https://tinyurl.com/25umgsn7

--- PyGate Linux v1.5.6
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 2026-01-28 20:51, Peter Jason wrote:

https://tinyurl.com/25umgsn7

Expand the URL before we click on it, please. And at least one liner
telling what it is about.

--
Cheers, Carlos.
ES??, EU??;

--- PyGate Linux v1.5.6
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Peter Jason wrote:

https://tinyurl.com/25umgsn7

A better link is:

<https://www.techrepublic.com/article/news-microsoft-bitlocker-keys-fbi- privacy/>

There was no need for all the tracking parameters that followed it:

?email_hash=b5071c158b86f6d263a8db8d5c6bc600
&utm_source=Sailthru
&utm_medium=email
&utm_campaign=MicrosoftWeekly_1.28.26_UST%20AI_86b85e9g8 &utm_term=microsoft-active-weekly

--- PyGate Linux v1.5.6
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Peter Jason wrote on 1/28/2026 12:51 PM:

https://tinyurl.com/25umgsn7

Hi, Peter. Thanks for the reminder.

No fixed timeline for retiring the original TinyUrl short link; though
seems obvious it will happen in the future.

Until then and thereafter, Use the older, current free version or another service.
Optionally, the new API TinyUrl free version, $0/month with account
signup, 100 free shortlinks per year limit.
Note: Account signup provides user specific authorization token
necessary for the new API Tinyurl use.

--
...w­¤?ñ?¤

--- PyGate Linux v1.5.6
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 2026-01-28 22:05, Apd wrote:

Peter Jason wrote:

https://tinyurl.com/25umgsn7

A better link is:

<https://www.techrepublic.com/article/news-microsoft-bitlocker-keys-fbi- privacy/>

There was no need for all the tracking parameters that followed it:

?email_hash=b5071c158b86f6d263a8db8d5c6bc600
&utm_source=Sailthru
&utm_medium=email
&utm_campaign=MicrosoftWeekly_1.28.26_UST%20AI_86b85e9g8 &utm_term=microsoft-active-weekly

Thanks.



*Microsoft Shared BitLocker Keys With FBI, Raising Privacy Fears*

Published January 26, 2026
Written by Aminu Abdullahi

Microsoft confirmed it can hand over BitLocker recovery keys stored in
the cloud under warrant, reviving debate over who controls encrypted data.


--
Cheers, Carlos.
ES??, EU??;

--- PyGate Linux v1.5.6
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Wed, 28 Jan 2026 14:24:39 -0700, ...w??? <winstonmvp@gmail.com>
wrote:

Peter Jason wrote on 1/28/2026 12:51 PM:

https://tinyurl.com/25umgsn7

Hi, Peter. Thanks for the reminder.

No fixed timeline for retiring the original TinyUrl short link; though
seems obvious it will happen in the future.

Until then and thereafter, Use the older, current free version or another >service.
Optionally, the new API TinyUrl free version, $0/month with account
signup, 100 free shortlinks per year limit.
Note: Account signup provides user specific authorization token
necessary for the new API Tinyurl use.

Thanks, they changed it because it always worked in the past.

--- PyGate Linux v1.5.6
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Jack wrote on 1/28/2026 2:49 PM:

On 28/01/2026 19:51, Peter Jason wrote:

https://tinyurl

I don't know what this warning is about, but what do you expect
Microsoft to do when the authorities have subpoenaed user data??ÿ Do you expect Microsoft to refuse and face consequences, including the break-up
of its business empire?

Earth to Jack.
The Tinyurl link and info has little, if anything to do with MSFT.

But since you hijacked the purpose of the op's post to another topic and lacking valid information, see below for your educational purposes.

Content vs. Non-Content Data: For user content (e.g., email, OneDrive
files), Microsoft ***requires a warrant***, not just a subpoena.

Customer Notification: Microsoft attempts to notify users when their data
is requested, fighting against "gag orders" that prevent informing customers.

Legal Challenges: The company has historically challenged government
attempts to access user data, including fighting for the right to inform
cloud customers of investigations.

Enterprise Data: For business customers, Microsoft often redirects law enforcement to request data directly from the customer rather than Microsoft.

Data Location: Microsoft has argued that US warrants should not apply to
data stored in foreign jurisdictions.

No "Backdoor" Access: Microsoft does not provide any government with
direct or unfettered access to customer data.

--
...w­¤?ñ?¤

--- PyGate Linux v1.5.6
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 01/28/2026 2:51 PM, Peter Jason wrote:

https://tinyurl.com/25umgsn7

There have been several post to his original Warning. I still don't
know what the warning was, and if I should get upset by it.

--- PyGate Linux v1.5.6
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Wed, 28 Jan 2026 17:32:42 -0500, knuttle <keith_nuttle@yahoo.com>
wrote:

On 01/28/2026 2:51 PM, Peter Jason wrote:

https://tinyurl.com/25umgsn7

There have been several post to his original Warning. I still don't
know what the warning was, and if I should get upset by it.

I'm upset; and I'm off the "cloud" for most things. Like the
extra-judicial killings for drug lords, and the Mossad hack into the
"secured" iPhone, nothing is safe in the open.

--- PyGate Linux v1.5.6
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Wed, 1/28/2026 4:05 PM, Apd wrote:

Peter Jason wrote:

https://tinyurl.com/25umgsn7

A better link is:

<https://www.techrepublic.com/article/news-microsoft-bitlocker-keys-fbi-privacy/>

There was no need for all the tracking parameters that followed it:

"Microsoft Shared BitLocker Keys With FBI, Raising Privacy Fears"

https://www.techrepublic.com/article/news-microsoft-bitlocker-keys-fbi-privacy/

You can use "manage-bde" even on Win11 Home, to check your encryption status.

I was installing a Win11 Pro into a VM the other day, and for the
first time I witnessed an install encrypting the C: drive for itself,
when I don't recollect doing anything to encourage that. I was testing
QEMU-KVM rather than VirtualBox (as the VirtualBox may not have a
working swtpm yet). QEMU-KVM has a working swtpm.

Paul

--- PyGate Linux v1.5.6
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Wed, 1/28/2026 4:49 PM, Jack wrote:

On 28/01/2026 19:51, Peter Jason wrote:

https://tinyurl

I don't know what this warning is about, but what do you expect
Microsoft to do when the authorities have subpoenaed user data??ÿ Do you expect Microsoft to refuse and face consequences, including the break-up
of its business empire?

When you receive a tinyurl in particular, do this.

https://tinyurl.com/25umgsn7

# Try this with it.

https://preview.tinyurl.com/25umgsn7

That will yield this page.

[Generic Favicon] https://tinyurl.com/25umgsn7

Redirects to:

[Domain Favicon]

https://www.techrepublic.com/article/news-microsoft-bitlocker-keys-fbi-privacy/

?email_hash=b5071c168b86f6d263a8db9d5c5bc400&utm_source=Sailthru& \
utm_medium=email&utm_campaign=MicrosoftWeekly_1.82.26_UST%20AI_86b85e9g8& \___Remove this
utm_term=microsoft-active-weekly / URL tail trash

And now the URL for usage is:

https://www.techrepublic.com/article/news-microsoft-bitlocker-keys-fbi-privacy/

*********************************

On some of the lesser lights for URL compression,
add a "+" to the end of the URL. It's just that tinyurl
has been around so long, it has its own mechanism for
reviews. During the thaispam episode on USENET, a large
number of brand new link shorteners were spun up by those
spammers, so there is really a limitless supply of those
things. You can't tell which ones are straight shooters
and exist as a "public service".

Paul

--- PyGate Linux v1.5.6
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Wed, 1/28/2026 5:32 PM, knuttle wrote:

On 01/28/2026 2:51 PM, Peter Jason wrote:

https://tinyurl.com/25umgsn7

There have been several post to his original Warning.
I still don't know what the warning was, and if I should get upset by it.

For a lot of people, their C: drive has been encrypted without their knowledge.

I experienced that two days ago, while testing in a VM.
(That's the *first* time that has happened here, for the record.)
A copy of 24H2 Win11 Pro, started to encrypt itself after installation.
I stopped it.

Depending on the encryption scheme, it can greatly increase the size of
backups (if the backups are done of the encrypted volume at rest ant
not mounted). Presumably unlocked volumes back up as normal
in a plaintext format.

To check your encryption status, in Administrator terminal you can

manage-bde -status

and see.

If the FBI sweep up all the hardware in your house,
they will be asking Microsoft for Recovery Keys for
anything which has Microsoft encryption on it.

*******

If you really intended to protect your privacy with
Veracrypt, then only you have the key, and only
you can cough up the materials to make your C: into
plaintext again. If you encrypt, encrypt like you
really mean it.

*******

If you take your laptop through the border, and the border
thug discovers encryption, he is going to assume you're
Matt Helm and a secret agent, and you'll be held in
the back room for a couple hours while they fart around.
This is why you want to present a lily-white image
while carrying your electronics across a border.

Paul

--- PyGate Linux v1.5.6
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 1/28/2026 9:35 PM, Paul wrote:

On Wed, 1/28/2026 5:32 PM, knuttle wrote:

On 01/28/2026 2:51 PM, Peter Jason wrote:

https://tinyurl.com/25umgsn7

There have been several post to his original Warning.
I still don't know what the warning was, and if I should get upset by it.

For a lot of people, their C: drive has been encrypted without their knowledge.

I experienced that two days ago, while testing in a VM.
(That's the *first* time that has happened here, for the record.)
A copy of 24H2 Win11 Pro, started to encrypt itself after installation.
I stopped it.

Depending on the encryption scheme, it can greatly increase the size of backups (if the backups are done of the encrypted volume at rest ant
not mounted). Presumably unlocked volumes back up as normal
in a plaintext format.

To check your encryption status, in Administrator terminal you can

manage-bde -status

and see.

Interesting. My latest W11 Pro Sneeze brand laptop toy that upgraded
itself to 25H2 from the 23H2 it had when it arrived a few weeks ago says:

PS C:\Users\AJL> manage-bde -status
BitLocker Drive Encryption: Configuration Tool version 10.0.26100
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume \\?\Volume{1fe42e-5507-4b14\ [RecoveryImage]
[Data Volume]

Size: 20.00 GB
BitLocker Version: None
Conversion Status: Fully Decrypted
Percentage Encrypted: 0.0%
Encryption Method: None
Protection Status: Protection Off
Lock Status: Unlocked
Identification Field: None
Automatic Unlock: Disabled
Key Protectors: None Found

Volume C: [Windows]
[OS Volume]

Size: 217.38 GB
BitLocker Version: None
Conversion Status: Fully Decrypted
Percentage Encrypted: 0.0%
Encryption Method: None
Protection Status: Protection Off
Lock Status: Unlocked
Identification Field: None
Key Protectors: None Found

Guess I'm hanging out then. Well maybe not cause my TurboTax is in the
sky, right Maria... ;)

If the FBI sweep up all the hardware in your house,
they will be asking Microsoft for Recovery Keys for
anything which has Microsoft encryption on it.

*******

If you really intended to protect your privacy with
Veracrypt, then only you have the key, and only
you can cough up the materials to make your C: into
plaintext again. If you encrypt, encrypt like you
really mean it.

*******

If you take your laptop through the border, and the border
thug discovers encryption, he is going to assume you're
Matt Helm and a secret agent, and you'll be held in
the back room for a couple hours while they fart around.
This is why you want to present a lily-white image
while carrying your electronics across a border.

Paul

--- PyGate Linux v1.5.6
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

torsdag, 29-01-2026, Paul skrev:
[CUT]

I was installing a Win11 Pro into a VM the other day, and for the
first time I witnessed an install encrypting the C: drive for itself,
when I don't recollect doing anything to encourage that. I was testing QEMU-KVM rather than VirtualBox (as the VirtualBox may not have a
working swtpm yet). QEMU-KVM has a working swtpm.

"2. BitLocker recovery key

Starting with the release of version 24H2, Windows 11 turns on
BitLocker automatically on new installations.

Although drive encryption is essential for protecting your data, many
users get stuck during startup when an issue occurs, unaware that a
recovery key is required to unlock the device. But the biggest problem
is that they don't know where they can retrieve the key.

Fortunately, if you have configured the operating system with a
Microsoft account, Windows 11 backs up the recovery key automatically
in your online account. For this reason, it's important to know how to
retrieve the recovery key before it's too late.

To find your BitLocker recovery key, use these steps:" <https://www.windowscentral.com/software-apps/windows-11/6-key-setup-steps-i-usually-find-users-miss-after-installing-windows-11>

--
Mvh. J?rgen
[e-mail address is valid]

--- PyGate Linux v1.5.6
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Thu, 1/29/2026 8:01 AM, J?rgen Nielsen wrote:

torsdag, 29-01-2026, Paul skrev:
[CUT]

I was installing a Win11 Pro into a VM the other day, and for the
first time I witnessed an install encrypting the C: drive for itself,
when I don't recollect doing anything to encourage that. I was testing
QEMU-KVM rather than VirtualBox (as the VirtualBox may not have a
working swtpm yet). QEMU-KVM has a working swtpm.

"2. BitLocker recovery key

Starting with the release of version 24H2, Windows 11 turns on
BitLocker automatically on new installations.

Although drive encryption is essential for protecting your data, many
users get stuck during startup when an issue occurs, unaware that a
recovery key is required to unlock the device. But the biggest problem
is that they don't know where they can retrieve the key.

Fortunately, if you have configured the operating system with a
Microsoft account, Windows 11 backs up the recovery key automatically
in your online account. For this reason, it's important to know how to retrieve the recovery key before it's too late.

To find your BitLocker recovery key, use these steps:" <https://www.windowscentral.com/software-apps/windows-11/6-key-setup-steps-i-usually-find-users-miss-after-installing-windows-11>

But the install didn't have an MSA. That's the puzzle.

If a interface had popped up and said "we are going to Bitlocker
your W11 Pro C: drive, where should we put your Recovery Key?" ,
then there would be an opportunity for a handoff of the necessary info.
But I'm not aware of any attempt by them to inform me. It's because
the topic is a popular one, that I was using manage-bde to check
on that.

Paul

--- PyGate Linux v1.5.6
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 1/29/2026 3:51 AM, Peter Jason wrote:

https://tinyurl.com/25umgsn7

DO you have to trust, and force others to, trust Tinyurl?? :)

--
@~@ Simplicity is Beauty! Remain silent! Drink, Blink, Stretch!
/ v \ May the Force and farces be with you! Live long and prosper!!
/( _ )\ https://sites.google.com/site/changmw/
^ ^ https://github.com/changmw/changmw

--- PyGate Linux v1.5.6
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Wed, 28 Jan 2026 23:15:40 -0500, Paul <nospam@needed.invalid> wrote:

You can use "manage-bde" even on Win11 Home, to check your encryption status.

I was installing a Win11 Pro into a VM the other day, and for the
first time I witnessed an install encrypting the C: drive for itself,
when I don't recollect doing anything to encourage that.

Early last year, I bought a pair of Dell business laptops and during
initial setup I confirmed that FDE was enabled. FDE was a silent
decision, unrelated to anything I had done, but of course it was easy to reverse.


--- PyGate Linux v1.5.8
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 2026-01-29 14:01, J?rgen Nielsen wrote:

torsdag, 29-01-2026, Paul skrev:
[CUT]

I was installing a Win11 Pro into a VM the other day, and for the
first time I witnessed an install encrypting the C: drive for itself,
when I don't recollect doing anything to encourage that. I was testing
QEMU-KVM rather than VirtualBox (as the VirtualBox may not have a
working swtpm yet). QEMU-KVM has a working swtpm.

"2. BitLocker recovery key

Starting with the release of version 24H2, Windows 11 turns on
BitLocker automatically on new installations.

Ok, so not on upgraded W10 systems. Good.

How can we check if it is enabled, anyway?

--
Cheers, Carlos.
ES??, EU??;

--- PyGate Linux v1.5.8
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Fri, 1/30/2026 5:03 PM, Carlos E.R. wrote:

On 2026-01-29 14:01, J?rgen Nielsen wrote:

torsdag, 29-01-2026, Paul skrev:
[CUT]

I was installing a Win11 Pro into a VM the other day, and for the
first time I witnessed an install encrypting the C: drive for itself,
when I don't recollect doing anything to encourage that. I was testing
QEMU-KVM rather than VirtualBox (as the VirtualBox may not have a
working swtpm yet). QEMU-KVM has a working swtpm.

"2. BitLocker recovery key

Starting with the release of version 24H2, Windows 11 turns on
BitLocker automatically on new installations.

Ok, so not on upgraded W10 systems. Good.

How can we check if it is enabled, anyway?

manage-bde -status

Paul

--- PyGate Linux v1.5.8
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 2026-01-30 23:07, Paul wrote:

On Fri, 1/30/2026 5:03 PM, Carlos E.R. wrote:

On 2026-01-29 14:01, J?rgen Nielsen wrote:

torsdag, 29-01-2026, Paul skrev:
[CUT]

I was installing a Win11 Pro into a VM the other day, and for the
first time I witnessed an install encrypting the C: drive for itself,
when I don't recollect doing anything to encourage that. I was testing >>>> QEMU-KVM rather than VirtualBox (as the VirtualBox may not have a
working swtpm yet). QEMU-KVM has a working swtpm.

"2. BitLocker recovery key

Starting with the release of version 24H2, Windows 11 turns on
BitLocker automatically on new installations.

Ok, so not on upgraded W10 systems. Good.

How can we check if it is enabled, anyway?

manage-bde -status

Command not known.

