so according to some research bitlocker isn't implemented properly on some SSDs, plus I run home so maybe I can gain some speed by disabling it since "generally it imposes a single-digit percentage performance overhead" according to microsoft. Will I shoot myself in the foot with security by disabling it?
The Dell Win 10 Home computer I use came with bitlocker and was encrypted. In order to complete the encryption, you have to sign in with a Microsoft account. See this short thread.
I am also confused, thats why I am posting, by default its there as a service set to auto in home (fresh instal), its not Dell its basic win 10 home iso can't inform myself because whenever I type bitlocker in google the pro version of windows and bitlocker pops out and other stuff that I am not interested in, like how to encrypt drives etc which is something I cannot do in home version. I want to know what it is doing (fresh install) to home version and why its set to auto. There must be a reason right? Sometimes ppl disable encryption (ciphers) to force stronger encryption, as anti-ransom, or to prolungate SSD lifetime and performance gain. Example: Spoiler fsutil behavior set disableencryption 1 reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "5" /t REG_SZ /d "Cipher.exe" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "18" /t REG_SZ /d "Syskey.exe" /f reg add "HKLM\System\CurrentControlSet\Control\FileSystem" /v NtfsDisableEncryption /t REG_DWORD /d 1 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128" /v Enabled /t REG_DWORD /d 0 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128" /v Enabled /t REG_DWORD /d 0 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128" /v Enabled /t REG_DWORD /d 0 /f REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128" /f /v "Enabled" /t REG_DWORD /d 0x0 sc stop EFS sc config EFS start= disabled reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EFS" /v Start /d 4 /t "REG_DWORD" /f rem query state reg query "HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128\Enabled" /v "Enabled" reg query "HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128\Enabled" /v "Enabled" reg query "HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128\Enabled" /v "Enabled" reg query "HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128\Enabled" /v "Enabled" net start but real question is why its not disabled by default on home if its for pro, if its not needed I could disable it
I have 1 lap with that too as well, some Os can have mixed setups since they've been modified by other vendors, basically I could run bitlocker on that lap, on the rest of my machines I can't since its "naked" home 10 (the one you download from Microsoft), but very much interested why its there for normal win 10 home set to auto if its not doing anything
I think I found something: With the release of Windows 8.1 and later, Microsoft has enabled BitLocker device encryption on all OEM-shipped devices by default. Once the new owner of the device signs on to the device using their Microsoft account, the BitLocker encryption is completed and the BitLocker recovery keys are automatically stored within the user’s own OneDrive location
