrator and have double-checked that.

    I have even gone to the extent of re-installing my Windows 10 from scratch and setting up Bitlocker again, but am experiencing the same issue.

    Thanks a million for your help.
    Attached Thumbnails Attached Thumbnails Installed Bitlocker does not ask for password on computer start-up!-bitlocker-no-password.png  
    Last edited by MicrosoftPains; 16 Nov 2015 at 19:23.
      My Computer


  2. Posts : 5,478
    2004
       #2

    You can't change the bitlocker key and it would be impractical to enter it (it is 8 blocks of 6 numbers). This is the number you have to enter to unlock your drive to access it if it isn't unlocked by normal methods. This would prevent someone taking your disk out and being able to read it which can be done very easily if you don't have bitlocker enabled (which you do).

    Your recovery key is on the USB you saved it to when you enabled bitlocker (if you saved it to USB) or here RecoveryKey if you saved it to your OneDrive.

    What you can do is chose if what is required to unlock your drive when you boot (whether you need a pin, password, usb key). This is changed under gpedit.msc

    Installed Bitlocker does not ask for password on computer start-up!-gpedit.png

    There is a tutorial here somewhere - I'll see if I can find it. In the meantime what model of computer do you have exactly? Does it have a TPM (Trusted Platform Model) chip?

    EDIT: Here is a windows 8 tutorial BitLocker - Turn On or Off for OS Drive in Windows 8

    It is much the same except Windows 10 (version 1511 and later) allow stronger XTS-AES encryption - again set in gpedit.msc under Computer Configuration > Admisistrative Templates > Windows Componenets > Bitlocker Drive Encryption > Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)

    The separate bitlocker password is for non OS drives - see here BitLocker - Turn On for Fixed Data Drives in Windows 8 or BitLocker - Turn On for Removable Data Drives in Windows 8
      My Computer


  3. Posts : 6
    Windows 10
    Thread Starter
       #3

    Yes I have TPM.

    I have tried the instructions linked to previously, but they don't address the issue I am suffering unfortunately.

    Thank you for you reply and your advice. I appreciate you responding, but you are referring to something unrelated to what I am talking about.

    I am not referring to the extremely long Bitlocker unencryption recovery password - I would be a complete idiot if I was spending hours of my time trying to configure my computer so that I had to spend ages entering that every single time I turned my computer on.

    I was referring to a simple Bitlocker password that one can set-up that unlocks the drive every time the computer comes on. Bitlocker asks for people to choose their password when it set-up.

    It is referred to on thousands of websites: people are presented with it when they are start-up their PCs.

    You can see a screenshot of it here, which I am taken from the web:



    Can anyone assist please?

    Thank you.
    Attached Thumbnails Attached Thumbnails Installed Bitlocker does not ask for password on computer start-up!-password.jpg  
      My Computer


  4. Posts : 5,478
    2004
       #4

    MicrosoftPains said:
    Yes I have TPM.
    From that tutorial (where you got the picture)

    14. To "Enter a password" at Boot to Unlock the OS Drive

    NOTE: This will not be available with a TPM.
      My Computer


  5. Posts : 2,068
    Windows 10 Pro
       #5

    The idea is that you do not enter a bitlocker password when you boot up. Your TPM does this for you. As long as your hardware and bootloader hasnt changed, bitlocker will be seemless to you. So, yes, your pc is only as secure as your Windows password is in the event it is lost. I think this surprises many people when it comes to bitlocker.

    However, if you pull your hard drive and put into another box, it will prompt for the 48bit recovery key.

    Without encryption, if you left your laptop lying around, and I picked it up, and could not guess your password, all I have to do is pull the drive out, plug it into another computer and I have all of your data. Bitlocker protects against tbis scenario.
      My Computers


  6. Posts : 6
    Windows 10
    Thread Starter
       #6

    pparks1 said:
    The idea is that you do not enter a bitlocker password when you boot up. Your TPM does this for you. As long as your hardware and bootloader hasnt changed, bitlocker will be seemless to you. So, yes, your pc is only as secure as your Windows password is in the event it is lost. I think this surprises many people when it comes to bitlocker.

