Be careful how you turn off your PC
-
I have a couple of external USB drives for backups of data, attached to my PC. The drives are Bitlocker encrypted, in case one gets lost or stolen. Everytime I start the PC I have to use my Bitlocker password to get access to the drives. However, I recently discovered that once I have access to a drive, if I turn off the PC by hitting the power button instead of doing a proper shutdown through the Start menu, any "open" drives remain open. Next time I start the machine, the drive is immediately accessible. No password needed! You have to go through the proper shutdown procedure to ensure your machine won't have immediate access to the drive on the next startup. I must admit I haven't checked if a different computer will also have access to the drive left open on my main PC. But the point is: My main PC may get stolen with the external drives during a burglary, for example.
Ok, I have had my coffee, so you can all come out now!
-
I have a couple of external USB drives for backups of data, attached to my PC. The drives are Bitlocker encrypted, in case one gets lost or stolen. Everytime I start the PC I have to use my Bitlocker password to get access to the drives. However, I recently discovered that once I have access to a drive, if I turn off the PC by hitting the power button instead of doing a proper shutdown through the Start menu, any "open" drives remain open. Next time I start the machine, the drive is immediately accessible. No password needed! You have to go through the proper shutdown procedure to ensure your machine won't have immediate access to the drive on the next startup. I must admit I haven't checked if a different computer will also have access to the drive left open on my main PC. But the point is: My main PC may get stolen with the external drives during a burglary, for example.
Ok, I have had my coffee, so you can all come out now!
Check the power management settings - your power button is probably set to "sleep" or "hibernate" but there is a "Shut down" option which should restart the OS on power up and require access control to the drives:
Control Panel > Hardware and Sound > Power Options > Chose what the power buttons do"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
-
I have a couple of external USB drives for backups of data, attached to my PC. The drives are Bitlocker encrypted, in case one gets lost or stolen. Everytime I start the PC I have to use my Bitlocker password to get access to the drives. However, I recently discovered that once I have access to a drive, if I turn off the PC by hitting the power button instead of doing a proper shutdown through the Start menu, any "open" drives remain open. Next time I start the machine, the drive is immediately accessible. No password needed! You have to go through the proper shutdown procedure to ensure your machine won't have immediate access to the drive on the next startup. I must admit I haven't checked if a different computer will also have access to the drive left open on my main PC. But the point is: My main PC may get stolen with the external drives during a burglary, for example.
Ok, I have had my coffee, so you can all come out now!
-
Check the power management settings - your power button is probably set to "sleep" or "hibernate" but there is a "Shut down" option which should restart the OS on power up and require access control to the drives:
Control Panel > Hardware and Sound > Power Options > Chose what the power buttons do"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
Yes, I found the setting to change what the power buttons do. I changed that from "sleep" to "shut down". BUT: There is no way to save this change! X| At least not in the very latest version of Windows 11! When I exit the settings panel, Windows resets the setting to the default "sleep"! Stoopid Windows!
Ok, I have had my coffee, so you can all come out now!
-
I have a couple of external USB drives for backups of data, attached to my PC. The drives are Bitlocker encrypted, in case one gets lost or stolen. Everytime I start the PC I have to use my Bitlocker password to get access to the drives. However, I recently discovered that once I have access to a drive, if I turn off the PC by hitting the power button instead of doing a proper shutdown through the Start menu, any "open" drives remain open. Next time I start the machine, the drive is immediately accessible. No password needed! You have to go through the proper shutdown procedure to ensure your machine won't have immediate access to the drive on the next startup. I must admit I haven't checked if a different computer will also have access to the drive left open on my main PC. But the point is: My main PC may get stolen with the external drives during a burglary, for example.
Ok, I have had my coffee, so you can all come out now!
-
Yes, I found the setting to change what the power buttons do. I changed that from "sleep" to "shut down". BUT: There is no way to save this change! X| At least not in the very latest version of Windows 11! When I exit the settings panel, Windows resets the setting to the default "sleep"! Stoopid Windows!
Ok, I have had my coffee, so you can all come out now!
Did you hit the "Change settings that are currently unavailable" - the system settings are in UAC Registry so unless you are elevated, it won't change. Mine is set to "Shut down" and that is persistent.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
-
wow. The credentials are not revoked when restarting a machine ?
