And protect sensitive data. We set the password using the standard Windows application - BitLocker. This is a very strong encryption system that allows you to prevent unauthorized access to information from your flash drive. If you want to put a password on a USB flash drive, then I would recommend this method to you.
But many users put a password on a USB flash drive, which is the only one in the house and is used to solve universal problems. Someone plays music from it in the car, someone watches movies on TV or inserts it into a game console. Therefore, after encrypting data with BitLocker, all these actions will not be possible. So, there will be a need to disable BitLocker and unlock your USB flash drive. But how to disable BitLocker and can it be done with built-in Windows tools?
Yes, you can disable data encryption on a flash drive and it's quite easy to do. And if you do not know how to do this, I will give you a simple and understandable instruction. The data, before decryption, does not need to be deleted or transferred to a computer, they will all remain on the flash drive, the protection will simply be removed.
How to disable BitLocker:
- 1Insert the flash drive into the computer, open it and enter the password to gain access to its contents. Now you need to go to the Control Panel. You can do this through the start, or you can hold down the win + R buttons and enter the “control” command in the line that appears.
- In the control panel, we need to go to the "System and Security" menu
- Now you need to find and select the item "BitLocker Drive Encryption"
- At this stage, you need to find the flash drive on which protection is installed, in the form of a password. After that, you will see the item "Turn off BitLocker", and you must select it.
- Wait until the disk decryption is completed. The procedure may take a long time, it all depends on the number of files on the disk. After its completion, protection will be removed from the flash drive, and you can use it in normal mode.
BitLocker encryption technology first appeared ten years ago and has changed with each version of Windows. However, not all changes in it were designed to increase cryptographic strength. In this article, we'll take a closer look at different versions of BitLocker (including those pre-installed in recent builds of Windows 10) on a device and show you how to bypass this built-in protection mechanism.
WARNING
The article is written for research purposes. All information in it is for informational purposes only. It is addressed to security professionals and those who want to become one.
Offline attacks
BitLocker was Microsoft's answer to a growing number of offline attacks that were particularly easy to carry out on Windows computers. Anyone with can feel like a hacker. He will simply turn off the nearest computer, and then boot it up again - already with his own OS and a portable set of utilities for finding passwords, confidential data and dissecting the system.
At the end of the working day, with a Phillips screwdriver, you can even arrange a small crusade - open the computers of departed employees and pull out the drives from them. That same evening, in the comfort of your own home, the contents of ejected discs can be analyzed (and even modified) in a thousand and one ways. The next day, it is enough to come early and return everything to its place.
However, it is not necessary to open other people's computers right at the workplace. A lot of confidential data is leaked after recycling old computers and replacing drives. In practice, few people do secure erasing and low-level formatting of decommissioned disks. What can prevent young hackers and collectors of digital carrion?
As Bulat Okudzhava sang: "The whole world is made of restrictions, so as not to go crazy with happiness." The main restrictions in Windows are set at the level of access rights to NTFS objects, which do nothing to protect against offline attacks. Windows simply checks read and write permissions before processing any commands that access files or directories. This method is quite effective as long as all users are running on an administrator-configured system with limited accounts. However, if you either boot into another operating system, there will be no trace of such protection. The user himself and reassign access rights or simply ignore them by installing another file system driver.
There are many complementary methods for countering offline attacks, including physical protection and video surveillance, but the most effective of these require the use of strong cryptography. Bootloaders' digital signatures prevent rogue code from running, and the only way to truly protect the data itself on a hard drive is to encrypt it. Why has Full Disk Encryption been missing from Windows for so long?
From Vista to Windows 10
There are different types of people working at Microsoft, and not all of them code with their back left foot. Alas, the final decisions in software companies have long been made not by programmers, but by marketers and managers. The only thing they really consider when developing a new product is sales volume. The easier it is for a housewife to understand the software, the more copies of this software can be sold.
