Windows 11

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,752
Location
I am omnipresent
Website
s-laker.org
There's an issue now with Windows 11 that can prevent systems from booting under some circumstances. When installed on a new PC, Windows 11, even Home edition, now encrypts drives by default. Assuming the user can remember their Microsoft Account info, they can sign in to their account on Microsoft to recover the decryption key, which is 48 digits long. Anyone who has ever had to do boot time troubleshooting on Windows knows how many times you'll wind up having to reboot a PC to fix something. That translates in to repeatedly typing in a 48 digit key over and over to allow access to the encrypted volume. What fun.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
15,642
Location
USA
Is it possible to remove encryption after installation? What happens when you swap drives around, use Acronis, Macrium, etc.? I'm not liking this at all.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,752
Location
I am omnipresent
Website
s-laker.org
You can remove the encryption if you'd like. It only takes a few minutes to decrypt a whole SSD. Whole drive encryption used to be a feature only in the more expensive versions of Windows, so I was surprised to see it on machines running Windows Home edition. The question of what happens with encrypted data depends on the software and the state of the drive when the backup is created. Some tools will make an encrypted backup. Some will copy the raw data that's present. Some will just refuse to work. What fun, right?

In theory, the recovery key should be stored with your Microsoft Account, can be backed up to an external device like a USB drive or it can be put in trust for a key recovery agent within a relevant organization. I'm a little bit concerned and haven't had a chance to test what happens when a Windows 11 PC that meets the requirements for hardware encryption (TPM chip etc) isn't configured with a Microsoft Account or domain membership in the first place. I HOPE it doesn't encrypt in that case.

I'm pretty sure the Thinkpad I just got from Lenovo also had its drive encrypted by default but of course the first thing I did with that thing was blow away whatever was there with my own Windows 10 system image.

I don't see Windows Home editions very often but between UEFI/Secure Boot and now encryption by default, Microsoft is really doing everything it can to make boot-time tools impossible to use on new computers.
 
Top