Is securecore/ device encryption activated on acer An17-41 laptops,encrypting data automatically

Mikie
Mikie Member Posts: 11

Tinkerer

edited December 2023 in Windows 11

Hello

I just bought the above laptop and was wondering, "there has been a bit of buzz" that win-11 23h2 install "from update system or clean installing 23h2" is encrypting data automatically with bitlocker and insisting users in creating a microsoft account to upload bitlocker key to servers

my new 17 Nitro laptop came with 11 home and on 22h2 and I upgraded to 11 pro and clean installed 22h2 as well to get rid of all the sludge from mcAfee/…

I don't want to use a MS account or use bitlocker both are hideous obstacles seeing I have no intention to buy or subscribe/ use any ms products besides the operating system

I have used some code to disable encryption but if acer has and activates device encryption in my devices bios none of this will matter will it ?

Anyway this is the cmd string I use t5o disable encryption

reg add "HKLM\System\CurrentControlSet\Control\BitLocker" /v "PreventDeviceEncryption" /t REG_DWORD /d "1" /f
fsutil behavior set disableencryption 1
manage-bde -off C:
manage-bde -off D:
manage-bde -off E:
manage-bde -off F:
cipher /d /e /f /s:C:sc config EFS start= disabled
sc config BDESVC start= disabled

I noticed in acer bios tpm and other settings on that page are locked from my access.

Where are the win-10 drivers in short lol win-11 is not that special anyway it's just being to obnoxious and demanding which I hate both properties.

[Edited the thread to add model name to the title]

Best Answers

  • billsey
    billsey ACE Posts: 34,672 Trailblazer
    Answer ✓

    Device encryption shouldn't be on unless you told Windows to do that during the initial setup. It's easy to see, just go to Settings; Privacy and Security; Encryption to verify it's off.

    Your system is new enough that there aren't Windows 10 drivers for the chipset.

    Click on "Like" if you find my answer useful or click on "Yes" if it answers your question.
  • Puraw
    Puraw ACE, Member Posts: 14,136 Trailblazer
    Answer ✓

    It's not Windows but SSD and laptop vendors that "automatically" encrypt boot drives in the 2023 laptops.

  • Mikie
    Mikie Member Posts: 11

    Tinkerer

    Answer ✓

    Hi,

    Well mounting 23h2 was pretty uneventful thankfully bitlocker never activated as it did on some dell and hp laptops I mentioned earlier

    So thank you acer for not bowing down to microsoft crazy bitlocker usage demands, my first hint should of been bitlocker was not activated out of the box 👍️

    As far as basic settings go ms is well known for ignoring personal preferences made in settings/ group policy/…. after large updates so no way I'd rely on just those options I'd rather hunt for reversal code hehe

    Cipher was wrong on my op's code I can't edit it so here it is again that works.

    reg add "HKLM\System\CurrentControlSet\Control\BitLocker" /v "PreventDeviceEncryption" /t REG_DWORD /d "1" /f
    fsutil behavior set disableencryption 1
    manage-bde -off C:
    manage-bde -off D:
    manage-bde -off E:
    manage-bde -off F:
    cipher /d /s:C:sc config EFS start= disabled
    sc config BDESVC start= disabled

Answers

  • Mikie
    Mikie Member Posts: 11

    Tinkerer

    Hardware on 17 nitro

    an17-41

    Part Number: NH.QKMAA.001

    7840hs/ 4060/ 1tb sock acer m.2/ 4tb WD sn850x m.2 which I want none of them ever encrypted !

  • billsey
    billsey ACE Posts: 34,672 Trailblazer
    Answer ✓

    Device encryption shouldn't be on unless you told Windows to do that during the initial setup. It's easy to see, just go to Settings; Privacy and Security; Encryption to verify it's off.

    Your system is new enough that there aren't Windows 10 drivers for the chipset.

    Click on "Like" if you find my answer useful or click on "Yes" if it answers your question.
  • Puraw
    Puraw ACE, Member Posts: 14,136 Trailblazer
    Answer ✓

    It's not Windows but SSD and laptop vendors that "automatically" encrypt boot drives in the 2023 laptops.

  • Mikie
    Mikie Member Posts: 11

    Tinkerer

    Hi,

    Thanks for the replies

    I'll assume you two have 23h2 installed ?

    Well that is the way it should work in a perfect world

    But we aren't in that place lol

    So I'll test this with 23h2 latest official public release and mount it on my current install and see if the device encryption activates because it is off atm as it should be seeing even acer oobe the DE setting was off.

    Plus I'd like to see how the cmd strings work but I'm sure not going to leave my 4tb game/ media storage drive installed lol

    If DE does activate it must be because microsoft snuck bitlocker use into the terms of use of 23h2 about all that is let to assume.

  • Mikie
    Mikie Member Posts: 11

    Tinkerer

    Hi,

    And is why I'm asking the question on acer's site

    OS m.2 is acer's "which is pretty fast by the way" and laptop as well.

  • billsey
    billsey ACE Posts: 34,672 Trailblazer

    Although the shell commands will likely disable encryption, they might not be complete. It's best to just disable it through Settings, so everything is handled correctly. Manually changing registry entries without knowing exactly what each does isn't typically a good idea…

    Click on "Like" if you find my answer useful or click on "Yes" if it answers your question.
  • Mikie
    Mikie Member Posts: 11

    Tinkerer

    Answer ✓

    Hi,

    Well mounting 23h2 was pretty uneventful thankfully bitlocker never activated as it did on some dell and hp laptops I mentioned earlier

    So thank you acer for not bowing down to microsoft crazy bitlocker usage demands, my first hint should of been bitlocker was not activated out of the box 👍️

    As far as basic settings go ms is well known for ignoring personal preferences made in settings/ group policy/…. after large updates so no way I'd rely on just those options I'd rather hunt for reversal code hehe

    Cipher was wrong on my op's code I can't edit it so here it is again that works.

    reg add "HKLM\System\CurrentControlSet\Control\BitLocker" /v "PreventDeviceEncryption" /t REG_DWORD /d "1" /f
    fsutil behavior set disableencryption 1
    manage-bde -off C:
    manage-bde -off D:
    manage-bde -off E:
    manage-bde -off F:
    cipher /d /s:C:sc config EFS start= disabled
    sc config BDESVC start= disabled