Device encryption for harddrive in dock

[mj0]

Can device encryption (the new Windows 8.1 feature that comes enabled by default) also be enabled for the drive in the dock of the TransformerBook T200TA? Enabling it for my C: drive would be completely pointless since I have nothing saved on there, all my documents and sensitive data is saved on the harddrive.

As we speak I have device encryption disabled because I am not a fan of uploading my recovery key anywhere, and I'm also not a fan of logging in with a Microsoft account since I prefer a local account. However, if it was possible to enable drive encryption for additional drives such as a MicroSD card or the docked harddrive as well I might reconsider.

 

[xandros9]

I think if you upgrade to Windows 8.x Pro you will enable Bitlocker for external drives and stuff. I don't think an MS account will be necessary.

Non Pro Windows can access the drives, but it won't unlock automatically, nor can the PC encrypt a drive in the first place.

 

[pankaj981]

You can encrypt microSD and other removable storage on 8.1 on a supported OS version. But all 8.1 devices can use Bit locker encrypted removable media. You'll get an option to automatically detect it while on the PC but not sure if it needs a Microsoft account. I'm currently using that setup on my Venue 8 Pro with a 64GB card. The card was formatted to exFAT and then Bitlocker encrypted on my MSI GT60 running 8.1 Pro.

 

[mj0]

I think we're talking about two different things here. I'm not talking about the regular Bitlocker encryption that has been around since Vista for Business customers. I'm talking about the brand new feature called "device encryption" which comes with Windows 8.1, is obviously based on Bitlocker, and encrypts hard drives of supported devices by default. However, for it to work one must use a Microsoft account since the recovery key is stored on Microsoft's servers. Other than the regular Pro/Enterprise Bitlocker device encryption does not allow you to save the recovery key on a thumb drive or anywhere else (except for Active Directory environments but who has a fully operational Windows Server 2012 domain controller at home?). I found an excellent blog post explaining device encryption in detail on internals.io: http://internals.io/blog/2015/4/14/windows-81-and-device-encryption

That said I can enable device encryption in PC settings on my Transformerbook. However, after enabling it I only see the internal 32GB eMMC SSD encrypted (or, to be more precise, I see that it's ready for encryption and will get fully encrypted as soon as I switch from a local to a Microsoft account) but not the additional drive that sits in the Transformerbook's keyboard dock and I'm wondering what the catch is here. I don't see a way to enable encryption on that additional drive as well, and it doesn't seem to get encrypted be default.

 

[pankaj981]

Yes the external drive does not get encrypted by default. You need a supported OS to encrypt it. The recovery key can be stored as text anywhere after performing the bitlocker encryption without being part of a domain group.

 

[mj0]

We're still talking about two different things here. Again, I am NOT talking about Windows 8's bitlocker encryption that comes with Windows 8 Professional and Enterprise. I'm talking about Windows 8.1's so-called "device encryption" that comes with every flavor of Windows 8.1 and is enabled by default. Google it if you don't know what it is. With device encryption the recovery key can NOT be stored as text anywhere, it must be stored either on Microsoft's servers (which is why for it to work it needs a Microsoft Account instead of a local one) or a 2012 domain controller - that's the trick (or catch if you will). And while device encryption obviously utilizes bitlocker algorithms and APIs it's not the same.

Then again maybe I got you all wrong and we were talking about the same thing and what you were trying to say is that it's not possible with device encryption but I need a fully bitlocker supported flavor of Windows 8.1 :wink:

 

[pankaj981]

First of all not all 8.1 systems are encrypted by default. Devices that come with a so called default encryption either have a TPM chip built in or use the default bitlocker encryption, regardless the encryption used is still Bitlocker behind the scene. I understand clearly what you are asking for. I will probably have to try this on my Venue 8 Pro when I go home today but the encryption key should be able to be stored on a text file unless an administrator has locked down that option in an AD environment.

You can read this while I try it on my Venue 8 Pro:
http://www.howtogeek.com/192894/how-to-set-up-bitlocker-encryption-on-windows/

 

[mj0]

That's exactly the point I was referring to: we're talking about two different things. Yes, the underlying algorithms are the same but the way you use it is completely different. With BitLocker, which is only available for Windows 8.1 Pro & Enterprise, you can store the recovery key in a text file. With device encryption, which is available for all other flavors of Windows 8.1, is based on BitLocker's encryption algorithms and requires a TPM to automatically encrypt your drive, you cannot! You either need a Windows Server 2012 domain controller to store the recovery key on or, if you don't happen to have one of these at home, the recovery key will be stored on Microsoft's servers automatically with no way to get around that. The article you're referring to is specifically referring to the full BitLocker encryption that is not available with regular Windows 8.1 (non-Pro non-Enterprise) - there is no "bitlocker encryption" in control panel - system and security if you're not running 8.1 Professional or Enterprise. Again: yes, the backend (aka the encryption algorithms) is the same but the frontend is very different. With 8.1 non-Professional non-Enterprise there is no BitLocker encryption available, there's only device encryption that is based on BitLocker but not a full-featured flavor thereof.

Read these two articles to fully understand what I mean: Windows 8.1 Will Start Encrypting Hard Drives By Default: Everything You Need to Know & Windows 8.1 and Device Encryption ? Internals.io