|
|
I have a couple of external USB drives for backups of data, attached to my PC. The drives are Bitlocker encrypted, in case one gets lost or stolen. Everytime I start the PC I have to use my Bitlocker password to get access to the drives.
However, I recently discovered that once I have access to a drive, if I turn off the PC by hitting the power button instead of doing a proper shutdown through the Start menu, any "open" drives remain open. Next time I start the machine, the drive is immediately accessible. No password needed! You have to go through the proper shutdown procedure to ensure your machine won't have immediate access to the drive on the next startup.
I must admit I haven't checked if a different computer will also have access to the drive left open on my main PC. But the point is: My main PC may get stolen with the external drives during a burglary, for example.
Ok, I have had my coffee, so you can all come out now!
modified yesterday.
|
|
|
|
|
Check the power management settings - your power button is probably set to "sleep" or "hibernate" but there is a "Shut down" option which should restart the OS on power up and require access control to the drives: Control Panel > Hardware and Sound > Power Options > Chose what the power buttons do
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Yes, I found the setting to change what the power buttons do. I changed that from "sleep" to "shut down".
BUT: There is no way to save this change! At least not in the very latest version of Windows 11! When I exit the settings panel, Windows resets the setting to the default "sleep"! Stoopid Windows!
Ok, I have had my coffee, so you can all come out now!
|
|
|
|
|
Did you hit the "Change settings that are currently unavailable" - the system settings are in UAC Registry so unless you are elevated, it won't change. Mine is set to "Shut down" and that is persistent.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Yes I did change that setting and it is NOT persistent. Note: I am the only user on this machine and I am the only administrator. It is running Windows 11 Pro fully updated. I have hibernation mode turned off as it bloats up my system backup images.
Ok, I have had my coffee, so you can all come out now!
|
|
|
|
|
Well, if your system does go in sleep mode, then it'll have to do a full power-up anyway if your system gets stolen and spends any amount of time without any power, just as if you'd have yanked the power cord while it was turned on, rather than doing it while it was sleeping--the results would be the same. Unless it's a laptop and the battery runs long enough.
But perhaps more importantly (from my perspective): If your external drives are backups, physically disconnect them and only power them on when doing an actual backup. Ransomware is just as capable of encrypting your mounted backup drives as your main system. Especially since you enter your Bitlocker password on every boot, conveniently making your backups accessible to said malware.
|
|
|
|
|
Sound advice, but I use Windows Security Ransomware Protection on all folders where data are stored. My Macrium system images are protected by Macrium's Image Garden against any and all unauthorized alterations. Then I also maintain an old style 8TB Western Digital spinning disk drive for off-line storage of all important data. This drive is kept powered down an disconnected 99% of the time.
On top of all that: I make at least every week a DVD backup of all new critical data. The DVDs are closed and locked after creation to prevent any further changes. I have a high pile of such old DVDs in my off-line collection.
As regards my system drive: If the worst happens I can always clean my systems drive and do a clean install of Windows on the drive. I have done many clean installs and it typically takes me 3 or so hours to be fully up and running. I always keep a few flash drives with the bootable tiny Windows PE operating system that has embedded the Diskpart utility that can forcibly clean any disk and prepare it for a clean install.
I don't have much faith in backups on the cloud and mostly avoid that. Some of my critical backups are stored off site in a relative's residence.
If you want to know more about Windows PE, see:
Windows PE (WinPE) | Microsoft Learn[^]
Ok, I have had my coffee, so you can all come out now!
modified yesterday.
|
|
|
|
|
Sounds like you have a solid strategy already in place. Carry on.
|
|
|
|
|
I noticed similar with an encrypted USB drive - one of those with a keypad built into it to key a pin (6 digits).
One thing you might be able to do to change things is messing with the power states for them.
|
|
|
|
|
wow.
The credentials are not revoked when restarting a machine ?
CI/CD = Continuous Impediment/Continuous Despair
|
|
|
|
|
Depends: if you hibernate or sleep, then probably not unless you log off and log in again. And since most people have "auto logout" disabled to save effort ...