    However, if you pull your hard drive and put into another box, it will prompt for the 48bit recovery key.

    Without encryption, if you left your laptop lying around, and I picked it up, and could not guess your password, all I have to do is pull the drive out, plug it into another computer and I have all of your data. Bitlocker protects against tbis scenario.
    Interesting. Thanks a million for your input.

    I totally take the point about the hard drive being worthless if put into another system because it will be encrypted, but there would be no need for anybody to do that if they can just access everything on the hard-drive within the same system because there is no password protection! (The Windows login password protection is easily broken into.)

    If it doesn't ask for a password, then the encryption software has very little value and it's becomes nothing more than another Microsoft joke. I feel like I've been scammed by buying the Pro version of Windows for Bitlocker and then Microsoft not even giving customers a simple choice of whether they'd like a password barrier to their hard-drive data or not on the same device. It's like any other service not asking for a password and enabling anyone to have access.

    Surely there must be an option to have password protection for Bitlocker?

    Can anyone assist please?
      My Computer


  7. Posts : 3,257
    Windows 10 Pro
       #7

    Windows login passwords are only easily compromised if you can get access to the password file, which is on the disk.

    In other words, you need the drive to be un-encrypted in order to hack the password with any level of sophistication. Of course, a piece of malware on the computer could hack the password, or install a keylogger to get your password, but that could happen anyways even with a boot time password.
      My Computer


  8. Posts : 5,478
    2004
       #8

    MicrosoftPains said:
    The Windows login password protection is easily broken into
    If the TPM detects a change in boot parameters (if you try to boot from a DVD or USB for example) bitlocker will make you put in your recovery key. I'm not sure if it is easy to bypass windows password protection in this case (actually I've no idea but it is certainly harder).

    You can also require a pin and/or a physical usb key.

    The pin is actually recommended here in BitLocker Frequently Asked Questions (FAQ)
    What is the best practice for using BitLocker on an operating system drive?

    The recommended practice for BitLocker configuration on an operating system drive is to implement BitLocker on a computer with a TPM version 1.2 or 2.0 and a Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware implementation, plus a PIN. By requiring a PIN that was set by the user in addition to the TPM validation, a malicious user that has physical access to the computer cannot simply start the computer.

    Is it possible to add an additional method of authentication without decrypting the drive if I only have the TPM authentication method enabled?

    You can use the Manage-bde.exe command-line tool to replace your TPM-only authentication mode with a multifactor authentication mode. For example, if BitLocker is enabled with TPM authentication only and you want to add PIN authentication, use the following commands from an elevated command prompt, replacing <4-20 digit numeric PIN> with the numeric PIN you want to use:

    manage-bde –protectors –delete %systemdrive% -type tpm

    manage-bde –protectors –add %systemdrive% -tpmandpin <4-20 digit numeric PIN>
    Personally I use TPM and no pin and log into Windows using fingerprint reader.

    It would need someone more expert that me to say if this was good approach though. Probably a PIN as well would be more secure but you can't reboot remotely if you use a PIN.
      My Computer


  9. Posts : 6
    Windows 10
    Thread Starter
       #9

    I have managed to solve the issue thanks to the terrific guys here on these forums.

    For anyone else who is ever in the same boat, step 5 on this page is what you need to do. As it states, you need to unencrypt your hard-drive, then configure the settings in step 5, and then encrypt your drive again.

    Now it asks me for a Bitlocker pin number whenever I start-up my computer.

    THANK YOU to everyone for your incredible assistance. I have enjoyed far more knowledgeable folk and superior support here than I have ever seen on Microsoft's lousy forums where their own staff have little idea about the products they supposedly specialise in. It's a real pity that, now that we are even into version 10 of Windows, even the simplest of steps is made into a headache that can take 10+ hours to resolve. For the life of me, I don't know why Bitlocker can't just ask you "would you like to set-up a password when you start-up your computer?" instead of having to go into the deeper recesses of the operating system's configuration options and taking 25 steps to be able to so.

    Thanks everyone!
      My Computer


  10. Posts : 5,478
    2004
       #10

    Glad you got it sorted :)
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 14:55.
Find Us




Windows 10 Forums