Questions tagged [bitlocker]
Microsoft Windows technology for full disk(volume) encryption.
144
questions
31
votes
2
answers
21k
views
How do you check if a hard drive was encrypted with software or hardware when using BitLocker?
Due to the recent security findings in that probably most SSDs implement encryption in a completely naive and broken way, I want to check which of my BitLocker machines are using hardware encryption ...
15
votes
3
answers
71k
views
How do I set the BitLocker PIN?
I am running Windows 7 RTM and have both physical drives BitLockered. Because my machine has a TPM it will boot all very nicely when I turn it on. But my employers would prefer if I was challenged for ...
10
votes
2
answers
20k
views
How to enable BitLocker with no prompts to the end user
I have configured BitLocker and TPM settings in Group Policy such that all the options are set and the recovery keys stored in Active Directory. All our machines are running Windows 7 with a standard ...
9
votes
2
answers
21k
views
TPM had to be reintialized: Does a new recovery password have to be uploaded to AD?
Some way some how, a user's machine couldn't get read the bitlocker password off of the TPM chip, and I had to enter the recovery key (stored in AD) to get in. No big deal, but once in the machine, I ...
8
votes
1
answer
2k
views
BitLocker with Windows DPAPI Encryption Key Management
We have a need to enforce resting encryption on an iSCSI LUN that is accessible from within a Hyper-V virtual machine.
We have implementing a working solution using BitLocker, using Windows Server ...
7
votes
3
answers
2k
views
Is it possible to stop computers which aren't Bitlocker encrypted logging in?
Is it possible to somehow (startup script?) stop any unencrypted computers from being able to connect to the domain?
Environment:
Windows Active directory, 1000-ish computers, mostly bitlocker ...
7
votes
2
answers
11k
views
Cloning a bitlocker encrypted disk
Our company's had its laptops for just over 2 years now and they have all become slow and many of them have had their harddisks dying randomly lately. I noticed that many of my colleagues use a tilted ...
7
votes
2
answers
5k
views
BitLocker Setup requires the drive file system to be NTFS
We are running a new Windows 2008 R2 Server on Dell PowerEdge R620 Hardware.
I am trying to enable BitLocker Encryption on the C Drive, I have already enabled the TPM from the BIOS.
During the ...
6
votes
9
answers
2k
views
Recommended drive encryption solution
I will soon be purchasing a number of laptops running Windows 7 for our mobile staff. Due to the nature of our business I will need drive encryption. Windows BitLocker seems the obvious choice, but it ...
6
votes
1
answer
2k
views
Can I recover a bitlocker encrypted drive offline?
Windows 10, server 2012 R2 domain
I'm confused about the options for recovering a bitlocker encrypted drive offline.
Lets say I'm encrypting the HDDs of domain computers with bitlocker using TPM (...
5
votes
2
answers
700
views
Windows Server 2008 BitLocker
I would like to configure whole disk encryption on all of my Domain Controllers. Is BitLocker an acceptable method to do this? What are the potential problems with whole disk encryption on a Domain ...
5
votes
1
answer
1k
views
BitLocker on Hyper-V Server 2019 - Failed - The system cannot find the file specified
To start with, I want to be clear that this is on "Hyper-V Server 2019" (free headless hypervisor) and not "Windows Server 2019" with the Hyper-V role installed.
I've been banging ...
5
votes
1
answer
4k
views
How do I fix a non-starting "Microsoft Key Distribution Service"? (not to be confused with Kerberos KDS)
The Microsoft Key Distribution Service is not starting on my DC (kdssvc.dll) and when I look at the event log under Microsoft\Kdssvc, I see the events:
Event ID 4001
Group Key Distribution ...
4
votes
3
answers
10k
views
What backup strategies to use with Bitlocker?
I'm looking at using Bitlocker on a new laptop. I have been using Acronis for full image backups; it would take me way too much time to reinstall and configure from scratch in the event of a stolen ...
4
votes
1
answer
2k
views
How to securely encrypt Hyper-V VMs in Failover Cluster
Having TPM 1.2 installed on 2x Dell x730, what options to encrypt user and network data in Failover Cluster?
I see Windows Server 2016 allows to passthrough the TPM to the VM. https://charbelnemnom....
4
votes
1
answer
762
views
Dell PowerEdge Server BitLocker Hotswap Hard disks
We have a Windows 2008 R2 Server running on a Dell PowerEdge R310 Server with Bitlocker enabled. There are two physical Hard disks configured as RAID 1. One of the disks recently started having an ...
4
votes
2
answers
20k
views
Can bitlocker be used in the guest OS of HyperV Windows VM?
We are studying the possibility of using BitLocker inside the guest OS of VM (i.e. not the parent OS on the VM host). We have both Win2008R2 VM and Win2012(not R2) VM.
And we found this link:
https://...
4
votes
3
answers
2k
views
BitLocker with TPM but no startup PIN concerns my users - what should I tell them?
My infrastructue uses BitLocker encrypted drives with TPM but no start up PIN. Recovery keys are stored in the AD. A few of my users are worried that no startup PIN is insecure as to the old WinMagic ...
4
votes
2
answers
1k
views
What is the WMI class to manage BitLockerToGo
I am working on a script that will be used to audit some machines. I can check whether or not volumes are encrypted using the Win32_EncryptableVolume class in root\cimv2\Security\EncryptableVolume. ...
