• BaroqueInMind
    link
    fedilink
    3610 months ago

    Bit locker is a password controlled drive encryption. Am I being dumb or are you seriously saying that?

    • @[email protected]
      link
      fedilink
      English
      26
      edit-2
      10 months ago

      I guess they mean use the password as part of the encryption key, or encrypt the key with the password. Bitlocker doesn’t use the user’s password in that way, which is why it can boot an encrypted system without user interaction. That part always seemed very sketchy to me.

        • @[email protected]
          link
          fedilink
          English
          310 months ago

          Thanks, that sounds really useful. I’m guessing it won’t work unless you’re local admin though.

            • @[email protected]
              link
              fedilink
              English
              2
              edit-2
              10 months ago

              Which kind of makes it useless in many corporate environments where it’s most needed, since the users won’t be able to set their own password.

              • @[email protected]
                link
                fedilink
                English
                510 months ago

                I mean, if it’s a corporate device then it’s really a policy IT should be setting - this can be easily be done via a GPO or Intune policy, where an elevated script can prompt the end-user for a password.

                • @[email protected]
                  link
                  fedilink
                  English
                  2
                  edit-2
                  10 months ago

                  Yarp. And when they forget it we use the 48 numerical recovery key found using the recovery ID that shows on the screen when you hit escape (from the bitlocker screen)

                  • @[email protected]
                    link
                    fedilink
                    English
                    110 months ago

                    I’m talking about letting the user change their own password. I’m honestly not sure how that would be technically accomplished in this situation without having to contact IT each time. It seems like something Microsoft should provide a no-frills GUI for that doesn’t require elevation.