locked
Bitlocker in Win10 on a newer model laptop that has a TPM chip RRS feed

  • Question

  • I previously asked where to go to turn on a Bitlocker PW and where it find my Identifier.  I forgot to mention that my newer model laptop shows that Bitlocker is turned on.  But when I turned it on my laptop did not so as my other PC's did.  My older PC's took a long time to encrypt before I could begin using them again.  My newer model laptop did not go through a long process of encrypting my HD which has 80GB of information.  My laptop took no time at all to encrypt my C: drive.  Instead my laptop rebooted normally.  How can I be sure that my C: drive data is encrypted?
    Tuesday, November 1, 2016 9:58 PM

Answers

  • 

    Hi,

    To ensure partition has been encrypted by BitLocker, you can use manage-bde command to check.

    The following example displays the drives on the computer and identifies whether or not they are BitLocker-protected and the current encryption status.

    manage-bde -status

    for more information please refer to this documentation.

    https://technet.microsoft.com/en-us/library/ff829849(v=ws.11).aspx

    If you find out that time of encryption is too short, I suggest to use DISM command to repair system image.

    Regards


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by RKAGENCY Thursday, November 3, 2016 1:19 PM
    Wednesday, November 2, 2016 2:59 AM

All replies

  • 

    Hi,

    To ensure partition has been encrypted by BitLocker, you can use manage-bde command to check.

    The following example displays the drives on the computer and identifies whether or not they are BitLocker-protected and the current encryption status.

    manage-bde -status

    for more information please refer to this documentation.

    https://technet.microsoft.com/en-us/library/ff829849(v=ws.11).aspx

    If you find out that time of encryption is too short, I suggest to use DISM command to repair system image.

    Regards


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by RKAGENCY Thursday, November 3, 2016 1:19 PM
    Wednesday, November 2, 2016 2:59 AM
  • The link that you sent does not apply to Windows 10.  Please send a link that I can use to check and see if my C: drive is encrypted.  Also, how do I turn on a bitlocker Password?
    Wednesday, November 2, 2016 9:16 PM
  • I am running Win 10 Pro.  Your link mentions only Win 8.1, 8, Server ... Is there a link for Win 10?

    I turned on Bitlocker on six other machines and ended up with Recovery Keys, Identifiers and Passwords and each machine took time to fully encrypt.  All desktops without TPM chips, so I had to change a setting first.

    I took the same steps on my laptop, but it has a TPM chip, so I did not have to change a setting first.  I have ended up with a Recovery Key and that's it.  I need an Identifier and Password.  It took zero time to encrypt.  The C: drive is tagged with a Bitlocker icon but 80GB of data takes longer than ZERO minutes to encrypt.  This solid state HD laptop is fast, but really!

    No kidding, this is my most important device, and I saved it for last to reduce the possibility of anything going wrong.  I must comply with encryption requirements from my company.  Please UNTRICK this for me.  This was my seventh machine, so really!!

    Thursday, November 3, 2016 1:42 PM
  • Hi.

    You have two threads, I have already replied in your other one, but you haven't returned to that one. https://social.technet.microsoft.com/Forums/windows/en-US/c6e6a87b-e43a-410a-9b5f-2d9f4fd73da1/bitlocker-pw-and-identifier?forum=win10itprosecurity#c6e6a87b-e43a-410a-9b5f-2d9f4fd73da1

    In this thread, you are probably missing, that bitlocker supports hardware encryption, that means, if your hard drive hapens to be a self encrypting drive ("SED") and options to utilize that are set, it will be instantly encrypted ("in zero minutes").

    About the password: a TPM is used transparently by default, that means, it holds the keys and no password is needed. If you would like to add a password, you need to set the options to require TPM and PIN and the add a PIN protector. If you also set a GPO to require an "advanced PIN", you can also use alpha numeric and special characters in your PIN.

    About the identifier: if you open a command line, you can use the command

    manage-bde -protectors c: -get

    to read out all protectors. There will be a recovery key and with it an identifier.

    Saturday, November 5, 2016 10:46 AM