Should disable bitlocker encryption if running home version?

Discussion in 'privacy technology' started by lucd, May 27, 2019.

  1. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    167
    Location:
    Poland
    so according to some research bitlocker isn't implemented properly on some SSDs, plus I run home
    so maybe I can gain some speed by disabling it since "generally it imposes a single-digit percentage performance overhead" according to microsoft. Will I shoot myself in the foot with security by disabling it?
     
  2. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,617
    Location:
    Location Unknown
    I'm confused. Bitlocker is not available in the home version of Windows. So, what do you mean?
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    74,340
    Location:
    Texas
    The Dell Win 10 Home computer I use came with bitlocker and was encrypted. In order to complete the encryption, you have to sign in with a Microsoft account.

    See this short thread.
     
  4. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    167
    Location:
    Poland
    I am also confused, thats why I am posting, by default its there as a service set to auto in home (fresh instal), its not Dell its basic win 10 home iso
    can't inform myself because whenever I type bitlocker in google the pro version of windows and bitlocker pops out and other stuff that I am not interested in, like how to encrypt drives etc which is something I cannot do in home version. I want to know what it is doing (fresh install) to home version and why its set to auto. There must be a reason right?

    Sometimes ppl disable encryption (ciphers) to force stronger encryption, as anti-ransom, or to prolungate SSD lifetime and performance gain. Example:

    fsutil behavior set disableencryption 1
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "5" /t REG_SZ /d "Cipher.exe" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "18" /t REG_SZ /d "Syskey.exe" /f
    reg add "HKLM\System\CurrentControlSet\Control\FileSystem" /v NtfsDisableEncryption /t REG_DWORD /d 1 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128" /v Enabled /t REG_DWORD /d 0 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128" /v Enabled /t REG_DWORD /d 0 /f
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128" /v Enabled /t REG_DWORD /d 0 /f
    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128" /f /v "Enabled" /t REG_DWORD /d 0x0
    sc stop EFS
    sc config EFS start= disabled
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EFS" /v Start /d 4 /t "REG_DWORD" /f

    rem query state
    reg query "HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128\Enabled" /v "Enabled"
    reg query "HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128\Enabled" /v "Enabled"
    reg query "HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128\Enabled" /v "Enabled"
    reg query "HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128\Enabled" /v "Enabled"
    net start
    but real question is why its not disabled by default on home if its for pro, if its not needed I could disable it
     
    Last edited: May 28, 2019
  5. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    167
    Location:
    Poland
    I have 1 lap with that too as well, some Os can have mixed setups since they've been modified by other vendors, basically I could run bitlocker on that lap, on the rest of my machines I can't since its "naked" home 10 (the one you download from Microsoft), but very much interested why its there for normal win 10 home set to auto if its not doing anything
     
    Last edited: May 28, 2019
  6. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    167
    Location:
    Poland
    I think I found something:
    With the release of Windows 8.1 and later, Microsoft has enabled BitLocker device encryption on all OEM-shipped devices by default. Once the new owner of the device signs on to the device using their Microsoft account, the BitLocker encryption is completed and the BitLocker recovery keys are automatically stored within the user’s own OneDrive location
     
    Last edited: Jun 3, 2019
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.