• tias@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    3
    ·
    9 months ago

    Thanks, that sounds really useful. I’m guessing it won’t work unless you’re local admin though.

      • tias@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        4
        ·
        edit-2
        9 months ago

        Which kind of makes it useless in many corporate environments where it’s most needed, since the users won’t be able to set their own password.

        • d3Xt3r@lemmy.nz
          link
          fedilink
          English
          arrow-up
          5
          ·
          9 months ago

          I mean, if it’s a corporate device then it’s really a policy IT should be setting - this can be easily be done via a GPO or Intune policy, where an elevated script can prompt the end-user for a password.

          • LifeInMultipleChoice@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            9 months ago

            Yarp. And when they forget it we use the 48 numerical recovery key found using the recovery ID that shows on the screen when you hit escape (from the bitlocker screen)

          • lud
            link
            fedilink
            English
            arrow-up
            1
            ·
            9 months ago

            It would be insane to let non admin change settings like this.

            • tias@discuss.tchncs.de
              link
              fedilink
              English
              arrow-up
              1
              ·
              9 months ago

              I’m talking about letting the user change their own password. I’m honestly not sure how that would be technically accomplished in this situation without having to contact IT each time. It seems like something Microsoft should provide a no-frills GUI for that doesn’t require elevation.

              • lud
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                9 months ago

                Yeah, that could be neat as long as they still add a recovery key to the AD or somewhere else. A problem with that is that the users will likely choose shit passwords. That could be mitigated with password rules but still

                I suspect Microsoft wants you to use TMP or physical keys instead of passwords.