CI/CD = Continuous Impediment/Continuous Despair
Depends: if you hibernate or sleep, then probably not unless you log off and log in again. And since most people have "auto logout" disabled to save effort ... :-D
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
-
Did you hit the "Change settings that are currently unavailable" - the system settings are in UAC Registry so unless you are elevated, it won't change. Mine is set to "Shut down" and that is persistent.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
Yes I did change that setting and it is NOT persistent. Note: I am the only user on this machine and I am the only administrator. It is running Windows 11 Pro fully updated. I have hibernation mode turned off as it bloats up my system backup images.
Ok, I have had my coffee, so you can all come out now!
-
I have a couple of external USB drives for backups of data, attached to my PC. The drives are Bitlocker encrypted, in case one gets lost or stolen. Everytime I start the PC I have to use my Bitlocker password to get access to the drives. However, I recently discovered that once I have access to a drive, if I turn off the PC by hitting the power button instead of doing a proper shutdown through the Start menu, any "open" drives remain open. Next time I start the machine, the drive is immediately accessible. No password needed! You have to go through the proper shutdown procedure to ensure your machine won't have immediate access to the drive on the next startup. I must admit I haven't checked if a different computer will also have access to the drive left open on my main PC. But the point is: My main PC may get stolen with the external drives during a burglary, for example.
Ok, I have had my coffee, so you can all come out now!
Good to know. I'm the only one likely to access my machine, as I live and work out of the same place. That said, I've been known to angrily turn my machine off the bad way when it misbehaves. I know I'm not really "punishing" it, more myself, but it still feels cathartic.
Check out my IoT graphics library here: https://honeythecodewitch.com/gfx And my IoT UI/User Experience library here: https://honeythecodewitch.com/uix
-
Yes, I found the setting to change what the power buttons do. I changed that from "sleep" to "shut down". BUT: There is no way to save this change! X| At least not in the very latest version of Windows 11! When I exit the settings panel, Windows resets the setting to the default "sleep"! Stoopid Windows!
Ok, I have had my coffee, so you can all come out now!
Well, if your system *does* go in sleep mode, then it'll have to do a full power-up anyway if your system gets stolen and spends any amount of time without any power, just as if you'd have yanked the power cord while it was turned on, rather than doing it while it was sleeping--the results would be the same. Unless it's a laptop and the battery runs long enough. But perhaps more importantly (from my perspective): If your external drives are backups, physically disconnect them and only power them on when doing an actual backup. Ransomware is just as capable of encrypting your mounted backup drives as your main system. Especially since you enter your Bitlocker password on every boot, conveniently making your backups accessible to said malware.
-
Depends: if you hibernate or sleep, then probably not unless you log off and log in again. And since most people have "auto logout" disabled to save effort ... :-D
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
sudo init 0
>64 It’s weird being the same age as old people. Live every day like it is your last; one day, it will be.
-
I have a couple of external USB drives for backups of data, attached to my PC. The drives are Bitlocker encrypted, in case one gets lost or stolen. Everytime I start the PC I have to use my Bitlocker password to get access to the drives. However, I recently discovered that once I have access to a drive, if I turn off the PC by hitting the power button instead of doing a proper shutdown through the Start menu, any "open" drives remain open. Next time I start the machine, the drive is immediately accessible. No password needed! You have to go through the proper shutdown procedure to ensure your machine won't have immediate access to the drive on the next startup. I must admit I haven't checked if a different computer will also have access to the drive left open on my main PC. But the point is: My main PC may get stolen with the external drives during a burglary, for example.
Ok, I have had my coffee, so you can all come out now!
Similar, but unrelated... My first PC (1992) had the option to set a password in the BIOS... but it only worked on a cold boot. You could do a warm boot to bypass it when prompted for the password. :doh:
-
Well, if your system *does* go in sleep mode, then it'll have to do a full power-up anyway if your system gets stolen and spends any amount of time without any power, just as if you'd have yanked the power cord while it was turned on, rather than doing it while it was sleeping--the results would be the same. Unless it's a laptop and the battery runs long enough. But perhaps more importantly (from my perspective): If your external drives are backups, physically disconnect them and only power them on when doing an actual backup. Ransomware is just as capable of encrypting your mounted backup drives as your main system. Especially since you enter your Bitlocker password on every boot, conveniently making your backups accessible to said malware.