“Just think, half a percent of customers are concerned about their safety! The operating system is already a complex product, and you are still scaring the target audience with encryption. Let's do without it! They used to get by!” - this is how the top management of Microsoft could argue until the moment when XP became popular in the corporate segment. Among admins, too many specialists have already thought about security to discount their opinion. Therefore, the long-awaited volume encryption appeared in the next version of Windows, but only in the Enterprise and Ultimate editions, which are aimed at the corporate market.
The new technology is called BitLocker. Perhaps this was the only good component of Vista. BitLocker encrypted the entire volume, making user and system files unreadable, bypassing the installed OS. Important documents, cat pictures, the registry, SAM and SECURITY - everything turned out to be unreadable when performing an offline attack of any kind. In Microsoft terminology, a "volume" is not necessarily a disk as a physical device. A volume can be a virtual disk, a logical partition, or vice versa - a combination of several disks (spanned or striped volume). Even a simple flash drive can be considered a mounted volume, for end-to-end encryption of which, starting with Windows 7, there is a separate implementation - BitLocker To Go (for more details, see the sidebar at the end of the article).
With the advent of BitLocker, it has become more difficult to boot a third-party OS, since all bootloaders have been digitally signed. However, the workaround is still possible thanks to compatibility mode. It is worth changing the BIOS boot mode from UEFI to Legacy and disabling the Secure Boot function, and the good old bootable flash drive will come in handy again.
How to use BitLocker
Let's analyze the practical part using Windows 10 as an example. In build 1607, BitLocker can be enabled through the control panel (section "System and Security", subsection "BitLocker Drive Encryption").
However, if the motherboard does not have TPM version 1.2 or later, then BitLocker will not be able to be used just like that. To activate it, you will need to go to the Local Group Policy Editor (gpedit.msc) and expand the branch "Computer Configuration -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Operating System Drives" to the setting "This policy setting allows you to configure the requirement Additional Authentication at Startup". In it, you need to find the setting "Allow the use of BitLocker without a compatible TPM ..." and enable it.
In the adjacent sections of local policies, you can set additional BitLocker settings, including key length and AES encryption mode.
After applying the new policies, we return to the control panel and follow the instructions of the encryption setup wizard. As an additional protection, you can choose to enter a password or connect a specific USB flash drive.
Although BitLocker is considered a full disk encryption technology, it only allows partial encryption of busy sectors. This is faster than encrypting everything, but this method is considered less secure. If only because, in this case, deleted, but not yet overwritten files, remain available for direct reading for some time.
After setting all the parameters, it remains to reboot. Windows will require you to enter a password (or insert a USB flash drive), and then it will start in normal mode and begin the volume encryption process in the background.
Depending on the selected settings, the size of the disk, the frequency of the processor and its support for individual AES commands, encryption can take from a couple of minutes to several hours.
After this process is completed, new items will appear in the Explorer context menu: change the password and a quick transition to the BitLocker settings.
Please note that all actions, except for changing the password, require administrator rights. The logic here is simple: since you have successfully logged into the system, it means that you know the password and have the right to change it. How reasonable is this? We'll find out soon!
Continued available to members only
Option 1. Join the "site" community to read all the materials on the site
Membership in the community during the specified period will give you access to ALL Hacker materials, increase your personal cumulative discount and allow you to accumulate a professional Xakep Score rating!
Good day friends.
Have you set a password for certain information on your computer, and now you want to remove it? Don't know how to do it? This article provides simple instructions on how to disable Bitlocker - the very program that protects your data from being hacked.
Bitlocker is a built-in utility in Windows systems designed to keep sensitive information safe from unauthorized access. By installing it, the owner of the computer puts a password on all or individual files. The application allows you to save it on external media or print it in order to leave the PIN only in memory, because it can also let you down.
Encryption of information lies in the fact that the program converts it into a special format that can be read only after entering the password.
If you try to open a file without it, you will see unrelated numbers and letters.
Initially, you can configure the utility so that the lock is released when a flash drive with a key is inserted. It is better to have several media with a password.
Important! If you forget and lose all the keys, along with them you will lose access to all data on the disk (or flash drive) forever.
