How to hide the name and type when typing rlone config

that's right .
I will try another option

Sounds like your Win11 wasn’t installed according to Microsoft recommendations, otherwise I would expect the disk to be encrypted by BitLocker (aka device encryption in Windows Home when using a Microsoft account).

Did you see a green checkmark on the Windows Security shield in the taskbar? Did you have all green checkmarks in Settings/Windows Security? Was BitLocker active under Settings/Device encryption?

I have a couple of ideas, if your situation is that you can accept that somebody may have messed with the data you are uploading, but you want to be absolutely sure they cannot see or mess with your Gdrive.

One possibility is to upload to another Gdrive that has its content shared with your main GDrive. You can the periodically copy the content from the insecure GDrive to you main Gdrive – using rclone on a secure computer or manually using 2-factor login in GDrive Web interface.

Another possibility is to execute rclone on safe computer copying from the unsafe computer to your Gdrive.

this is a complex topic but very interesting, always something to learn.

  • i have never used home edition myself, or in corporate environment.
    sure some family have it, never tried to really secure it.
    i will have to look into win11.home and what are the requirements versus recommendations are.

for sure not, otherwise i could not boot using winpe iso and copy the rclone.conf file.
my point is that not.secureboot+tpm is a joke unless there is no bios to disable them.

edit: i have just read that win11.home requires a micro$oft email account.

if true, then that combo scares the monkey in me!

imho, humans suffer from a mental condition that dr.jojo calls clickatosis.
clickatosis, or in the common vernacular, click-crazy, is when humans click on this and that without a conscious decision, thus allowing spyware into the winbox.

now that spyware not only access all local user documents, but all micro$soft emails and onedrive documents. now, micro$soft connects winbox to android phone, run android apps on windoz.

i installed win11.homeless.

  • not.secureboot enabled
  • tpm enabled.
  • used micro$soft account, using @hotmail.com email address.
  • installed rclone, created a remote
  • had that magical mythical "green checkmark on the Windows Security shield in the taskbar".
    see screenshot below.
  • shutdown
  • disabled not.secureboot
  • disabled tpm
  • booted into winpe.
  • mounted that hard drive c: drive as z: drive.
  • ran rclone listremotes

I am missing this bit:

PS C:\Windows\system32> Get-BitLockerVolume
 
   ComputerName: XXXXXXX
 
VolumeType      Mount CapacityGB VolumeStatus           Encryption KeyProtector              AutoUnlock Protection
                Point                                   Percentage                           Enabled    Status
----------      ----- ---------- ------------           ---------- ------------              ---------- ----------
OperatingSystem C:        XXXXXX FullyEncrypted         100        {Tpm, RecoveryPassword}              On

and suppose your VM was installed without automatic activation of BitLocker/device encryption.

In my little corner of the world BitLocker has been standard on business pc's for the past 10+ years and on private pc's for the past 2+ years; and I have found this to be true in my recent real world win10.home installs:

BitLocker automatic device encryption

BitLocker automatic device encryption uses BitLocker drive encryption technology to automatically encrypt internal drives after the user completes the Out Of Box Experience (OOBE) on Modern Standby or HSTI-compliant hardware.

Note: BitLocker automatic device encryption starts during Out-of-box (OOBE) experience. However, protection is enabled (armed) only after users sign in with a Microsoft Account or an Azure Active Directory account. Until that, protection is suspended and data is not protected. BitLocker automatic device encryption is not enabled with local accounts, in which case BitLocker can be manually enabled using the BitLocker Control Panel.

Source: BitLocker drive encryption in Windows 10 for OEMs | Microsoft Docs

Perhaps things are different in a VM?
Perhaps I live in a secure enclave?

@tilinux0 Sorry to disturb your thread and original issue.

yeah, so i will end this by agreeing with you about business and enjoyed the back and forth.

https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-bitlocker
"However, protection is enabled (armed) only after users sign in with a Microsoft Account"

i have no experience with scary combo of win11.home + microsoft account.

running win11.home with microsoft account in a vm, should give the same result, would be shocked if different.
i will test that this weekend, on modern physical hardware.

1 Like

For what it's worth, I just reinstalled my gaming rig with Windows 11 from scratch, signed in with my normal MS account and BitLocker is off by default.

I think the difference is based on if you are doing a 'fresh' clean install from MS / OEM install from a manufacturer or you want to turn it on.

Regardless, if you want to turn on bitlocker, that would help with physical access to the disk which I think is the point.

In my example on my home Linux server, I don't any disk encryption as if someone breaks into my house, steals my hard drive from the basement, good luck to them with getting it up and grabbing my password from it.

  1. from that link you shared https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-bitlocker
    "on Modern Standby or HSTI-compliant hardware."
  2. as i am a dell guy, i found this https://www.dell.com/support/kbdoc/en-us/000124701/automatic-windows-device-encryption-bitlocker-on-dell-systems
    image

so that defines a very narrow subset of devices, that support modern standby + soldered RAM.
i do not think i ever worked on such a device. perhaps microsoft surface.

and that explains my test results, using a hyper-v vm, and @Animosity022 example on physical.
note: hyper-v guests have access to not.secureboot + tpm and i know for sure, bitlocker works fine.

in winworld, as i have demonstrated, can simply boot into gparted, using usb/cdrom, and access all files.
are you stating, in the same use case, on linux, i cannot boot that same way and extract files the same way?

We're severely hijacking this guy's thread.

So let's end it please.

Withy physical access and no encryption, you can see any data.

the OP has moved on to https://forum.rclone.org/t/include-syntax-in-the-bat-script-to-read-the-password-and-run-rclone/28070/23.
i am helping there and will make sure to stay on the topic.

which means this topic is open if anyone wants.
if no one replies, then this will close on its own.

we can see why win11.home would very rarely auto-enable device encryption.
this is taken from w11.home system information.


i would assume that is the same as @Animosity022 winbox?

and on my lenovo thinkpad, w11.pro, with bitlocker already enabled


i think that thunderbolt is not allowed to be enabled.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.