Microsoft re enables bitlocker, locked my computer and deleted the windows hello pin after installing 23H2.

[lexluthermiester]

well there is the reason why you and i don't have this issue on DIY systems.
Windows seems to have vendor specific settings baked in. On HP Machines i get the omen gaming hub and HP Smart. rebooting into safe mode is locked except software like AMDCleanupUtility demands it, terminal asks you if you are sure about what you just typed in and wants double confirmations even with just writing "winget list" , diskpart or ipconfig.
On Dell Systems i have auto installing software from them, terminal is not soft blocked, safe mode is blocked without software.

but both have automatic device encryption enabled by default, always and with both W10 and W11 when you make a fresh USB Drive with the media creation tool right now.
and they don't tell you about the encryption, don't give you the key and demand that you log in into your microsoft account to upload the keys to the recovery website.

Well there's your problem, you're connected to the internet during install. Stop doing that and the auto-config things will not happen.

 

[GerKNG]

Well there's your problem, you're connected to the internet during install. Stop doing that and the auto-config things will not happen.

as soon as you connect to the internet after the installation even with a local account the first windows update sets everything up.

 

[Selaya]

what happens if you just skip the microsoft account part?

 

[P4-630]

what happens if you just skip the microsoft account part?

even with a local account the first windows update sets everything up.

We got you covered

 

[GerKNG]

what happens if you just skip the microsoft account part?

rufus skip TPM/Secureboot RAM Check plus automatically create a offline admin account = windows update imediately starts downloading all the trash and sets up bitlocker.

 

[Selaya]

thats some serious fuckery man
my condolences

 

[P4-630]

A bit more serious, that really sucks man...

 

[Easy Rhino]

Good lord that is terrible. Glad I am not using Windows!!

 

[ThrashZone]

Good lord that is terrible. Glad I am not using Windows!!

Hi,
Yeah just asked acer about bitlocker/ securecore... being activated installing 23h2 and also where are the win-10 drivers lol
Next I'll ask about linux driver
Stay on 22h2 hopefully that won't be difficult to do.

rufus skip TPM/Secureboot RAM Check plus automatically create a offline admin account = windows update imediately starts downloading all the trash and sets up bitlocker.

I saw your prior post before this one you couldn't access cmd as admin either to use this string ? if not damn !

reg add "HKLM\System\CurrentControlSet\Control\BitLocker" /v "PreventDeviceEncryption" /t REG_DWORD /d "1" /f
fsutil behavior set disableencryption 1
manage-bde -off C:
manage-bde -off D:
manage-bde -off E:
manage-bde -off F:
cipher /d /e /f /s:C:\
sc config EFS start= disabled
sc config BDESVC start= disabled

but both have automatic device encryption enabled by default, always and with both W10 and W11 when you make a fresh USB Drive with the media creation tool right now.
and they don't tell you about the encryption, don't give you the key and demand that you log in into your microsoft account to upload the keys to the recovery website.

You know how to check the device encryption status using power shell or cmd ?

I don't use the ms creation tool for iso I used uup dump for 22h2 because all ms was offering is 23h2 even though it is not mainstream ready and throttled installing through update system still.
UUP Dump: Download Windows 11 Insider ISO File for Any Build

Apple doesn't even do this stuff so yeah pretty extreme of oem/ ms pulling this mandatory ms account and bitlocker crapware usage !

 

[mb194dc]

Microsoft market cap is 2.76 Trillion bucks. Yet they haven't produced a decent product for about 15 years and their idea of innovation is making you rent office. Pay monthly...

Windows has gone backwards and this is just another example of it. I can't believe it'll still be the dominant pc OS in 10 years...

Get hold of Windows 10 Enterprise one way or another op and don't look back until 2027.

 

[R-T-B]

what happens if you just skip the microsoft account part?

If it's a secureCore bios PC, you just won't have any recovery key backup, period.

linux driver

Linux drivers would be in the kernel and not a seperate download 99% of the time, due to how it works.

as soon as you connect to the internet after the installation even with a local account the first windows update sets everything up.

This sounds like a UEFI binary preload, a separate issue. Check your bios to (hopefully) disable it.

 

[GerKNG]

This sounds like a UEFI binary preload, a separate issue. Check your bios to (hopefully) disable it.

already did that :/ both machines and the "hidden settings" in the HP machine have nothing besides secureboot, tpm, boot order, time and date.