For the first time the application started working in the premium version of Windows Vista. Now it is available for other generations of this system.
Ways to disable Bitlocker
You don't have to be a hacker or a professional IT person to cancel the blocking. Everything is done simply; of course, if you set the password yourself, and are not going to hack other people's data. This is true? Then let's start the discussion.
There are several ways to unlock files. The simplest one looks like this:
- Right-click on the desired drive and in the pop-up window click "Manage BitLoker";
- A new menu will open, where you should select the item "Turn off" (disable).
When you reinstall Windows 10 or another version of the OS, you will need to pause encryption. To complete it, follow the instructions below:
- Open Start - Control Panel - System and Security - BitLocker Drive Encryption;
- Select "Suspend protection", or "Manage BitLocker" - then "Turn off BitLocker" (In Win7).
- Click "Yes" to confirm that you are deliberately disabling it.
Through the same menu, you can completely turn off the lock by clicking on the corresponding button.
Keep in mind that Windows Vista and other versions of the system may have different names for the sections described above. But in any case, you will find the desired settings through the control panel. For example, in Windows 8 you can open it like this:
To be honest, I don’t know how to disable this encryptor if the password is lost ... I can only recommend formatting the device - as a result of which the disk will be available for work. But in this scenario, all the data on it will naturally disappear.
Well, that's all, I hope it was helpful.
See you soon friends!
With the release of the Windows 7 operating system, many users are faced with the fact that a somewhat incomprehensible BitLocker service has appeared in it. What is BitLocker, many can only guess. Let's try to clarify the situation with specific examples. Along the way, we will consider questions relating to how appropriate it is to enable this component or disable it completely.
BitLocker: what is BitLocker, why is this service needed
If you look, BitLocker is a universal and fully automated tool stored on the hard drive. What is BitLocker on a hard drive? Yes, just a service that, without user intervention, protects files and folders by encrypting them and creating a special text key that provides access to documents.
When a user works in the system under his account, he may not even be aware that the data is encrypted, because the information is displayed in a readable form, and access to files and folders is not blocked. In other words, such a means of protection is designed only for those situations when a computer terminal is accessed, for example, when an attempt is made to intervene from outside (Internet attacks).
Password and Cryptography Issues
Nevertheless, if we talk about what BitLocker is Windows 7 or systems of a higher rank, it is worth noting the unpleasant fact that if you lose your login password, many users not only cannot log in, but also perform some browsing actions. documents previously available for copying, moving, etc.
But that's not all. If you deal with the question of what BitLocker Windows 8 or 10 is, then there are no special differences, except that they have more advanced cryptography technology. Here the problem is clearly different. The fact is that the service itself is capable of operating in two modes, saving decryption keys either on a hard drive or on a removable USB drive.
This suggests the simplest conclusion: if there is a saved key on the hard drive, the user gets access to all the information stored on it, without problems. But when the key is stored on a flash drive, the problem is much more serious. In principle, you can see an encrypted disk or partition, but you can't read the information.
In addition, if we talk about what BitLocker is on Windows 10 or earlier systems, we can’t help but note the fact that the service integrates into right-click context menus of any type, which simply annoys many users. But let's not get ahead of ourselves, but consider all the main aspects related to the operation of this component and the feasibility of its use or deactivation.
Disk and Removable Storage Encryption Methodology
The strangest thing is that on different systems and their modifications, the BitLocker service can be in both active and passive mode by default. In the "seven" it is enabled by default, in the eighth and tenth versions, manual activation is sometimes required.
As for encryption, there is nothing particularly new invented here. As a rule, the same AES technology based on a public key is used, which is most often used in corporate networks. Therefore, if your computer terminal with the appropriate operating system on board is connected to a local network, you can be sure that the applicable security and data protection policy implies the activation of this service. Without admin rights (even if you run the settings change as administrator), you will not be able to change anything.
Enable BitLocker if the service is disabled
Before solving the issue related to BitLocker (how to disable the service, how to remove its commands from the context menu), let's look at enabling and configuring, especially since the deactivation steps will need to be performed in reverse order.
