We have started to use Bitlocker to Go on our USB-sticks, and the rules are set by GPO:s.
We would like our users to be able to use the sticks ouside our network.
External people should be able to read and copy data from it, but not copy TO the stick.
This works fine, but when we are connecting the sticks again to our computers it says the following message:
"Because BitLocker was enabled on this drive on a computer outside of your company, your system administrator has blocked you from saving files on it. To save files on this drive, turn BitLocker off and then back on again."
Then we cant use it until we have formated and encrypted the stick again.
Should it be possible to us it in readonly mode outside the company without messing up the stick?
This is very interesting use of bitlocker, bitlocker is designed and used to encrypt files to protect your data. Here is a link that describes bitlocker to go and its functionality: http://windows.microsoft.com/en-US/windows7/what-is-the-bitlocker-to-go-reader. It is not designed to make files data readonly.
Mark D. Albin IT Master Services www.itmasterservice.com (775) 229-4254
I'm having the same problem at my work with Bitlocker on USB drives. I'm not interested in making the drive read online outside of our network, but was wondering if you found a solution so the drive does not have to be re-encrypted to use it on the internal network?
can you unlock a BTG drive and run this command.
>manage-bde -status G:
If your admin has set the Identification field bit in BitLocker GPO, then we will only people to write who meet have the same identification field on their sticks to write to it.
If not, then expected behavior is:
You encrypt a BTG stick on Win7 machine with atleast password as a protector.
User takes the BTG stick on a different computer and we ask to unlock the drive using password to R + W to it.
if machine on other company computer is WinXP or Vista, then we give only read access to the BTG stick.
if it is Win7, then you get R+W access.
So if the other customer also is using GPOs for BitLocker (win7) with identification field set, they we will not allow to copy any data from their machines to this BTG stick, although this sti.ck is bitlocker encrypted.
I hope this helps