On 06/09/2020 18.31, Andrei Borzenkov wrote:
06.09.2020 19:22, Carlos E. R. пишет:
If I deactivate it, can somebody or something activate it again, and lock the owner out?
Of course it is possible to activate it if something manages to run manage-bde with sufficient privileges. Do not work as root applies to Windows just as well, and UAC is annoying but adds extra protection requiring interactive confirmation.
Sorry, what is UAC? I suposse it is https://en.wikipedia.org/wiki/User_Account_Control Certainly, I have created a "normal user" for the owner and I will try to convince her to use only that one. But I also created an administrator account for her, in case she needs to install something or do something. Besides my own account as administrator. Unfortunately, Windows users are not accustomed to using a normal unprivileged account and are pissed by the extra nuisance as they see it. Although... I have seen software (specially installs) that when run by an unprivileged user that clicks "run as administrator" fail in strange ways that do not hint at the reason. I think it happened to me with the software for the TomTom GPS navigator.
I just destroyed my test VM by testing what happens if I boot using removable medium. Well, good thing is Windows does not unlock drive automatically. Bad thing is it insisted on recovery key even after I removed removable medium and of course I did not preserve it. While Windows will not allow to store recovery key on encrypted drive, it will allow you to print it into file on the same drive ...
Good to know... Well, now for my next steps: - installing Linux on small internal partition (for my use and maybe emergencies) - taking an image of it all - booting windows again and trying to deactivate bitlocker. - taking an image of it all, again (symlink to Linux side perhaps) This laptop works perfectly in Linux, by the way. Well, no idea about the fingerprint sensor. That's a nice feature in Windows, for those users that hate passwords and ask us to remove it. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)