Remotely BitLocking

In a corporate IT environment is very common to use the BitLocker Drive Encryption technology to prevent data from being read in case of a stolen drive.

Remember that, if a unencrypted drive is stolen from a machine and connected to a foreign computer, most likely the attacker can get access to all the content of the drive regardless the fact that users logged with secure password.

The BDE techology encrypt the disk so it must first be decoded when connected to another machine before being able to read data from it.
Another feature of BDE is that you can lock it with a PIN that is asked to the user before Windows loads, so it acts as a sort of two-factor authentication. Strictly speaking, the two factors should not be two different things the user knows – in this case they are both passwords – but this is an additional security layer several companies like to add.

For IT Professionals it is a useful feature to be able to reset or change the PIN remotely.
Commonly it is thought that this must be done using a remote screen control, or some kind of remote execution tool, but in reality the BDE suite comes with a full set of command-line interfaces that have built-in remote capabilities.

In this specific case, changing the PIN remotely is simply as the following example:

C:\WINDOWS\system32>manage-bde -changepin c: -computername hostname

Where:

  • manage-bde -changepin
    is the main tool to command BDE, you can learn more at Manage-bde.exe Parameter Reference
  • c:
    is the drive letter you want to manage BDE of
  • -computername hostname
    the parameter indicating you want to operate on a remote machine which name is hostname

Result of this command will be

BitLocker Drive Encryption: Configuration Tool version 6.1.7601
Copyright (C) Microsoft Corporation. All rights reserved.

Computer Name: hostname

Type the new PIN: ******
Confirm the new PIN by typing it again:******

where you need to enter and re-enter the new PIN for confirmation and finally

Your PIN has been successfully updated.

It is worth noting, even if this is quite obvious,  that this command must be entered by an elevated command prompt where you have administrative permission to the remote machine.

Advertisements

What’s your number?

I assume I do not need to present here the music streaming service Spotify.
Though very costly is the latest and greatest service to listen music unlimited in regards to time and devices.

Spotify is also a very social application that easy allow users to show and whatc what their freinds are listening to.
Freinds are determined using relations on Facebook, but not all the users decide to link Spotify and Facebook accounts, so sometimes you might have a hard time finding your friends.

One easy way to add a riend not connected via Facebook is to use the direct link in the form

spotify:user:UserID

Where UserID is the numerical identifier of any user. It is very easy to find this number, but it appears three is some confusion on how to find it: this is a very easy guide on how to look for it.

playlistFirst of all open the desktop client and pick any of your playlist: below the playlist title you’ll find your display name. It is an hyperlink, just click it.

userNext page is your own homepage and it contains all of your information including the ID: click on the ellipsis button below your name and choose “Copy Spotify URI”.

That string is the direct link to your user: you can give it to a friend that can go directly to your page by pasting it in the Spotify Client Search field.