Windows 11

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,786
Location
I am omnipresent
Website
s-laker.org
There's an issue now with Windows 11 that can prevent systems from booting under some circumstances. When installed on a new PC, Windows 11, even Home edition, now encrypts drives by default. Assuming the user can remember their Microsoft Account info, they can sign in to their account on Microsoft to recover the decryption key, which is 48 digits long. Anyone who has ever had to do boot time troubleshooting on Windows knows how many times you'll wind up having to reboot a PC to fix something. That translates in to repeatedly typing in a 48 digit key over and over to allow access to the encrypted volume. What fun.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
15,676
Location
USA
Is it possible to remove encryption after installation? What happens when you swap drives around, use Acronis, Macrium, etc.? I'm not liking this at all.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,786
Location
I am omnipresent
Website
s-laker.org
You can remove the encryption if you'd like. It only takes a few minutes to decrypt a whole SSD. Whole drive encryption used to be a feature only in the more expensive versions of Windows, so I was surprised to see it on machines running Windows Home edition. The question of what happens with encrypted data depends on the software and the state of the drive when the backup is created. Some tools will make an encrypted backup. Some will copy the raw data that's present. Some will just refuse to work. What fun, right?

In theory, the recovery key should be stored with your Microsoft Account, can be backed up to an external device like a USB drive or it can be put in trust for a key recovery agent within a relevant organization. I'm a little bit concerned and haven't had a chance to test what happens when a Windows 11 PC that meets the requirements for hardware encryption (TPM chip etc) isn't configured with a Microsoft Account or domain membership in the first place. I HOPE it doesn't encrypt in that case.

I'm pretty sure the Thinkpad I just got from Lenovo also had its drive encrypted by default but of course the first thing I did with that thing was blow away whatever was there with my own Windows 10 system image.

I don't see Windows Home editions very often but between UEFI/Secure Boot and now encryption by default, Microsoft is really doing everything it can to make boot-time tools impossible to use on new computers.
 

sedrosken

Florida Man
Joined
Nov 20, 2013
Messages
1,333
Location
Eglin AFB Area
I had to use an obscure key combination to bring up a CMD window to bypass the OOBE on the laptop I bought my sister for Christmas -- she doesn't have a Microsoft account presently, and I wanted to make it her decision to make one rather than have Microsoft try and force her into it.

I finally took the plunge and upgraded my work laptop since we're kicking the tires and looking at a possible company-wide deployment sometime early 2024. Thankfully the worst of the UI BS can be worked around, but at the same time I feel like I'm not getting the full picture of what using 11 is like if I do work around them, so I'm torn. I have to be able to, actually, y'know, work, but at the same time I need to get proficient with doing things the 11 way so I can properly support my users.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,786
Location
I am omnipresent
Website
s-laker.org
You CAN use Rufus to prepare an install image that drops the MS account requirements. Most of the integrations for the account boil down to redirecting folders to Onedrive (no, thank you) and having a place to put the default-on Bitlocker recovery key.
 

sedrosken

Florida Man
Joined
Nov 20, 2013
Messages
1,333
Location
Eglin AFB Area
Right, but this was a Dell refurb I wanted to keep the (two year!) warranty on, I wasn't sure what it does and doesn't allow me to change (and was too lazy to read the terms) so I was hesitant to reformat and reinstall just for that. Frankly, if I was going to do that, I would have just installed 10 since it's a Zen3 laptop that doesn't need 11 for a competent CPU scheduler or anything.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,786
Location
I am omnipresent
Website
s-laker.org
The hardware warranty in no way depends on the state of software on the PC. We won that fight in like 1998. When I ship an in-warranty laptop for service, I remove the drive before I ship it anyway; I've heard of people getting their laptop factory reset too many times to trust anything else.
 

sedrosken

Florida Man
Joined
Nov 20, 2013
Messages
1,333
Location
Eglin AFB Area
Hmm. Maybe I will just nuke it and install 10 over the weekend then, before I send it out to her.

Dell is at least a heck of a lot better about not preloading a ton of bloatware than they used to be -- the only thing I actually uninstalled was McAfee. It's just a shame Microsoft themselves are a lot worse about it than they've ever been.
 
Top