12-14-2017 09:11 PM
I am setting up a new X1 Yoga 2nd Gen system and updating to Windows 10 Creator in the process. Somewhere along the line Bitlocker was enabled in the OS. I certainly did not turn it on and I doubt that the Windows Update did either. This system was a preconfigured variant 20JDS0HV00 purchased directly from Lenovo. The BIOS level was updated to 1.20 as well. Is this the norm now? I only realized that the option was turned on when I needed to restore the OS to a previous day and Acronnis complained. I was able to configure it off and decrypted the disk drive. I wonder if the preconfigured system was spec'd to have bitlocker turned on.
Solved! Go to Solution.
12-14-2017 09:26 PM - edited 12-14-2017 09:28 PM
This takes a long time to say "sometimes":
It seems to be microsoft.
I saw it in a yoga 920 I was playing with. I got it without a working OS and I installed a clean copy of PRO and ended up with bitlocker on.
12-14-2017 10:09 PM
Wow! That appears to be it. I had decrypted the drive in order to do a restore. However, when looked at the drive again just now, Bitlocker is back on and Windows is steadily encrypting all of my files again on the C: partition. I guess I'll just leave it on since the system has an active TPM. Thanks for the education on this. I NEVER would have suspected it and the button to turn off the encryption is at the very bottom of the Windows 10 Update panel.
12-15-2017 08:31 AM - edited 12-15-2017 08:33 AM
Same thing happened to my TPY 370. Don't know if it was the 1709 update or running the AMT firmware update that triggered it. Quite a surprise.
It also encyrpted a 2nd SSD I had installed in the WWAN slot (which won't work on production 370 models BTW). Did it on the fly with no notification. The SSD was installed after the above updates.
I hadn't signed in with a MS account so it was encrypted but not activated. On the 370 it took a command-line operation to remove encryption since the disable options were grayed out.
I have to wonder what happens in the case of a board or OS failure, and how one would recover data externally.
The large print: please read the Community Participation Rules before posting. Include as much information as possible: model, machine type, operating system, and a descriptive subject line. Do not include personal information: serial number, telephone number, email address, etc.
The fine print: I do not work for, nor do I speak for Lenovo. Unsolicited private messages will be ignored - questions and answers belong in the forum so that others may contribute and benefit. ... GeezBlog
12-15-2017 09:02 AM
I would guess that the point of making this the default only if it is linked to your microsoft account is that there is a backup of the encryption key on the MS server.