Back in January Microsoft encrypted all my hard drives without saying anything. I was playing around with a dual boot yesterday and somehow aggravated Secureboot. So my C: panicked and required a 40 character key to unlock.
Your key is backed up to the Microsoft account associated with your install. Which is considerate to the hackers. (and saved me from a re-install) But if you’ve got an unactivated copy, local account, or don’t know your M$ account credentials, your boned.
Control Panel > System Security > Bitlocker Encryption.
BTW, I was aware that M$ was doing this and even made fun of the effected users. Karma.
IIRC, they only do this if you’re logged in with a Microsoft account.
Bitlocker is disabled by default if you only use local accounts
I have (had ;'( ) a local account, and bitlocker was activated. I only found out when my motherboard bit the dust, and that triggered the no-TPM bitlocker thingamajig. Goodbye data.
Of course it hits right as I needed the data on that laptop. Fucking murphy and his fancy legal words.
If anyone is in a situation like mine, you might find luck with a little DIY hacking: https://www.techspot.com/news/106166-old-bitlocker-vulnerability-exploited-bypass-encryption-updated-windows.html
This only happens on OEM installs of Windows. Ridiculous but as far as I know if you disable it after first setup (OOBE) it never shows up again if you have only local accounts.
I’ve occasionally seen it activate itself on computers with only a local account, though I’ve so far only seen it when upgrading in place to 11 with secure boot enabled in the BIOS, and not every time. Fortunately the one time it locked me out was on a freshly cloned drive, so it only cost me redoing the work.
Also, the number of people who I’ve seen lose all their data because they don’t even know they created an MS account during OOBE, and later had a boot or BIOS hiccup, is too bamn high!