this post was submitted on 19 Jul 2024
72 points (100.0% liked)
Sysadmin
7688 readers
601 users here now
A community dedicated to the profession of IT Systems Administration
No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It means the drive isn't fully encrypted or the encryption is easy to bypass. That defeats the purpose of encrypting your drive.
If you can get to a login screen, you've compromised the device.
That’s not what it means.
Bit locker is encryption at-rest. Logging in with an admin account means the system is no longer “at rest”. The admin is fully authorized to be operating that system.
Are you under the impression that you have to enter a Bitlocker key during each boot?
Any system without network unlock usually requires a TPM PIN/PW every reboot. Your instructions (when read a certain way) imply that the command also bypasses the encryption without fetching a recovery key from the TPM or DC.
My home network (ISC DHCPD) behaves this way - either I type the TPM key or I type the 25-char key.