PS C:\WINDOWS\system32> manage-bde -status
manage-bde : El t‚rmino 'manage-bde' no se reconoce como nombre de un
cmdlet, funci¢n, archivo de script o programa
ejecutable. Compruebe si escribi¢ correctamente el nombre o, si incluy¢
una ruta de acceso, compruebe que dicha ruta
es correcta e int‚ntelo de nuevo.
En l¡nea: 1 Car cter: 1
+ manage-bde -status
+ ~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (manage-bde:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

PS C:\WINDOWS\system32>



--
Cheers, Carlos.
ES??, EU??;

--- PyGate Linux v1.5.8
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Fri, 1/30/2026 5:16 PM, Carlos E.R. wrote:

On 2026-01-30 23:07, Paul wrote:

On Fri, 1/30/2026 5:03 PM, Carlos E.R. wrote:

On 2026-01-29 14:01, J?rgen Nielsen wrote:

torsdag, 29-01-2026, Paul skrev:
[CUT]

I was installing a Win11 Pro into a VM the other day, and for the
first time I witnessed an install encrypting the C: drive for itself, >>>>> when I don't recollect doing anything to encourage that. I was testing >>>>> QEMU-KVM rather than VirtualBox (as the VirtualBox may not have a
working swtpm yet). QEMU-KVM has a working swtpm.

"2. BitLocker recovery key

Starting with the release of version 24H2, Windows 11 turns on
BitLocker automatically on new installations.

Ok, so not on upgraded W10 systems. Good.

How can we check if it is enabled, anyway?

manage-bde -status

Command not known.

