Stop someone reading files if hard drive stolen
Discussion
Small panic this morning when I thought I'd left the laptop on the train.
And it got me thinking - While 90% of stolen laptops are going to be formatted and stuck on ebay, for the 10% who might want to dig further into the data on it, is there anyway to stop someone removing the drive, putting it into an external dock and then taking ownership of the drive and files and reading the content?
And it got me thinking - While 90% of stolen laptops are going to be formatted and stuck on ebay, for the 10% who might want to dig further into the data on it, is there anyway to stop someone removing the drive, putting it into an external dock and then taking ownership of the drive and files and reading the content?
Or Veracrypt if you have no TPM or Pro version of Windows: https://www.veracrypt.fr/en/Home.html
Brother D said:
Ah yeah ok I've never delved into using that.
I assume it encrypts the whole disk, so is that going to end up encrytping my onedrive files as these are synced to the cloud? Would that mean I need a bitlocker app to look at files on my android?
no. They are only encrypted on your SSD.I assume it encrypts the whole disk, so is that going to end up encrytping my onedrive files as these are synced to the cloud? Would that mean I need a bitlocker app to look at files on my android?
We have Bitlocker on our corporate laptops. Really good, kind of 'install and forget'
Only difference is that we are presented with a PIN entry screen at power up, that needs to be entered to get to the Windows logon screen. That's the first level of protection, aside from the encryption.
More details here: https://www.zdnet.com/article/bitlocker-guide-how-...
Only difference is that we are presented with a PIN entry screen at power up, that needs to be entered to get to the Windows logon screen. That's the first level of protection, aside from the encryption.
More details here: https://www.zdnet.com/article/bitlocker-guide-how-...
eeLee said:
Brother D said:
Ah yeah ok I've never delved into using that.
I assume it encrypts the whole disk, so is that going to end up encrytping my onedrive files as these are synced to the cloud? Would that mean I need a bitlocker app to look at files on my android?
no. They are only encrypted on your SSD.I assume it encrypts the whole disk, so is that going to end up encrytping my onedrive files as these are synced to the cloud? Would that mean I need a bitlocker app to look at files on my android?
Surprised it not on by default for most use cases
Arnold Cunningham said:
It often is on the laptops we buy. It’s decent enough, we use it on everything.
I did ask my fellow IT desktop nerds at work about this and they said for corporate laptops there's an issue with upgrading to a new OS build that ends up needing physical hands on? anyway I'm just concerned about my own laptop with the wealth of data it has on it Brother D said:
I did ask my fellow IT desktop nerds at work about this and they said for corporate laptops there's an issue with upgrading to a new OS build that ends up needing physical hands on? anyway I'm just concerned about my own laptop with the wealth of data it has on it
You're backing up that data to OneDrive?Bitlocker also helps defend the PC which is why MS is pushing it. Without encryption, anyone with access to the OS can also modify it maliciously as well as steal your data.
If the drive is not encrypted, it could be just a case of replacing utilman.exe with cmd.exe and you can get into the machine with admin rights.
Brother D said:
I did ask my fellow IT desktop nerds at work about this and they said for corporate laptops there's an issue with upgrading to a new OS build that ends up needing physical hands on? anyway I'm just concerned about my own laptop with the wealth of data it has on it
Your IT nerds don’t sound very bright.There’s generally few issues with bitlocker. Very rare Occasions we have had an issue where the laptop can’t boot (we think after an update but could also be Dell related). Normally a simple decrypt via the command line in repair, let the updates complete and re-encrypt solves it.
Bitlocker is a very easy and free way of securing your data and is essential in a corporate environment IMO. Only downside is that the bitlocker password screen is a US keyboard which can catch you out if you have symbols or special characters in your bitlocker password.
Works laptops have Bitlocker, almost always seamlessly works. Just windows login.
Just occasionally it prompts for a unlocking key, which bricks the laptop till you can get through to our IT helpdesk (often hours, if not a day) which can be slightly infuriating if your on site with a supplier! Apparently it shouldn't, and they don't know why it does. Happened to me me once so far, a college a few times.
But yes. Otherwise, basically, great.
Just occasionally it prompts for a unlocking key, which bricks the laptop till you can get through to our IT helpdesk (often hours, if not a day) which can be slightly infuriating if your on site with a supplier! Apparently it shouldn't, and they don't know why it does. Happened to me me once so far, a college a few times.
But yes. Otherwise, basically, great.
dhutch said:
Works laptops have Bitlocker, almost always seamlessly works. Just windows login.
Just occasionally it prompts for a unlocking key, which bricks the laptop till you can get through to our IT helpdesk (often hours, if not a day) which can be slightly infuriating if your on site with a supplier! Apparently it shouldn't, and they don't know why it does. Happened to me me once so far, a college a few times.
But yes. Otherwise, basically, great.
Some low level firmware updates can trigger it, if not done correctly, e.g. BIOS updates.Just occasionally it prompts for a unlocking key, which bricks the laptop till you can get through to our IT helpdesk (often hours, if not a day) which can be slightly infuriating if your on site with a supplier! Apparently it shouldn't, and they don't know why it does. Happened to me me once so far, a college a few times.
But yes. Otherwise, basically, great.
Some docking stations can trigger it due to a change in hw.
Also if the system doesn't have a TPM or hw support in the HDD it can be problematic.
annodomini2 said:
dhutch said:
Works laptops have Bitlocker, almost always seamlessly works. Just windows login.
Just occasionally it prompts for a unlocking key, which bricks the laptop till you can get through to our IT helpdesk (often hours, if not a day) which can be slightly infuriating if your on site with a supplier! Apparently it shouldn't, and they don't know why it does. Happened to me me once so far, a college a few times.
But yes. Otherwise, basically, great.
Some low level firmware updates can trigger it, if not done correctly, e.g. BIOS updates.Just occasionally it prompts for a unlocking key, which bricks the laptop till you can get through to our IT helpdesk (often hours, if not a day) which can be slightly infuriating if your on site with a supplier! Apparently it shouldn't, and they don't know why it does. Happened to me me once so far, a college a few times.
But yes. Otherwise, basically, great.
Some docking stations can trigger it due to a change in hw.
Also if the system doesn't have a TPM or hw support in the HDD it can be problematic.
Brother D said:
Ah ok - that's probably what our desktop guy was trying to convey - we have a lot of hotdesks with either the old-school fixed dell type docking stations or the newer USB C docks. I assume it's just a case of entering the password if there are any changes? I thought it might be asking for a password on a much more frequent basis
With any encryption something has to be the key that unlocks the encryption.On a modern laptop Bitlocker uses a chip (TPM) on the laptop that's unique to the laptop to manage the encryption key.
If you have an older laptop or want an additional layer of security you can use a pre-boot password or PIN to unlock the drive.
Some companies will be suitable concerned that they mandate this in addition to the TPM handling the key.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff