[Bug] - Personal Data Encryption Conflict #141
Description
Baseline Info (please complete the following information):
- OS: Windows 11 - 25H2
- Version: 3.7
Describe the bug
For Personal Data Encryption to turn on, it requires the setting "Sign-in and lock last interactive user automatically after a restart" to be disabled
To Reproduce
Steps to reproduce the behaviour:
Win - OIB - SC - Device Security - D - Login and Lock Screen - v3.1 has the setting "Sign-in and lock last interactive user automatically after a restart" set to Enabled.
Win - OIB - ES - Encryption - U - Personal Data Encryption - v3.4 is setup to enable personal data encryption.
Looking at files protected by the PDE lock and right clicking the file, selecting advanced under attributes, selecting Details under Compress or Encrypt attributes reports that Personal Data Encryption is off.
Expected behaviour
Enabling PDE places a lock on files and upon right clicking the file, selecting advanced under attributes, selecting Details under Compress or Encrypt attributes it should show that PDE is ON.
Screenshots
Link from Rudy Ooms detailing the issue at his patchmypc blog.
Additional context
Microsoft documentation describing requirement for ARSO to be turned off
This change would also meet compliance for:
CIS Ref 3.11.50.1
(L1) Ensure 'Sign-in and lock last interactive user automatically after a restart' is set to 'Disabled'
Net positive on user experience and benefits patch compliance without user interruption. Only enabled when BitLocker is on and not suspended.
Win - OIB - SC - Device Security - D - Login and Lock Screen