Question accessing os when fTPM is enabled and W11 is installed if mobo died

[daggs1]

Greetings,

with the upcoming launch of W11 I see that fTPM is a must.
when enabling fTPM in the bios, there is a note states that if the mb is replaced or the key is lost, the os will be locked and encrypted.
mobos which die aren't a new thing, it happens.
how I can make sure that in case one of my mobos die, I can still access the os for either files rescue or even mb replacement?

Thanks.

 

[OlyAR15]

As long as you don't set a private key, anyone can still access the drive.

 

[daggs1]

Greetings,

As long as you don't set a private key, anyone can still access the drive.

at what stage I{m expected to set a private key? what are the odds that windows will set a random one for me without asking?

 

[VirtualLarry]

MS is going to make things a LOT harder for PC techs with Win11, TPM 2.0 and SED SSDs, good for "security", bad for tech-support.

Do I need to spell it out? MS, in Win 10, if there's an active TPM device, and an SED-capable storage device present, on install, MS automagically enables BitLocker on said drive, "for your own protection". So, when you get that call from a middle-aged mother of five, whose PC was filled with...

forums.anandtech.com

 

[daggs1]

MS is going to make things a LOT harder for PC techs with Win11, TPM 2.0 and SED SSDs, good for "security", bad for tech-support.

Do I need to spell it out? MS, in Win 10, if there's an active TPM device, and an SED-capable storage device present, on install, MS automagically enables BitLocker on said drive, "for your own protection". So, when you get that call from a middle-aged mother of five, whose PC was filled with...

forums.anandtech.com

so, assuming I export the privte key and save it somewhere safe, I should be able to access the device even if I change HW?

 

[VirtualLarry]

so, assuming I export the privte key and save it somewhere safe, I should be able to access the device even if I change HW?

I believe so, if you are talking about a BitLocker-encrypted volume.

 

[daggs1]

how do I know if the os is installed as "BitLocker-encrypted volume"?

 

[OlyAR15]

Actually, I'm not sure if the drives get encrypted at all. At least when upgrading from W10 to W11. I have 6 machines running 11 right now: 2 on Home, 4 on Pro. Neither of the Home machines appear encrypted, even though one is running on a MS account while the other is a local account. Of the 4 running Pro, I only enabled Bitlocker on one (and that was when it was running W10). None of the others have it enabled by default, even though one of the machines is on a MS account.

So I'm not sure if W11 Home encrypts drives by default. Possibly, if doing a clean install, it may, since Home requires you to use a MS account, but right now I have no way of verifying it. If it does encrypt, the encryption key will be stored on your MS account.

 

[daggs1]

so windows is now a os that cannot work without network?

 

[OlyAR15]

so windows is now a os that cannot work without network?

Yes, it works fine without a network. You can still log onto your MS account without an internet connection. It's just that, for whatever reason, MS has decided that W11 Home requires users to use an MS account when they first set up their computer. After that, you can switch to a local account. W11 Pro still allows use of a local account when first setting up a PC.

Obviously, upgrading a pc from W10 to W11 bypasses all of that.