PS C:\WINDOWS\system32> manage-bde -status
manage-bde : El t‚rmino 'manage-bde' no se reconoce como nombre de un cmdlet, funci¢n, archivo de script o programa
ejecutable. Compruebe si escribi¢ correctamente el nombre o, si incluy¢ una ruta de acceso, compruebe que dicha ruta
es correcta e int‚ntelo de nuevo.
En l¡nea: 1 Car cter: 1
+ manage-bde -status
+ ~~~~~~~~~~
ÿÿÿ + CategoryInfoÿÿÿÿÿÿÿÿÿ : ObjectNotFound: (manage-bde:String) [], CommandNotFoundException
ÿÿÿ + FullyQualifiedErrorId : CommandNotFoundException

PS C:\WINDOWS\system32>

C:\Windows\System32\manage-bde.exe

https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/manage-bde

Some examples of using it.

https://petri.com/manage-bde-bitlocker-command-line/

*******

It is remotely possible, that Microsoft does not deploy Bitlocker capability
in all countries. For example, France did not allow strong encryptions to be used at one time. That's about the only thing that comes to mind, if it is missing.

Paul


--- PyGate Linux v1.5.8
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Fri, 1/30/2026 5:03 PM, Carlos E.R. wrote:

How can we check if it is enabled, anyway?

On 2026-01-30, Paul <nospam@needed.invalid> wrote:

manage-bde -status

I did that and I do not understand the answer., which includes
| Conversion Status: Used Space Only Encrypted
| Percentage Encrypted: 100.0%
| Protection Status: Protection Off
| Lock Status: Unlocked

I guess that means I have an encrypted drive. Very uncool!
Now I have to figure out how to get rid of the encryption.

--
Lars Poulsen - an old geek in Santa Barbara, California

--- PyGate Linux v1.5.8
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 2026-01-31, Lars Poulsen <lars@beagle-ears.com> wrote:

On Fri, 1/30/2026 5:03 PM, Carlos E.R. wrote:

How can we check if it is enabled, anyway?

On 2026-01-30, Paul <nospam@needed.invalid> wrote:

manage-bde -status

I did that and I do not understand the answer., which includes
| Conversion Status: Used Space Only Encrypted
| Percentage Encrypted: 100.0%
| Protection Status: Protection Off
| Lock Status: Unlocked

I guess that means I have an encrypted drive. Very uncool!
Now I have to figure out how to get rid of the encryption.

I asked Bing, and it pointed me to the page
| Control Panel > System ans Security > BitLocker Drive Encryption
... which says:
| Windows (C:) BitLocker waiting for activation
... with an option to "Turn on BitLocker"

I am GUESSING this means that the drive is not yet encrypted, but will
be as soon as I click that link?

I am REALLY confused now. I do NOT want my drive to be encrypted.

--
Lars Poulsen - an old geek in Santa Barbara, California

--- PyGate Linux v1.5.8
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 2026-01-31 14:51, Lars Poulsen wrote:

On 2026-01-31, Lars Poulsen <lars@beagle-ears.com> wrote:

On Fri, 1/30/2026 5:03 PM, Carlos E.R. wrote:

How can we check if it is enabled, anyway?

On 2026-01-30, Paul <nospam@needed.invalid> wrote:

manage-bde -status

I did that and I do not understand the answer., which includes
| Conversion Status: Used Space Only Encrypted
| Percentage Encrypted: 100.0%
| Protection Status: Protection Off
| Lock Status: Unlocked

I guess that means I have an encrypted drive. Very uncool!
Now I have to figure out how to get rid of the encryption.

I asked Bing, and it pointed me to the page
| Control Panel > System ans Security > BitLocker Drive Encryption
... which says:
| Windows (C:) BitLocker waiting for activation
... with an option to "Turn on BitLocker"

I am GUESSING this means that the drive is not yet encrypted, but will
be as soon as I click that link?

I am REALLY confused now. I do NOT want my drive to be encrypted.

It is waiting for the password creation, I think.
IIRC, there is a procedure to "unready" it. Ask an AI. I did that some
years back, but I don't remember what I did.

--
Cheers, Carlos.
ES??, EU??;

--- PyGate Linux v1.5.8
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Fri, 1/30/2026 5:03 PM, Carlos E.R. wrote:

How can we check if it is enabled, anyway?

On 2026-01-30, Paul <nospam@needed.invalid> wrote:

manage-bde -status

On 2026-01-31, Lars Poulsen <lars@beagle-ears.com> wrote:

I did that and I do not understand the answer., which includes
| Conversion Status: Used Space Only Encrypted
| Percentage Encrypted: 100.0%
| Protection Status: Protection Off
| Lock Status: Unlocked

I guess that means I have an encrypted drive. Very uncool!
Now I have to figure out how to get rid of the encryption.

On 2026-01-31 14:51, Lars Poulsen wrote:

I asked Bing, and it pointed me to the page
| Control Panel > System ans Security > BitLocker Drive Encryption
... which says:
| Windows (C:) BitLocker waiting for activation
... with an option to "Turn on BitLocker"

I am GUESSING this means that the drive is not yet encrypted, but will
be as soon as I click that link?

I am REALLY confused now. I do NOT want my drive to be encrypted.

On 2026-01-31, Carlos E.R. <robin_listas@es.invalid> wrote:

It is waiting for the password creation, I think.
IIRC, there is a procedure to "unready" it. Ask an AI. I did that some
years back, but I don't remember what I did.

It seems to mean that it is already encrypted (100%, but only the files,
not the free space. But Microsoft has not yet been gives the keys, so
the keys are not "Protected".

To remove the encryption, you type (in an administrator shell):
| manage-bde -off c:
... and in a few minutes, the drive will be decrypted (in the
background).

Now I need to do this on the PC I set up for my colleague as well!

--
Lars Poulsen - an old geek in Santa Barbara, California

