none
Bit locker doesn't ask password to encrypt local C: volume RRS feed

  • Question

  • Hi I've got a problem with bitlocker on my PC Windows Pro. If I try to encrypt an external device (SDHC, USB disk, etc) everything works fine and bitlocker ask me to prompt a password for the device, before generating the recovery key, but when I try the same for the local disk (C:) it doesn't ask me anymore a password and just go straight to generate the recovery key, proceeding with the encryption. At the end, one I reboot the PC, the system doesn't prompt me for a bitlocker password, but only for windows login as usual. Finally, if I go in the menu option for the bitlocker feature of C: volume it doesn't show me the option to change the password.

    THere is no way to make it works (I've tried also by CLI, with manage-bde commands).

    This problem is the same as here (unresolved): https://answers.microsoft.com/en-us/windows/forum/windows_10-security/changing-bitlocker-password-windows-10/847a428f-2679-4573-9921-906a01b5a87c

    Also, it seems to be similar to the following: https://social.technet.microsoft.com/Forums/en-US/8d4f69d4-08c9-4b5b-b70a-e544e5a2fe5b/bitlocker-password-not-requested?forum=win10itprosecurity

    In the last one someone argues it must be related to the TPM module, but I dont' know how to make it works (solutions proposed in that topic is not applicable for me).

    THamk you in advance guys

    Tuesday, April 9, 2019 1:12 AM

All replies

  • Hi Fabio.

    It works as expected. By default, the system drive c: is protected only by the TPM protector. That means, the drive is encrypted and can only be read by people that are able to log on to your computer. It cannot be removed and connected to a different machine, since then, the TPM chip is not present.

    If you want to enter a PIN to start the computer so that there is already a preboot authentication, look at instructions here: https://www.howtogeek.com/262720/how-to-enable-a-pre-boot-bitlocker-pin-on-windows/

    Please note, a PIN is better than a password, here, since the TPM holds the strong key and the PIN does not need to be strong. Together, the are much stronger than a password.

    Tuesday, April 9, 2019 9:37 AM
  • Hi,

     

    For your questions, you could enable Enhanced PINs for BitLocker Startup in Windows 10.

     

    You must be signed in as an administrator to enable or disable enhanced PINs for BitLocker startup.

     

    Please have a try with the method below:

     

    https://www.tenforums.com/tutorials/37060-turn-off-bitlocker-operating-system-drive-windows-10-a.html#option1s4

     

    Note: This is a third-party link and we do not have any guarantees on this website. And Microsoft does not make any guarantees about the content.

     

    Hope these are helpful.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, April 10, 2019 9:16 AM
  • Hi,

     

    Was your issue solved?

     

    If yes, would you like to share your solution in order that other community members could find the helpful reply quickly.

     

    If no, please reply and tell us the current situation in order to provide further help.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, April 12, 2019 8:02 AM
  • Hi,

     

    Since you have not responded for a long time, we will temporarily archive this post.

     

    If the reply helped you, please remember to mark it as an answer.

     

    If you have any questions,  please feel free to contact us.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, April 18, 2019 9:40 AM