My Surface obviously has BitLocker enabled out of the box, and I'm considering enabling it on my laptop too. I've never gone thorugh the process of enabling BitLocker (since Surface was OOBE), so I want to clarify some questions to decide whether BitLocker is suitable for my purpose. Searching online has only yielded very unspecific guides.
I don't consider BitLocker to be Secure?, but I'm considering enabling it to thwart common thieves rather than government agents. Because of this I also don't want to set up a pre-boot password.
1. Is it possible, with a TPM, to set it up like it works on the Surface where it's completely transparent to me?
2. Does enabling BitLocker with TPM-only protect against rudimentary attacks like, for e.g. the old NTLM trick where you can just delete the Windows login password? Basically, I just want to force somebody to not be able to by-pass the Windows authentication (and its flood controls) trivially.
2b. More general form of the above: if somebody uses a boot disk/live CD/etc, what can they do if BitLocker is enabled with TPM-only?
3. What affects does enabling BitLocker have on taking and restoring full disk images with CloneZilla?
Question
Hello,
My Surface obviously has BitLocker enabled out of the box, and I'm considering enabling it on my laptop too. I've never gone thorugh the process of enabling BitLocker (since Surface was OOBE), so I want to clarify some questions to decide whether BitLocker is suitable for my purpose. Searching online has only yielded very unspecific guides.
I don't consider BitLocker to be Secure?, but I'm considering enabling it to thwart common thieves rather than government agents. Because of this I also don't want to set up a pre-boot password.
1. Is it possible, with a TPM, to set it up like it works on the Surface where it's completely transparent to me?
2. Does enabling BitLocker with TPM-only protect against rudimentary attacks like, for e.g. the old NTLM trick where you can just delete the Windows login password? Basically, I just want to force somebody to not be able to by-pass the Windows authentication (and its flood controls) trivially.
2b. More general form of the above: if somebody uses a boot disk/live CD/etc, what can they do if BitLocker is enabled with TPM-only?
3. What affects does enabling BitLocker have on taking and restoring full disk images with CloneZilla?
Thanks a bunch!
Link to post
Share on other sites
3 answers to this question
Recommended Posts