Encrypted vhdx moved to new host, boots without pin or recovery key
Hyper-V environment. Enabled VTPM on guest Server, 2022 OS and encrypted OS drive C:\ with BitLocker. Host server 2022 has physical TPM. Shut down guest OS and copied vhdx file to another Hyper-V host server that is completely off network (also server 2022 with a physical TPM). Created a new VM based on the "encrypted" vhdx. I was able to start the VM without needing a PIN or a recovery key. Doesn't this defeat the whole point of encrypting vhd's? Searching says that this should not be possible, but I replicated it twice on two different off network Hyper-V host servers. Another odd thing is that when the guest boots on the new host and you log in, the drive is NOT encrypted. So, where's the security in that? Does anyone have any ideas on this or if I'm missing something completely? Or have I just made Microsoft angry for pointing out this glaring flaw??
VHDX size reduction
I still have hopes. The dynamic VHDX container is so useful however it has a big downfall as it cannot shrink. Adding data into a dynamic VHDX keeps it expanding in size even if you delete data from it. This often gives ridiculous results when there is a 500 GB VHDX container containing only serverl GBs of data. I know that shrinking is possible with an awkward procedure of taking the VHDX offline, defragment it, null free space (with external tool as Windows cannot do that) and then use a Poweshell command and hope the size gets reduced. But we have 2021 now and there should be a way of self-shrinking dynamic VHDX that never occupis more space than data in it requires. And if data is reduced, it shrinks without any required interation. Otherwise this 'dynamic' VHDX is just a sad joke.