Enabling encryption in the simplest way is done from the "Control Panel" by selecting the section. This method is applicable only if the key should not be saved to removable media.
In the event that non-removable media is blocked, you will have to find the answer to another question about the BitLocker service: how to disable this component on a USB flash drive? This is done quite simply.
Provided that the key is located on removable media, to decrypt disks and disk partitions, you must first insert it into the appropriate port (socket), and then go to the Security section of the Control Panel. After that, we find the BitLocker encryption point, and then we look at the drives and media on which protection is installed. At the very bottom, a hyperlink to disable encryption will be shown, which you need to click on. If the key is recognized, the decryption process is activated. It remains only to wait for the end of its execution.
Issues with configuring ransomware components
When it comes to customization, it's not without a headache. Firstly, the system offers to reserve at least 1.5 GB for your needs. Secondly, you need to adjust the permissions of the NTFS file system, reduce the volume size, etc. In order not to do such things, it is better to immediately disable this component, because most users simply do not need it. Even all those who have this service enabled in the default settings also do not always know what to do with it, whether it is needed at all. But in vain. It can be used to protect data on a local computer even if there is no antivirus software.
BitLocker: how to disable. First stage
Again, use the previously specified item in the "Control Panel". Depending on the modification of the system, the names of the service disable fields may change. The selected drive may contain a line to suspend protection or a direct indication to disable BitLocker.
The point is not that. Here it is worth paying attention to the fact that you will need to completely disable the boot files of the computer system. Otherwise, the decryption process may take quite a long time.
Context menu
This is only one side of the coin related to the BitLocker service. What is BitLocker is probably already clear. But the flip side is also to isolate additional menus from the presence of links to this service in them.
To do this, let's look again at BitLocker. How to remove from all references to the service? Elementary! In the "Explorer" when selecting the desired file or folder, we use the service section and edit the corresponding context menu, go to the settings, then use the command settings and arrange them.
After that, in the registry editor, we enter the HKCR branch, where we find the ROOTDirectoryShell section, expand it and delete the desired element by pressing the Del key or the delete command from the right-click menu. Actually, that's the last thing about the BitLocker component. How to turn it off, I think, is already clear. But don't be fooled. All the same, this service will work in (so, just in case), whether you like it or not.
Instead of an afterword
It remains to be added that this is far from all that can be said about the BitLocker encryption system component. What is BitLocker, figured out how to disable it and remove menu commands - too. The question is: is it worth disabling BitLocker? Only one piece of advice can be given here: in a corporate local area network, you should not deactivate this component at all. But if it's a home computer terminal, why not?
Many users with the release of the Windows 7 operating system are faced with the fact that an incomprehensible BitLocker service has appeared in it. Many can only guess what BitLocker is. Let's clarify the situation with concrete examples. We will also consider questions that relate to how expedient it is to enable this component or disable it completely.
What is the BitLocker service for?
If you understand it properly, then we can conclude that BitLocker is a fully automated universal tool for encrypting data that is stored on a hard drive. What is BitLocker on a hard drive? This is a common service that, without user intervention, allows you to protect folders and files by encrypting them and creating a special text key that provides access to documents. At the moment when the user works under his account, he does not even know that the data is encrypted. All information is displayed in a readable form and access to folders and files for the user is not blocked. In other words, such a means of protection is designed only for those situations in which an unauthorized access is made to a computer terminal when an attempt is made to intervene from outside.
