none
Swapping BitLocker-enabled OS drives in one system RRS feed

  • Question

  • I have a system that has multiple removable OS hard drives (Windows 10 Pro) that are removed/inserted according to the work required by the user. I need to provide DAR encryption for these hard drives. Is it possible to swap multiple OS hard drives, all with BitLocker enabled, on one single system?
    Wednesday, July 19, 2017 2:19 PM

All replies

  • Hi AmaMar,

    Yes, you can swap multiple hard disks on the same computer if BitLocker is enabled, but only if the hard disks were BitLocker-protected on the same computer. The BitLocker keys are unique to the TPM and operating system drive, so if you want to prepare a backup operating system or data drive for use in case of disk failure, you need to make sure that they were matched with the correct TPM. You can also configure different hard drives for different operating systems and then enable BitLocker on each one with different authentication methods (such as one with TPM-only and one with TPM+PIN) without any conflicts.

    Hope it will be helpful to you


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 20, 2017 2:43 AM
    Moderator
  • No problem at all, nothing to know or take care of. Just be aware to understand that a TPM chip is per computer and not per OS. So if, booted to OS1, you reset/clear the TPM (for whatever reason) and you used the TPM with bitlocker on OS2 as well, then the keys to open OS2 will also no longer reside in the TPM and you would need the recovery key to it.

    I can also offer some instructions for bitlocker multiboot, just in case you would no longer want to swap drives but keep them side by side:

    I used a hyper-v machine - if anyone would like to try it in hyper-v, first, but does not run the latest hyper-v version that supports virtual TPM chips, you would need to activate the Policy "Require additional authentication at Startup"
    • add a hard drive with 40 GB, boot setup, create a 20 GB partition, install win8.1/10 pro or enterprise
    • boot setup again, install a second windows into another 20 GB partition.
    • boot one of those, encrypt it, reboot
    • when starting, select the OS you just encrypted and confirm that your password/PIN works, then restart
    • boot the other OS by selecting F11 at the Bitlocker prompt, encrypt it using a different password/PIN of course, reboot. Done, both are bootable, one is the default option, the other is reachable via F11, Bitlocker works for both without any issues!


    Thursday, July 20, 2017 6:51 PM
  • Hi AmaMar,

    Haven't received your message a few days, was your issue resolved?
    I am proposing previous helpful replies as "Answered". Please feel free to try it and let me know the result. If the reply is helpful, please remember to mark it as answer which can help other community members who have same questions and find the helpful reply quickly.
    Best regards,
    Carl


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 27, 2017 8:12 AM
    Moderator
  • Hi AmaMar,

    Any update?


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 2, 2017 2:46 AM
    Moderator