--- PyGate Linux v1.5.8
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Fri, 30 Jan 2026 23:16:22 +0100, "Carlos E.R."
<robin_listas@es.invalid> wrote:

On 2026-01-30 23:07, Paul wrote:

On Fri, 1/30/2026 5:03 PM, Carlos E.R. wrote:

On 2026-01-29 14:01, J?rgen Nielsen wrote:

torsdag, 29-01-2026, Paul skrev:
[CUT]

I was installing a Win11 Pro into a VM the other day, and for the
first time I witnessed an install encrypting the C: drive for itself, >>>>> when I don't recollect doing anything to encourage that. I was testing >>>>> QEMU-KVM rather than VirtualBox (as the VirtualBox may not have a
working swtpm yet). QEMU-KVM has a working swtpm.

"2. BitLocker recovery key

Starting with the release of version 24H2, Windows 11 turns on
BitLocker automatically on new installations.

Ok, so not on upgraded W10 systems. Good.

How can we check if it is enabled, anyway?

manage-bde -status

Command not known.

It's not a powershell command. Run it from a plain cmd prompt.

PS C:\WINDOWS\system32> manage-bde -status

<snip>


--- PyGate Linux v1.5.8
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Sat, 1/31/2026 9:31 AM, Lars Poulsen wrote:

On Fri, 1/30/2026 5:03 PM, Carlos E.R. wrote:

How can we check if it is enabled, anyway?

On 2026-01-30, Paul <nospam@needed.invalid> wrote:

manage-bde -status

On 2026-01-31, Lars Poulsen <lars@beagle-ears.com> wrote:

I did that and I do not understand the answer., which includes
| Conversion Status: Used Space Only Encrypted
| Percentage Encrypted: 100.0%
| Protection Status: Protection Off
| Lock Status: Unlocked

I guess that means I have an encrypted drive. Very uncool!
Now I have to figure out how to get rid of the encryption.

On 2026-01-31 14:51, Lars Poulsen wrote:

I asked Bing, and it pointed me to the page
| Control Panel > System ans Security > BitLocker Drive Encryption
... which says:
| Windows (C:) BitLocker waiting for activation
... with an option to "Turn on BitLocker"

I am GUESSING this means that the drive is not yet encrypted, but will
be as soon as I click that link?

I am REALLY confused now. I do NOT want my drive to be encrypted.

On 2026-01-31, Carlos E.R. <robin_listas@es.invalid> wrote:

It is waiting for the password creation, I think.
IIRC, there is a procedure to "unready" it. Ask an AI. I did that some
years back, but I don't remember what I did.

It seems to mean that it is already encrypted (100%, but only the files,
not the free space. But Microsoft has not yet been gives the keys, so
the keys are not "Protected".

To remove the encryption, you type (in an administrator shell):
| manage-bde -off c:
... and in a few minutes, the drive will be decrypted (in the
background).

Now I need to do this on the PC I set up for my colleague as well!

There may also be a slider in Settings to turn off Bitlocker, as well.

If you start Googling this topic of "I didn't know it was encrypted",
there are some pretty complicated failure cases already. Someone
took their laptop to Geek Squad, without knowing the disk was encrypted.
The service person installed a new OS (they do that, just to make a dime),
and in the process, a new Bitlocker key was made. But... the key was
on the service persons MSA, not the customer MSA. And the customer
later had a problem and needed the key. And the key on the Microsoft
server was for his old OS copy. Then he had a problem trying to trace
down the service person. Apparently some companies send all the
computers to a central location for service, instead of using "Timmy-behind-the-counter" to do the work.

Expect more weird tales involving customers who got screwed by this.

Encryption is a "write once-read never" technology, and it is just
asking for trouble to be using it. You need a good reason
to be applying it.

Paul

--- PyGate Linux v1.5.8
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 2026-02-01 00:05, Paul wrote:

On Sat, 1/31/2026 9:31 AM, Lars Poulsen wrote:

On Fri, 1/30/2026 5:03 PM, Carlos E.R. wrote:

Now I need to do this on the PC I set up for my colleague as well!

There may also be a slider in Settings to turn off Bitlocker, as well.

If you start Googling this topic of "I didn't know it was encrypted",
there are some pretty complicated failure cases already. Someone
took their laptop to Geek Squad, without knowing the disk was encrypted.
The service person installed a new OS (they do that, just to make a dime), and in the process, a new Bitlocker key was made. But... the key was
on the service persons MSA, not the customer MSA. And the customer
later had a problem and needed the key. And the key on the Microsoft
server was for his old OS copy. Then he had a problem trying to trace
down the service person. Apparently some companies send all the
computers to a central location for service, instead of using "Timmy-behind-the-counter" to do the work.

Wow.

Expect more weird tales involving customers who got screwed by this.

Encryption is a "write once-read never" technology, and it is just
asking for trouble to be using it. You need a good reason
to be applying it.

Like, a laptop can be stolen or lost, and I don't want the thieves to
read my data. But it has to be my decision to do it. I do it in my
laptop, running Linux. I am the only one that knows the password, there
is no backdoor.

--
Cheers, Carlos.
ES??, EU??;

--- PyGate Linux v1.5.10
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 1/31/2026 7:31 PM, Carlos E.R. wrote:

On 2026-02-01 00:05, Paul wrote:

Encryption is a "write once-read never" technology, and it is just
asking for trouble to be using it. You need a good reason to be
