Windows

Enable BitLocker without TPM.

6 March 2023 in Windows tagged BitLocker / data protection / encryption / security / tpm / Trusted Platform Module / windows / Windows 10 / windows 10 pro / windows 10 professional by Tux

As technology advances, the need for security in our devices also increases. Windows 10 Pro offers a feature called BitLocker, which can help protect your files from unauthorized access. However, not all devices have a Trusted Platform Module (TPM) chip that BitLocker requires to function. Don’t worry, though, as there is still a way to enable BitLocker on your device without a TPM.

In this post, we will guide you through the process of enabling BitLocker on your Windows 10 Pro device without a compatible TPM. We have also included a video tutorial that you can follow along with.

Step 0: Check if your device has a compatible TPM.

Before we get started, you should check if your device has a compatible TPM. To do this, press the Windows key + R on your keyboard to open the Run dialog box. Type tpm.msc and press Enter. If your device has a TPM, you will see a window that shows its status.

Step 1:

Follow the steps in the video to change the configuration of BitLocker so that it will allow you to set it up without a compatible TPM.

Step 2: Enable BitLocker

If your device does not have a compatible TPM, we can still enable BitLocker by using a password or USB key instead. To enable BitLocker, right-click on the drive you want to encrypt and select “Turn on BitLocker.”

Step 3: Choose your preferred unlock method

When prompted to choose an unlock method, select “Enter a password” or “Insert a USB flash drive.” If you select the USB option, you will need to insert the USB drive before proceeding.

Step 4: Choose how much of your drive to encrypt

You can choose to encrypt only the used space or the entire drive. Select your preferred option and click “Next.”

Step 5: Choose where to store your recovery key

Your recovery key is a backup that you can use to access your files if you forget your password or lose your USB key. Choose whether to save the recovery key to your Microsoft account, save it to a file, or print it. Make sure to store your recovery key somewhere safe.

Step 6: Begin the encryption process

Once you have chosen your settings and saved your recovery key, click “Start encrypting.” The encryption process may take some time, depending on the size of your drive.

Congratulations! You have successfully enabled BitLocker on your Windows 10 Pro device without a compatible TPM.

Please refer to the accompanying video for a visual guide and demonstration of the steps outlined in this post.

Increase BitLocker to 256-bit

4 March 2023 in Windows tagged 256bit / BitLocker / data protection / encryption / security / windows / Windows 10 / windows 10 pro / windows 10 professional by Tux

Encryption is an essential security measure that helps protect your sensitive data from unauthorized access. One of the most popular encryption tools available for Windows 10 Pro is BitLocker, which can encrypt your entire hard drive or specific folders and files. By default, BitLocker uses 128-bit encryption, which is considered secure but not the most robust option. If you want to increase the encryption key to 256 bits, which is the highest level of encryption currently available, follow these steps:

In summary, increasing your BitLocker encryption key to 256 bits is an easy way to add more security to your data. With 256-bit encryption, you can rest assured that your sensitive data is well protected.

Microsoft invented a new way to force users into using their online accounts

22 September 2022 in Windows tagged Microsoft / S-Mode / windows by Tux

It became apparent that new Microsoft installations are getting increasingly aggressive, forcing users to create an online Microsoft account on their machines.

Please note that we created a new online Microsoft account in the end… We do not have a working solution to this issue.

Backstory: we purchased a new laptop that had Microsoft Windows 10 pre-installed. The first time we booted it, we did not want to sign in using a Microsoft online account, so we did not give internet to the laptop. Doing so allowed us to create a local account on the computer without associating it with an online account.

After several updates, we tried to install Firefox, and besides the usual annoying Microsoft advertisements about Bing, we got the following messages for Microsoft Windows S Mode.

For security and performance, this mode of Windows only runs Microsoft-verified apps

Initial notification of Microsoft S Mode – For security and performance, Windows 10 in S mode runs Microsoft-verified apps

After clicking on the “Learn More” button, we got the following:

Clicking on the “Get” button got us to the Microsoft Online Account login form…

Microsoft sign-in form appears when you try to switch out of S mode.

We then closed all windows, disabled internet access, and tried installing Firefox again. This time, we got the following message:

After disabling the internet connection, we tried to bypass the SmartScreen and the S mode settings

After clicking on the “Run” button, we got stopped again by the Microsoft Windows S Mode settings.

As this post mentioned, we eventually created a new online Microsoft account and used it to log in and disable Microsoft S Mode.

Cloudflare certificate on tomcat windows server

7 September 2022 in Windows tagged cloudflare / keystore / keytool / server / tomcat / windows by Tux

Use Keytool to Create a New Keystore at your Windows Server

Step 1

At your server, generate the Keystore file using keytool command at your command line window with the following command:

keytool -genkey -alias tomcat -keyalg RSA -keystore your_site_name.keystore -validity 3650

In the command above, your_site_name should be the name of the domain you want to secure with this SSL/TLS certificate.
When prompted for the first and last name, type the Fully Qualified Domain Name (FQDN) for the site you are securing with this certificate (e.g., www.yourdomain.com, mail.yourdomain.com).

Step 2

Generate a Certificate Signing Request (CSR) from your New Keystore using the keytool command:

keytool -certreq -alias tomcat -file certreq.csr -keystore your_site_name.keystore -keysize 2048

When prompted, enter the password you created earlier (when you created your new Keystore).
In your current directory, certreq.csr now contains your CSR.

Create the certificate from Cloudflare using the certificate request that you created from your Windows Server

Step 3

Open your Cloudflare account, select your domain, open the SSL/TLS tab and click on Origin Server to create the certificate

Step 4

Select the option I have my own private key and CSR where you will Copy-Paste the certificate you saved on the txt file from your Windows Server (certreq.csr), fill in the hostnames, select the expiration years, and press Create

Step 5

Copy-Paste in PKCS#7 key format the certificate in a text file and save the file

Import Cloudflare Origin CA root certificate at your Windows server

Step 6

Copy the Cloudflare Origin CA — RSA Root certificate from the Cloudflare website, save to a file and transfer it to your Windows Server.
[https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/#4-required-for-some-add-cloudflare-origin-ca-root-certificates]
Filename: origin_ca_rsa_root.pem

Step 7

Import the root certificate into your Keystore file.

keytool -import -alias root -keystore your_site_name.keystore -trustcacerts -file origin_ca_rsa_root.pem

Add the public certificate from Cloudflare to your Windows Server

Step 8

Copy the file with the PKCS#7 certificate from Cloudflare at your Windows Server

Step 9

Run the following command to import the public certificate at your Keystore

keytool -import -alias tomcat -keystore your_site_name.keystore -file your_site_name.p7b

You should get a confirmation that the “Certificate reply was installed in Keystore.”

Use the newly created server origin certificate from Cloudflare for your website.

Step 10

Find your Tomcat server configuration (server.xml file), make the following changes at your Connector, and save the file.

<Connector executor="tomcatThreadPool" port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Program Files\SysAidServer\ keystore your_site_name.keystore" keystorePass="XXXXXXXXXXXXXX" />

Step 11

Restart the Tomcat service

Bytefreaks.net – a place for hacks