locked
Bitlocker on shared external drives??? RRS feed

  • Question

  •  

    Been searching for a while across the net and only come up with a couple of snippets of information, but no detailed descriptions.

     

    We're likely going to be moving to Bitlocker as a standard for all Consultants in the field. We also provide external HD's for use as backups, runind VHD's, sharing information, etc. We know our Consultants will have the need to share HD's between computers. The question is, can we protect the HD's with Bitlocker and still share them between Consultants?

     

    My understanding is that it *may* be possible, but that it would require (arguably) mounting the drive using the Bitlocker management console each and every time, due to the different TPM.

     

    Theoretically, this could extend to flash drives as well. EFS has been discussed, but some have expressed concern due to poor experiences in the past.

     

    Any thoughts?

    Friday, August 8, 2008 3:22 PM

Answers

  • Hi,

     

    BitLocker is designed to encrypt the entire drive, including the Windows system files necessary for startup and logon. I'm afraid it's not a good idea to use it on a USB drive that need to work on different computers.

     

    For your purpose, I think Encrypting File System (EFS) should be a better choice.

     

    Thanks.

     

    Wednesday, August 13, 2008 10:32 AM

All replies

  • With my understanding, BitLocker protection is virtually transparent to the user in day-to-day use. And I didn't have the experience that Bitlocker preventing sharing information.

     

    A general suggestion, I think you should set up a test environment before you deploying Bitlocker to all computers.

     

    Thanks.

    Monday, August 11, 2008 10:35 AM
  •  

    Thanks.

     

    We're definitely going to do our homework and test this thoroughly prior to deployment.

     

    Unfortunatley, your response doesn't completely answer my question. I'm not concerned about sharing of information, I'm interested in the idea of physically sharing a USB drive (not via windows shares). From what little inforomation I have found, which isn't much, the drive would be tied to the TPM of the computer applying BitLocker. Once moved to another computer, with a different TPM, will the user be able to see the data, or will he/she have to use the Bitlocker console to, essentially, associate the drive with the new TPM?

    Monday, August 11, 2008 7:18 PM
  • Hi,

     

    BitLocker is designed to encrypt the entire drive, including the Windows system files necessary for startup and logon. I'm afraid it's not a good idea to use it on a USB drive that need to work on different computers.

     

    For your purpose, I think Encrypting File System (EFS) should be a better choice.

     

    Thanks.

     

    Wednesday, August 13, 2008 10:32 AM
  • thx

    Wednesday, August 13, 2008 2:21 PM
  • I do this all the time with a USB-connected hard drive. I am a consultant in Northern California and I have several hard drives and the only thing that has been required is a password to unlock the drive. 

    I keep my accounting software on a disk that has a Windows XP VM. When I changed computers, I connected it to my laptop, unlocked the drive and ran the VM to get to the software.

    There are two cautions I can share with you. First, I have had limited success between Bitlocker on Windows 7 and Windows 2012 server (specifically R2). Second, the encryption levels need to match. I have changed all of my levels to 256-bit, and while I thought the higher encryption would be able to unlock a drive with lower encryption, No Dice. 


    • Edited by Thirdnet Tuesday, September 16, 2014 5:57 PM bad grammer
    Tuesday, September 16, 2014 5:56 PM