2
My use case on Windows 10 is: - I often don't have anyone physically present when the machine boots. Machine is accessed through remote desktop in this case. So a bitlocker password cannot be entered at time of boot. - I have a few programs that startup that require access to D: drive, which is encrypted by bitlocker (OneDrive in particular, but there are a couple others). My AppData folder is also on D: drive. When I login, those programs starting up get confused as the data they need is on D: drive, which is not yet unlocked. - I need my data on d: encrypted in case the machine is stolen.
Currently, I login after boot, click on d:, enter the password, logout, log back in. Kind of cumbersome.
I need a way to defer all programs from starting after a login until I have had an opportunity to unlock D:, possibly through remote desktop. So either I enter the bitlocker password before login, or immediately after login, and all other login items stop until bitlocker has been unlocked.
user2352073
Posted 2017-09-05T16:22:44.997
Reputation: 21
Disable the auto-start of all of the applications, then write a script you can call manually to start them. Also, you can allow the system to unlock the D drive automatically, and so long as you keep your Windows password secure you should be OK. Does your computer have a TPM? – music2myear – 2017-09-08T00:07:35.567
If the D drive is unlocked automatically, but an attacker does not have a login to the system, are my files still secure? Presumably in this circumstance the attacker could not put the drive in another computer and read it.
I believe my computer has a TPM. – user2352073 – 2017-09-09T22:43:41.113
Then I strongly suggest reading up on drive encryption, TPM, and BitLocker, because this is exactly what they do. The drive can only be decrypted in your computer, and only when the various security bits are reporting things are OK. – music2myear – 2017-09-10T00:44:05.037