BitLocker came enabled by default on my out-of-the-box windows configuration of a Thinkpad X1 Carbon 5th Generation that I got a few months ago (disk drive is a Samsung SSD 1TB PCIe-NVMe MZ-VLW1T0 HMLH-000L7).

 

As a result, I cannot re-partion the drive, access it outside of Windows, nothing! Cannot make images. I et I will be unable to restore an image. This is very unsatisfying.

 

Windows tells me that Bitlocker is actually not activated, ha! Tus no de-actiavtion possible (not that I would have any key).

 

How to fix this situation? Nice and safe is fine, but as it is, this hard disk is even safe from his very owner!

 

Any advice would be appreciated.

 

Cheers,

Christian

Hello and welcome,

 

I have very limited eperience with this - so FWIW a couple of things to try in this thread:

 

https://forums.lenovo.com/t5/Lenovo-IdeaPad-100-305-500-Edge/Bitlocker-activated/m-p/3922402/highlight/true#M51480

 

Z.

Thank you for your quick reply. Apparently nobody has any decent experience with this technology. Before I posted here, I did some extensive search, including this forum. A few posts claimed that it does not work with off-the-shelf M.2 drives from Samsung, others asked if it should be disabled (but hey, nobody said *how* to disable it).

 

It is also funny how almost every article, including those from Microsoft, talk about Bitlocker keys which are either stored on the ADS (within a domain) or in a Microsoft account. Well, I do not have any of those, mind you! Some article claim that it will only be encrypted, if I use one of the mechanisms mentioned before. Oh yeah? Then why can I access the **bleep** partition only within Windows? Each and every software which I boot from USB either sees nothing (seriously!!) or a "Bitlocker encrypted partition".

 

Seriously, every articel which seems to have a clue claims that it is right now encrypted with a "clear key" (whatever this is) and that I need to join a domain (nah!) or use a Microsoft account (double nah!). **bleep**? Is this my computer, did I pay for it, or does it belong to Microsoft?

 

Before you replied (by poining to yet another vague article) I had finally discovered the GUI in Windows 10, where I can decrypt the drive. Or so it claims. As it was already late and decrypting might take many, many hours, I have postponed this for now.

 

If that **bleep** thing is going to ask me for a key, then I am screwed! I never encrypted that darn thing myself, thus I do not have any f... key!

 

One thing is sure. I'll never ever pay a small fortune again to buy a "business" notebook from Lenovo, which apparently belongs to anyone but me (who paid for it)!

 

A very pissed off "customer" (aka pay slave)

Sorry about that vague article.  It's all I've got :(

 

A MS link that was sent to me when I tripped over the same thing:

 

https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/device-encryption-for-oem

 

I'm not sure I'd hang this one on Lenovo.  Seems to be a Microsoft thing - and one I'm not fond of either.  Odds are this is going to cause some rude surprises.  And has...

 

I actually ran across this when I added an m.2 SSD to a WWAN slot to test a 2nd SSD config for a forum member.  Win 10 encrypted that too.  Thankfully I had not enabled a MS account sign in - so it wasn't activated - whatever that means.

 

Z.

Well, after some (too little) sleep I have found some articles which really has a clue about this, which pointed to these Microsoft docs:

 

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn306081(v=ws.11)#BKMK_Encryption

 

https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10

 

It is really appaling like most people completely mix up Bitlocker Drive Encryption (the "old" way; only in Windows Pro & Enterprise) and Bitlocker Device Encryption (all Windows 10 editions). By the way, the former allows local storage of the encryption key, while the second option requires you to handover your keys to a third party (as it is Microsoft, it is equivalent to virtually everyone in the US).

 

Funny thing is that my drive is currently "protected" by a "blank key", which means nothing else that I am most likely the only one who is locked out. I bet, any law enforcement agency, any intelligence service, any criminal organization has that key. The only ones locked out are the unfortunate souls who bought this crap! By the way, that **bleep** could be disabled by default (the first document above describes how to do so) and leave the decision to the owner (you know, that's the person who paid for it and thus pays for everyone at Lenovo), if to use it or not.

 

What I am going to do now is to disable this (again, refer to above mentioned docs) and leave it at that. Then I can repartition the drive to something useful. Should I ever feel the need to encrypt any drive again, I'll use Bitlocker Drive Encryption, with *local* backup of the keys!

 

Thank you for your attention. By the way, funny how I am categorized as "Paper Tape", as I have actually been using them (this might tell you just how old I am).

 

Cheers,

Christian

Sorry, I only saw your post after I sent my mine. Two quick replies to your post:

Yes, we can hang this one on Lenovo! The document you provided is short enough not to overlook this statement "OEMs can choose to disable device encryption".

Second, "not being activated" simply means that it *is* actually encrypted, but using a vanilla key. As I have said, the only ones locked out are you and me.

Thank you for your attempts to help, I really appreciate. The blame lies with Microsoft and Lenovo

One last statement: this is just the most recent headache which I am having with this 2.500 € notebook. It really is a disgrace, it was virtually unusable out of the box! Had to hunt down various pieces of software in order to use all keys on the keyboard, just to mention one thing. Most hardware drivers were simply absent!

It is funny, that the last step of assembling is left to the user. Wish that one of those last steps would have been this darn device encryption.

Of course, I also had to go through that darn inspection because they even saved the step of fastening a screw! Serves me right, to buy such a "cheap" product!

Next one will be ASUS or Toshiba, you can bet on that!

I do not believe this! Yesterday the option to turn of that **bleep** "protection" was there, today it is gone! I have marked the area where the button should be. WHAT THE HELL IS GOING ON HERE?

Seems like Microsoft loves to move around dialog options and contradict their won documentation. The option has moved here (from System/about to Update & Security/Device Encryption):

 

Success! Managed to re-partition my drive finally, using Minitool Partition Wizard (alternatively can use Parted Magic, which supports the X1 quite well)