Cryptography and password issues
If we talk about what BitLocker is in Windows 7 or in systems of a higher rank, it is necessary to note such an unpleasant fact: if the login password is lost, many users will not be able to not only log in to the system, but also perform some actions to view documents that were previously available, by moving, copying, and so on. But the problems don't end there. If you properly understand the question of what BitLocker Windows 8 and 10 is, then there are no special differences. Only more advanced cryptography technology can be noted. The problem here is different. The thing is that the service itself is capable of operating in two modes, saving decryption keys either on a hard drive or on a removable USB drive. This suggests a completely logical conclusion: the user, if there is a saved key on the hard drive, without problems gets access to all the information that is stored on it. When the key is stored on a flash drive, the problem is much more serious. In principle, you can see an encrypted disk or partition, but you can’t read the information. In addition, if we talk about what BitLocker is in Windows 10 and systems of earlier versions, then it should be noted that the service is integrated into context menus of any type that are called by right-clicking the mouse. For many users, this is just annoying. Let's not jump ahead of time and consider all the main aspects that are related to the operation of this component, as well as the advisability of deactivating and using it.
Methodology for Encrypting Removable Media and Disks
The strangest thing is that on various systems and their modifications, by default, the Windows 10 BitLocker service can be in both active and passive mode. In Windows 7, it is enabled by default, in Windows 8 and Windows 10, manual activation is sometimes required. As for encryption, nothing new has been invented here. Typically, the same public key-based AES technology is used, which is most often used in corporate networks. Therefore, if your computer terminal with the appropriate operating system is connected to a local network, you can be completely sure that the security and information protection policy used implies the activation of this service. Even if you have administrator rights, you cannot change anything.
Enabling the Windows 10 BitLocker service if it has been deactivated
Before you begin to resolve an issue related to BitLocker Windows 10, you need to review the process of enabling and configuring it. The deactivation steps will need to be carried out in reverse order. Encryption is enabled in the simplest way from the "Control Panel" by selecting the disk encryption section. This method can be used only if the key should not be saved to removable media. If fixed media is blocked, then you will have to look for another question about the Windows 10 BitLocker service: how to disable this component? This is done quite simply. Provided that the key is on removable media, to decrypt disks and disk partitions, you must insert it into the appropriate port, and then go to the section of the security system "Control Panel". After that, we find the BitLocker encryption point, and then we consider the media and drives on which protection is installed. At the bottom there will be a hyperlink designed to disable encryption. You need to click on it. If the key is recognized, the decryption process will be activated. You will only have to wait for its completion.
Configuring ransomware components: problems
As for the issue of settings, then it will not do without a headache. First of all, it is worth noting that the system offers to reserve at least 1.5 GB for your needs. Secondly, you need to adjust the permissions of the NTFS file system, for example, reduce the size of the volume. In order to do such things, you should immediately disable this component, since most users do not need it. Even those who have this service enabled by default in the settings do not always know what to do with it, and whether it is needed at all. And in vain ... On a local computer, you can protect data with it even if there is no antivirus software.
How to turn off BitLocker: the initial stage
First of all, you need to use the previously mentioned item in the "Control Panel". The names of the service disable fields may change depending on the system modification. The selected drive may have a string to pause protection or an indication to disable the BitLocker service. But that's not the point. You should pay special attention to the fact that it is necessary to completely disable updating the BIOS and system boot files. Otherwise, the decryption process may take quite a long time.
Context menu
This is one side of the coin that is related to the BitLocker service. What this service is, should already be clear. The flip side is to isolate additional menus from the presence of links to this service in them. To do this, you need to take another look at BitLocker. How to remove all references to a service from the context menu? Yes, it’s very simple ... When you select the desired file in Explorer, we use the service and editing section of the context menu, go to the settings, and then use the command settings and arrange them. Next, you need to specify the value of "Control Panel" and find the desired one in the list of corresponding elements of panels and commands and delete it. Then, in the registry editor, you need to go to the HKCR branch and find the ROOT Directory Shell section, expand it and delete the desired item by pressing the Del key or using the delete command from the right-click menu. This is the last thing about BitLocker. How to turn it off, you should already understand. But do not flatter yourself ahead of time. This service will still run in the background whether you like it or not.
Conclusion
It should be added that this is not all that can be said about the BitLocker encryption system component. We have already figured out what BitLocker is. You also learned how to disable and remove menu commands. The question is different: is it worth disabling BitLocker. One piece of advice can be given here: in a corporate network, you should not deactivate this component at all. But if we are talking about a home computer terminal, then why not.