Sound advice, but I use Windows Security Ransomware Protection on all folders where data are stored. My Macrium system images are protected by Macrium's Image Garden against any and all unauthorized alterations. Then I also maintain an old style 8TB Western Digital spinning disk drive for off-line storage of all important data. This drive is kept powered down an disconnected 99% of the time. On top of all that: I make at least every week a DVD backup of all new critical data. The DVDs are closed and locked after creation to prevent any further changes. I have a high pile of such old DVDs in my off-line collection. As regards my system drive: If the worst happens I can always clean my systems drive and do a clean install of Windows on the drive. I have done many clean installs and it typically takes me 3 or so hours to be fully up and running. I always keep a few flash drives with the bootable tiny Windows PE operating system that has embedded the Diskpart utility that can forcibly clean any disk and prepare it for a clean install. I don't have much faith in backups on the cloud and mostly avoid that. Some of my critical backups are stored off site in a relative's residence. If you want to know more about Windows PE, see: Windows PE (WinPE) | Microsoft Learn[^]
Ok, I have had my coffee, so you can all come out now!
-
Sound advice, but I use Windows Security Ransomware Protection on all folders where data are stored. My Macrium system images are protected by Macrium's Image Garden against any and all unauthorized alterations. Then I also maintain an old style 8TB Western Digital spinning disk drive for off-line storage of all important data. This drive is kept powered down an disconnected 99% of the time. On top of all that: I make at least every week a DVD backup of all new critical data. The DVDs are closed and locked after creation to prevent any further changes. I have a high pile of such old DVDs in my off-line collection. As regards my system drive: If the worst happens I can always clean my systems drive and do a clean install of Windows on the drive. I have done many clean installs and it typically takes me 3 or so hours to be fully up and running. I always keep a few flash drives with the bootable tiny Windows PE operating system that has embedded the Diskpart utility that can forcibly clean any disk and prepare it for a clean install. I don't have much faith in backups on the cloud and mostly avoid that. Some of my critical backups are stored off site in a relative's residence. If you want to know more about Windows PE, see: Windows PE (WinPE) | Microsoft Learn[^]
Ok, I have had my coffee, so you can all come out now!
-
Similar, but unrelated... My first PC (1992) had the option to set a password in the BIOS... but it only worked on a cold boot. You could do a warm boot to bypass it when prompted for the password. :doh:
-
Good to know. I'm the only one likely to access my machine, as I live and work out of the same place. That said, I've been known to angrily turn my machine off the bad way when it misbehaves. I know I'm not really "punishing" it, more myself, but it still feels cathartic.
Check out my IoT graphics library here: https://honeythecodewitch.com/gfx And my IoT UI/User Experience library here: https://honeythecodewitch.com/uix
-
Wait, what? Boot from nothing, get prompted, Ctrl-Alt-Del, no prompt? It takes a special sort of genius to come up with that. I've had BIOSes that had options to set a password, but I've never bothered with them. Good to know they're utterly pointless.
Pressed the restart button... no prompt.
-
I have a couple of external USB drives for backups of data, attached to my PC. The drives are Bitlocker encrypted, in case one gets lost or stolen. Everytime I start the PC I have to use my Bitlocker password to get access to the drives. However, I recently discovered that once I have access to a drive, if I turn off the PC by hitting the power button instead of doing a proper shutdown through the Start menu, any "open" drives remain open. Next time I start the machine, the drive is immediately accessible. No password needed! You have to go through the proper shutdown procedure to ensure your machine won't have immediate access to the drive on the next startup. I must admit I haven't checked if a different computer will also have access to the drive left open on my main PC. But the point is: My main PC may get stolen with the external drives during a burglary, for example.
Ok, I have had my coffee, so you can all come out now!
Cp-Coder wrote:
if I turn off the PC by hitting the power button instead
If a desktop then it means power outage would do the same.
Cp-Coder wrote:
My main PC may get stolen with the external drives during a burglary, for example.
I am not rigorous in this but I do see a lot of PC cases with lock ports. Attach a cable lock to it and a heavy desk. Then less risk unless it is a targeted theft.
-
Pressed the restart button... no prompt.
PIEBALDconsult wrote:
Pressed the restart button... no prompt.
What's "the restart button"? If you mean the Restart option in Windows (or your OS of choice), then yeah, it makes sense. The OS has already booted, so you've proven you know the BIOS password by that time. But if you mean the physical power button on your PC to restart - from the BIOS password prompt (because that's as far as you can make it) - then it might as well not be there, because it offers no protection at all...
-
PIEBALDconsult wrote:
Pressed the restart button... no prompt.
What's "the restart button"? If you mean the Restart option in Windows (or your OS of choice), then yeah, it makes sense. The OS has already booted, so you've proven you know the BIOS password by that time. But if you mean the physical power button on your PC to restart - from the BIOS password prompt (because that's as far as you can make it) - then it might as well not be there, because it offers no protection at all...
dandy72 wrote:
the physical power button
Yes.
