Windows Server TechCenter >
Windows Server Forums
>
File Services and Storage
>
What technology must we use to write an application to BACKUP a BitLocker'ed volume
What technology must we use to write an application to BACKUP a BitLocker'ed volume
- Hello,
Question: What technology must we use to write an application to BACKUP a BitLocker'ed volume?
I hope that this is the appropriate forum.. If not, please tell me where to go...
We are creating an application that must be able to backup/restore BitLocker'ed volumes. We can detect that a volume is BitLocker'ed, but the question is what to do next. As a backup application, we need to be able to backup the files while maintaining their encryption, key, and ownership. Of course, the appropriate privs will be enabled, and the user will be an Administrator.
I have searched online and at MSDN, but have not found any clear solutions when the BitLocker'ed volume is in its locked state. Of course, if it is unlocked, then it is a simple copying operation. So, while it is locked, we cannot use CopyFileEx(), we cannot use BackupRead, and we cannot use the EFS functions. There must be a way to perform data backups of BitLocker'ed files and the only idea that I have is to use VSS. I have not found anything saying that this is the way to go, but I assume that BitLocker has some kind of VSS writer, which would be used to copy the files. Anyway, I hope that someone can give me an idea as to how to proceed...
By the way, I have read the VSS documentation at MSDN. It mentions being able to have portable images and being able to mount them. There are no details, so I hope that I can find more documentation somewhere.
Thanks in advance for your help and suggestions,
Mike
Mike
All Replies
- I am looking for an answer to your question about bitlocker'ed volume backup. Dont have one yet
Regarding VSS, I am not sure VSS is your answer. VSS is part of the solution, but I dont see it as THE solution.
I also strongly believe that VSS images are portable only when a hardware snapshot is involved. The phrase I believe used in Microsoft presentations is "transportable snapshots" - Hi Dilip,
Thank you for your response... It has been very frustrating to get information on my core question... How to write a backup utility for BitLocker'ed volumes. I've read everything that i can find, but to no avail. If VSS is not the solution, then the only conclusion that I can reach is that Microsoft licenses the technology, which would explain why it does not exist at MSDN or anywhere that I can find on the Internet. If it is licensed, I hope that someone from Microsoft will provide me with contact information so we can proceed with our work.
Mike
Mike - I am also very sure the technology is not licensed - its just not well documented
Anything that 1000's or 10,000s of thousands of developers need is well documented
VSS will simply give you a consistent, point in time view of the volume while things continue to change. The VSS Writer is really a "per application" beast that participates in providing this consistent point in time view. It plays no role in "streaming" this point in time view which is what you want to do
There's more to say, but not in a public forum. Besides, its not directly relevant. It might help to take this offline - I have some really basic questions about what you are trying to achieve and I would rather not ask you publicly since I am not sure you would be comfortable with that
www.msftmvp.com and VHD tools at www.VMUtil.com - I am not sure what you mean by access to a locked bitlockered volume
By default, if all goes well, when a valid user or admin logs on, the bitlocker volume is unlocked
So I am not sure I follow the scneario where the volume is locked. My understanding is that the whole purpose of bitlocker is to prevent meaningful data being recovered when the volume is locked?
www.msftmvp.com and VHD tools at www.VMUtil.com - Hi Dilip,
From my understanding of BitLocker, no one can access a BitLocker locked volume, even Administrators, without the key. Once it has been opened, then the usual NTFS security comes into play and the usual CopyFileEx, BackupRead, EFS functions can be used.
My thoughts about VSS being the mechanism to use to backup BitLocker'ed volumes is pure conjecture. I have found hits in VSS documentation and based my idea how VSS treats databases... So, by analogy, I figured that the same kind of mechanism might work with BitLocker'ed volumes. Maybe, MS may have created a writer for accessing BitLocker'ed volumes, so my application can simply use the VSS mechanisms to shapshot the drive, and then copy the files. The assumption is that the mythical VSS writer would take care of accessing the locked BitLocker volume on our behalf and would read/write encrypted data for us... Much like the EFS function do... All of this is pure conjecture because I have not found any solid piece of information from MS about how to write an application that will backup and restore BitLocker'ed volumes. It is v-e-r-y frustrating because I have spent many, many hours investigating, posting, sending e-mails but to no avail. I cannot believe that there is no resource out there to tell me how to proceed with writing an application to backup and restore BitLocker'ed volumes. For regular files: Easy. For EFS files: Easy. For BitLocker'ed Volumes: NO ONE SEEMS TO KNOW!!! aRgGgGgGg!!! :)
Mike
Mike