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
sudo init 0
>64
It’s weird being the same age as old people. Live every day like it is your last; one day, it will be.
|
|
|
|
|
Good to know. I'm the only one likely to access my machine, as I live and work out of the same place.
That said, I've been known to angrily turn my machine off the bad way when it misbehaves. I know I'm not really "punishing" it, more myself, but it still feels cathartic.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
|
Similar, but unrelated...
My first PC (1992) had the option to set a password in the BIOS... but it only worked on a cold boot. You could do a warm boot to bypass it when prompted for the password.
|
|
|
|
|
Wait, what?
Boot from nothing, get prompted, Ctrl-Alt-Del, no prompt?
It takes a special sort of genius to come up with that.
I've had BIOSes that had options to set a password, but I've never bothered with them. Good to know they're utterly pointless.
|
|
|
|
|
Pressed the restart button... no prompt.
|
|
|
|
|
Cp-Coder wrote: if I turn off the PC by hitting the power button instead
If a desktop then it means power outage would do the same.
Cp-Coder wrote: My main PC may get stolen with the external drives during a burglary, for example.
I am not rigorous in this but I do see a lot of PC cases with lock ports. Attach a cable lock to it and a heavy desk. Then less risk unless it is a targeted theft.
|
|
|
|
|
I love solving problems using template metaprogramming. It's probably a bad thing, because I tend to gravitate toward it unless I stop myself.
In this case, I have a good reason for it. I need to do color model conversions at compile time.
A pixel has channels, like Red Green and Blue, or Hue Saturation Value, or Y U V, etc
It may also have a metachannel of sorts called an alpha channel.
It might even have no-op channels that do nothing but take up space (for in memory padding)
The presence of no-op channels and alpha channel makes things sort of complicated when determining the color model.
I have
rgb_pixel<16>::has_channel_names<channel_name::R, channel_name::G, channel_name::B>::value
For example (which resolves to true in the above case) for determining the color model - RGB as above in this case.
In order to be more robust, I need to have a different version of that template like, has_color_model or something.
But also, it's a tricky problem to solve with templates. That's what I like.
Sane people play sudoku.
Solved it. Not so bad, because I have other helpers.
template <typename PixelType,typename... ChannelNames> class is_color_model_inner_impl;
template<typename PixelType,typename ChannelName,typename... ChannelNames>
class is_color_model_inner_impl<PixelType,ChannelName,ChannelNames...> {
using chidx = typename PixelType::template channel_index_by_name<ChannelName>;
public:
constexpr static const bool value = (-1!= chidx::value) &&
PixelType::template channel_by_index_unchecked<chidx::value>::color_channel &&
is_color_model_inner_impl<PixelType,ChannelNames...>::value;
};
template<typename PixelType>
class is_color_model_inner_impl<PixelType> {
public:
constexpr static const bool value = true;
};
template <typename PixelType,typename... ChannelNames> class is_color_model_impl {
public:
constexpr static const bool value = sizeof...(ChannelNames)==PixelType::color_channels && is_color_model_inner_impl<PixelType,ChannelNames...>::value;
};
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
modified yesterday.
|
|
|
|
|
honey the codewitch wrote: rgb_pixel<16>::has_channel_names<channel_name::R, channel_name::G, channel_name::B>::value Maybe has_channel_channels ? (But kinda serious.)
|
|
|
|
|
I ended up going with is_color_model<> which makes perfect sense in my library's vernacular where a color model is a composition of color channels with particular names.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
When they rewrote Windows explorer for Win 11, they clearly gave the job to the office junior, who had no idea what the previous version (matured for decades in the warm heat of actual usage) was capable of. And they didn't bother to find out because adding tabs was clearly a much more interesting use of their time.
And today I notice they have put something back: you can now drop files onto parts of the address bar to copy / move files to the parent folder (for example) or onto the folder list on the left!
Taken 'em long enough to put back a useful function, but I'm happy they finally did.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Oh I've missed that particular feature greatly!
I've just got to wait for our instance to catch up ... :tapping fingers:, :tapping foot:
|
|
|
|
|
So have I - the tabs are still useless because you can't drop onto tabs, but ... maybe in a decade they'll think of that.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|