applying it.

Like, a laptop can be stolen or lost, and I don't want the thieves
to read my data. But it has to be my decision to do it. I do it in
my laptop, running Linux. I am the only one that knows the password,
there is no backdoor.

I see that on my latest W11 Pro Sneeze brand (actually Auusda brand-say
it fast and it sounds like a sneeze) laptop toy that I can turn on Bit
Locker in Control Panel > System and Security > Bitlocker Drive
Encryption. It also has Bitlocker To Go...for removable drives. Sounds
like a hamburger stand. Anyway since all of my sensitive stuff is
online (Don't tell you know who) I don't see much reason to use it either...





--- PyGate Linux v1.5.10
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 2026-01-31 21:57, Char Jackson wrote:

On Fri, 30 Jan 2026 23:16:22 +0100, "Carlos E.R."
<robin_listas@es.invalid> wrote:

On 2026-01-30 23:07, Paul wrote:

On Fri, 1/30/2026 5:03 PM, Carlos E.R. wrote:

On 2026-01-29 14:01, J?rgen Nielsen wrote:

torsdag, 29-01-2026, Paul skrev:
[CUT]

I was installing a Win11 Pro into a VM the other day, and for the
first time I witnessed an install encrypting the C: drive for itself, >>>>>> when I don't recollect doing anything to encourage that. I was testing >>>>>> QEMU-KVM rather than VirtualBox (as the VirtualBox may not have a
working swtpm yet). QEMU-KVM has a working swtpm.

"2. BitLocker recovery key

Starting with the release of version 24H2, Windows 11 turns on
BitLocker automatically on new installations.

Ok, so not on upgraded W10 systems. Good.

How can we check if it is enabled, anyway?

manage-bde -status

Command not known.

It's not a powershell command. Run it from a plain cmd prompt.

PS C:\WINDOWS\system32> manage-bde -status

<snip>

Argh. As my daily driver is Linux, I thought a shell is a shell, all
shells have the same (external) commands.

Microsoft Windows [Versi¢n 10.0.26200.7623]
(c) Microsoft Corporation. Todos los derechos reservados.

C:\Windows\System32>manage-bde -status
Cifrado de unidad BitLocker: versi¢n de la herramienta de configuraci¢n 10.0.26100
Copyright (C) 2013 Microsoft Corporation. Todos los derechos reservados.

Vol£menes del disco que se pueden proteger con el Cifrado de unidad
BitLocker:
Volumen C: []
[Volumen del sistema operativo]

Tama¤o: 73,78 GB
Versi¢n de BitLocker: Ninguno
Estado de conversi¢n: Descifrado completo
Porcentaje cifrado: 0,0%
M‚todo de cifrado: Ninguno
Estado de protecci¢n: Protecci¢n desactivada
Estado de bloqueo: Desbloqueado
Campo de identificaci¢n:Ninguno
Protectores de clave: ninguno


C:\Windows\System32>


Curious that it says Windows version 10, when it is clearly 11. Anyway,
no encryption.


--
Cheers, Carlos.
ES??, EU??;

--- PyGate Linux v1.5.10
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Paul <nospam@needed.invalid> wrote:

On Sat, 1/31/2026 9:31 AM, Lars Poulsen wrote:

[...]

It seems to mean that it is already encrypted (100%, but only the files, not the free space. But Microsoft has not yet been gives the keys, so
the keys are not "Protected".

To remove the encryption, you type (in an administrator shell):
| manage-bde -off c:
... and in a few minutes, the drive will be decrypted (in the
background).

Now I need to do this on the PC I set up for my colleague as well!

There may also be a slider in Settings to turn off Bitlocker, as well.

In Settings, search on 'encryption'. That will find both the
('BitLocker Light') 'Device encryption' settings on Windows Home and the
full BitLocker settings on Windows Pro.

FWIW, on my laptop which came with Windows 11 Home (22H1 at the time), 'Device encryption' was partly enabled. On my wife's Mini-PC which came
with Windows 11 Pro (24H2), neither form of encryption was enabled.

Bottom line: Don't assume anything either way, but *check* (with
'manage-bde -status', as said in an *Administrator* *Command Prompt*
window).

[...]

--- PyGate Linux v1.5.10
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Carlos E.R. <robin_listas@es.invalid> wrote:

On 2026-01-31 21:57, Char Jackson wrote:

[...]

It's not a powershell command. Run it from a plain cmd prompt.

PS C:\WINDOWS\system32> manage-bde -status

<snip>

Argh. As my daily driver is Linux, I thought a shell is a shell, all
shells have the same (external) commands.

Microsoft Windows [Versi?n 10.0.26200.7623]
(c) Microsoft Corporation. Todos los derechos reservados.

C:\Windows\System32>manage-bde -status
Cifrado de unidad BitLocker: versi?n de la herramienta de configuraci?n 10.0.26100
Copyright (C) 2013 Microsoft Corporation. Todos los derechos reservados.

Vol?menes del disco que se pueden proteger con el Cifrado de unidad BitLocker:
Volumen C: []
[Volumen del sistema operativo]

Tama?o: 73,78 GB
Versi?n de BitLocker: Ninguno
Estado de conversi?n: Descifrado completo
Porcentaje cifrado: 0,0%
M?todo de cifrado: Ninguno
Estado de protecci?n: Protecci?n desactivada
Estado de bloqueo: Desbloqueado
Campo de identificaci?n:Ninguno
Protectores de clave: ninguno

C:\Windows\System32>

Curious that it says Windows version 10, when it is clearly 11. Anyway,
no encryption.

The kernel, etc. is still 10. Just do a 'ver' command, that will also
say

"Microsoft Windows [Version 10.0.26100.7623]"

And if you execute 'winver' it will say Windows 11, but also the same "26100.7623" string. So 26100.7623 is a version of Windows 11 (the 24H2
version with the 2026-01 update).

See also the 'NT-10.0' in my 'User-Agent:' header. It says 10.0, but
I'm on Windows 11 (also 26100.7623, 24H2+2026-01_update).

--- PyGate Linux v1.5.10
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)