this post was submitted on 17 Jun 2025

118 points (97.6% liked)

Tech

1335 readers

202 users here now

A community for high quality news and discussion around technological advancements and changes

Things that fit:

New tech releases
Major tech changes
Major milestones for tech
Major tech news such as data breaches, discontinuation

Things that don't fit

Minor app updates
Government legislation
Company news
Opinion pieces

Community Wiki

founded 1 year ago

MODERATORS

[email protected]

118

Microsoft locks Windows 11 user out, shows how easy losing data from forced encryption is (www.neowin.net)

submitted 20 hours ago by [email protected] to c/[email protected]

24 comments fedilink hide all child comments

top 24 comments

sorted by: hot top controversial new old

[–] [email protected] 4 points 11 hours ago

Microsoft's latest Ransomware dubbed Windows 11...

[–] [email protected] 37 points 19 hours ago (1 children)

Forced bitlocker encryption without keeping the keys in a separate area accessible to you, is just adding ransomware to your own device.

[–] [email protected] 6 points 18 hours ago (2 children)

Am I missing something? Doesn't Microsoft provide keys associated with your accounts? I had to unlock mine once and I just had to access it on my account page.

[–] [email protected] 11 points 16 hours ago

Right well the fellow on Reddit got kicked out of their account by Microsoft.

[–] [email protected] 6 points 16 hours ago (2 children)

And if you dont remember your Microsoft account because you originally had a local account on win10?

[–] fuckwit_mcbumcrumble 1 points 15 hours ago

You have to sign in to get converted to a Microsoft account. It doesn't magically give you a Microsoft account without your login info.

[–] [email protected] 1 points 15 hours ago

Go through the steps to recover that account through Microsoft, I would reckon.

[–] [email protected] 18 points 17 hours ago

The title is wrong. Most, if not all new phones have forced encryption. Macs have forced encryption (I think can be disabled, but it's encrypted by default).

Windows shows how crap software can lose you data.

[–] [email protected] 3 points 12 hours ago

It's all right, people!

Just backup your data on another non encrypted device, or back it up on the Microsoft cloud where it's absolutely safe from prying eyes, pinky promise!

Seriously, if you're using Microsoft windows I will think less of you and you're getting exactly what you paid for.

[–] [email protected] 8 points 17 hours ago (1 children)

This is why I have multiple backups. But I'm a nerd who likes computers and has money. Not everyone has the means or knowledge to do the same. Users are getting screwed more and more by corporations and the decisions they force on their customers. Capitalism is long past the part where we could pretend that it was good for regular people. We're in the finding-out phase from here on.

[–] [email protected] 6 points 15 hours ago (2 children)

I am a nerd without money - I have 3 drives 2 that live offsite. 6gb humble spinny drives. Everything that's important to me gets copied to these drives- I'm not using any fancy software - its a cut and paste job from a few Linux laptops and a desktop. I still have all my original wav file and games backup from 1998 with this method ( though then they were on 10 zip discs ) It just takes a little due diligence to back up your data.

[–] [email protected] 1 points 13 hours ago

I salute you for having offsite backups. That's the mark of someone doing it right.

[–] [email protected] 1 points 14 hours ago

god zip drives were so cool

[–] [email protected] 11 points 19 hours ago

[–] [email protected] 7 points 19 hours ago (1 children)

I wonder how this is going to work in government offices....

[–] [email protected] 8 points 19 hours ago (1 children)

they've been using forced bitlocker for years.

[–] [email protected] 9 points 18 hours ago (1 children)

the keys are on the in house domain servers though.

[–] [email protected] 3 points 18 hours ago (3 children)

Isn’t Microsoft pushing everyone to host their AD on Azure now?

[–] [email protected] 3 points 17 hours ago

Sure, they want you to use Azure AD (now called Entra ID) or maybe Entra Domain services. But they are absolutely not stopping anyone from hosting their own AD like normal. There even came a few nice improvements to AD in Windows server 2025 so it's actively being developed. Server 2025 is being supported until 2034. So AD will be supported until AT LEAST 2034 but very very likely much longer.

Nowadays it's very common to have a hybrid setup with AD and Entra ID where users and devices sync to Entra ID from AD. Many features are available in AD and/or Entra ID (or any of the other related cloud services like Intune). For example: you can choose if you want your bitlocker keys backed up to Entra or AD.

AD will likely stay relevant for many decades to come. Especially for larger companies with special requirements.

[–] [email protected] 1 points 18 hours ago

yep, in several countries including where I live. Several government institutions and state-owned companies have been using M$ Azure since 2 years ago.

[–] [email protected] 1 points 18 hours ago

I mean even if not its a virtual machine but they should still have control and backup/disaster recovery. So they could mass download all keys and encrypt it and put it on some other storage. I mean things like that should be done but as a tech person who has worked with this kind of thing I never am really satisfied with any backup and disaster recovery I have come across. Scratch that. Cars.com did a pretty good job overall and I imagine some other large corps do but its amazing how many don't.

[–] [email protected] 1 points 14 hours ago (2 children)

I don't think I grasp this at all. They say the encryption is forced, so that means that I can't just access my files with Linux or whatever? But then at the end they say to use an extra hard drive as backup, so that can't be right. Is their problem that the cloud storage is encrypted? Wouldn't it be a huge, glaring issue if it wasn't? Regardless, I would expect to be locked out of my files on a cloud storage service I got locked out of, so I don't know what encryption has to do with it. I don't get it.

[–] [email protected] 5 points 12 hours ago

I had an offline windows account on my laptop.
I was freelancing for a company that gave me a Microsoft account.
I logged into teams, but was very careful not to assign my laptop to that account. I had to use teams, but I didn't want my client to manage my device.

Shortly after I installed Linux, which broke windows bitlocker, and I had to get my bitlocker key.
I hadn't set up bitlocker, I wasn't expecting it. As far as I was concerned, I had bricked my device.
On a hunch of "hmm, maybe", I checked my Microsoft account from the client, and it has a bitlocker key which unlocked my windows install.

At which point, I disabled bitlocker and now primary Linux.
But yeh, in my experience bitlocker is transparently applied during windows install and you never know your bitlocker key. If you never log in to a Microsoft account, you will never be able to recover it if you don't save it in advance. And if you don't know its happened, why would you know to save it in advance?!
The fact that I was able to recover my bitlocker key for my offline/local windows account because I had installed & logged-in to teams via a client provided Microsoft account is strange as fuck.

[–] [email protected] 2 points 12 hours ago* (last edited 12 hours ago)

Linux supports BitLocker encrypted partitions. You just have to specify the BitLocker recovery-key in your fstab file or on the command-line. I've been dual-booting with disk encryption enabled on both Linux and Windows for several years, using that functionality