 

[ThrashZone]

Hi,
Yeah my acer security bios settings are locked so tpm can not be disabled or turned off.

If it's a secureCore bios PC, you just won't have any recovery key backup, period.


Linux drivers would be in the kernel and not a seperate download 99% of the time, due to how it works.


This sounds like a UEFI binary preload, a separate issue. Check your bios to (hopefully) disable it.

I asked on acer forum if securecore/ device encryption is enabled like you've been stating
Wait and see but not sure why it wasn't being used already on the oobe 22h2 install of 11 home
Home/ pro shouldn't matter :/

Here's the thread by the way
Dillholes added an i to my name, what kind of children are they and no way to change it lol

Is securecore/ device encryption activated on acer An17-41 laptops,encrypting data automatically

Hello I just bought the above laptop and was wondering, "there has been a bit of buzz" that win-11 23h2 install "from update system or clean installing 23h2" is encrypting data automatically with bitlocker and insisting users in creating a microsoft account to upload bitlocker key to servers my...

community.acer.com

 

[lexluthermiester]

as soon as you connect to the internet after the installation even with a local account the first windows update sets everything up.

Unless you apply configs before connecting.

 

[ThrashZone]

Hi,
Well got a couple replies
Pretty much stating the way it should be on one
Device encryption shouldn't activate unless a user agrees to it you can check with security/ device encryption setting.
So question is did MS add this DE = bitlocker use to the terms of use agreement and if so this explains why it's activating.

So no @R-T-B just having devise encryption is not enough to auto activate bitlocker it has to be buried into terms of use.

I'm getting a 11 pro build from uup dump atm and may test this out later
I would just get it from ms but this board has 11 home embedded so don't want that crapware popping up and confuse the mount installer.

 

[Lew Zealand]

Just for fun, I set up a new ASUS TUF A15 as a regular user and yup, Bitlocker is enabled without direct references to it and it's even obfuscated in the Settings app as Device Encryption. When you click the Bitlocker-labebed settings it opens the MS Store app lol, I didn't want follow on to where it wanted me to go in there but I found the laptop's Bitlocker Key in my MS account as expected.

I wonder how tech support's going for people with BL problems after system corruption, etc. If MS charges for service after 90 days or a year, maybe that's helping prop up their stock price.

 

[P4-630]

So it seems to be a laptop thing?

 

[lexluthermiester]

So it seems to be a laptop thing?

Maybe?

 

[ThrashZone]

Maybe?

Hi,
Yeah I 'm on final stages on mounting 23h2 atm
Just installing updates this is where op said DE appeared.
Restarting even though I wasn't prompted to.

Nope still not bitlocked
A-hole installer did not use my larger recovery partition I made in front of C either
So I guess I'll try again and this time name it system reserved instead of recovery.

 

[R-T-B]

All I said only applies to secureCore bios PCs, it's possible @ThrashZone 's acer is just a normal uefi pc.

I agree things could be far clearer.

 

[lexluthermiester]

I agree things could be far clearer.

They really could!!

 

[ThrashZone]

All I said only applies to secureCore bios PCs, it's possible @ThrashZone 's acer is just a normal uefi pc.

I agree things could be far clearer.

Hi,
FWIW
Security in bios is locked
I can't do squat in there except "maybe" add a password.

 

[P4-630]

Anyway, if it went enabled on install, once done you should be able to just disable bitlocker on each drive...

 

[R-T-B]

Hi,
FWIW
Security in bios is locked
I can't do squat in there except "maybe" add a password.

Yeah, that could just be acer lameness though.

 

[ThrashZone]

Hi,
2nd mount still no bitlocker
Keeping in mind I used all rufus options which includes disable bitlocker/..... without internet the whole time.

2nd time I did not run this until after checking for and installing a few

reg add "HKLM\System\CurrentControlSet\Control\BitLocker" /v "PreventDeviceEncryption" /t REG_DWORD /d "1" /f
fsutil behavior set disableencryption 1
manage-bde -off C:
manage-bde -off D:
manage-bde -off E:
manage-bde -off F:
cipher /d /e /f /s:C:\
sc config EFS start= disabled
sc config BDESVC start= disabled

Damn mount installer still created another recovery partition at the end
Well they say third times the charm so I must try lol
This time I'll do it with cmd so the label shows correctly or as it's always shown as "System Reserved"
See if disk genius is just messing up MSR and it just showing Other as label :/