4
votes
1
answer
3k
views
unlock-bde application not found error prevalent in Windows 8
I have encrypted a drive with BitLocker in Windows 8 Pro, but the drive will not auto-unlock. I can manually unlock the drive from BitLocker in the Control Panel. However from Windows Explorer, I ...
4
votes
0
answers
131
views
Bitlocker - mainboard exchange won't require recovery password - why?
A mainboard died. It was exchanged for the same board type (same bios and config, as well, also a new CPU but of the same type).
The hard drive is encrypted with bitlocker (on Win10 Pro v1903) and I ...
3
votes
3
answers
843
views
How can I prevent the compromise of a Domain Controller on ESX stored in a unsecured location?
A client of ours has a DC that will be located in an insecure location. RODCs and separate domains/forests are not permitted by management.
All the servers will be located on a VMWare ESX server.
I'...
3
votes
1
answer
16k
views
How do I identify which bitlocker protector is active?
BitLockerVolume -MountPoint C).KeyProtector I see multiple RecoveryPassword key protectors, how do I know which one is active?
If I pull the HDD and plug it into another machine its going to ask me ...
3
votes
1
answer
5k
views
Double Bitlocker Recovery Tab in Active Directory
I've strange issue with double bitlocker tab having exactly same look. Any idea how I can remove one?
3
votes
5
answers
16k
views
How do I add bitlocker support commands to winpe?
Tried following this tutorial https://4sysops.com/archives/unlock-bitlocker-under-windows-pe/
But when I boot up my winpe image and try to run manage-bde I can "manage-bde is not recognized..."
Here ...
3
votes
2
answers
3k
views
Security of BitLocker with no PIN from WinPE?
Say you have a computer with the system drive encrypted by BitLocker and you're not using a PIN so the computer will boot up unattended. What happens if an attacker boots the system up into the ...
3
votes
1
answer
1k
views
Wiping Bitlocker Drive Key Sector
I have a 4TB drive that has been bitlocker encrypted (via password) since day one and want to wipe it before I sell it used. The process looks like it's going to take 100+ hours via nwipe but I was ...
3
votes
1
answer
6k
views
Is it safe to delete old bitlocker keys from AD
So I have a bunch of old bitlocker keys stored with some computer accounts (the msFVE-RecoveryInformation attribute):
Bitlocker has re-run multiple times and every time it re-encrypts it generates ...
3
votes
2
answers
3k
views
Certificate expiration does not match validity period in template (Windows CA)
I'm trying to request a new Bitlocker DRA certificate from my internal CA. The template is set to two years, as shown here Template
I'm trying to request a new certificate via the Certificates MMC ...
3
votes
2
answers
1k
views
Protect mounted Bitlocker drive from other users
I have a Windows Server 2012 machine where I have created a VHD disk that is stored on my Desktop. That disk is encrypted by Bitlocker. However when I mount the disk and enter the encryption password, ...
3
votes
1
answer
12k
views
Is there any difference between BitLocker's recovery key file and numerical password?
Is there any difference between a BitLocker recovery key file and numerical password that would negatively impact my ability to unlock the drive in a disaster scenario?
I frequently encrypt USB hard ...
3
votes
2
answers
6k
views
Verify who has Bitlocker key backed up via PowerShell?
We currently use Bitlocker on our laptops here at work. The helpdesk are responsible for backing the Bitlocker key up to AD when they build the system. We ran into an issue recently where a user had ...
3
votes
2
answers
6k
views
Reason for TPM lockout
We have several Surface Pro 3 devices deployed with BitLocker enabled in TPM + PIN mode. The devices have a TPM 2.0 chip and are running Windows 8.1 Pro.
We have an issue where users are occasionally ...
3
votes
2
answers
12k
views
Windows Active Directory Bitlocker deployment
I am experimenting with bitlocker deployment via AD at work. Have googled all over the internet, but the most useful reference seems to be:
http://technet.microsoft.com/en-us/library/cc766015(v=ws....
3
votes
4
answers
5k
views
How useful is Bitlocker without a TPM?
When you install Bitlocker on a system without a TPM you need to put the startup key on a flash drive.
Since you can hardly expect the user to store his notebook and flash drive separately, would ...
3
votes
1
answer
3k
views
Enable-Bitlocker -TpmProtector via GPO does not work (0x80070522)
I am trying to automate the bitlocker in our corporate environment.
I have written a script which enables the bitlocker and it works fine if I run it manually, but whenever I implement it via GPO (...
3
votes
1
answer
2k
views
Automatic unlock bitlocker to go (usb stick) on domain computer
Is there a way to automatically unlock bitlocker encrypted USB sticks on windows computers that are domain joined (8.1 Enterprise)? (e.g., based on the "BitLocker identification Field"?)
The scenario ...
3
votes
1
answer
2k
views
Bitlocker device name change
When imaging our PCs we generally create a temp name for our facilities to change the device name to whatever particular department fits their needs. The issue is we can't send out any devices without ...
2
votes
3
answers
3k
views
Bitlocker Auto-Unlock
Can anyone comment on how the auto-unlock feature of bitlocker works. Specifically what I would like to know is how the the unlock key is encrypted and stored and when the unlock process takes place.
...
2
votes
2
answers
2k
views
BitLocker - No TPM & No Flash Drive
I have done some research on using BitLocker in an environment where the machines do not have a TPM and it appears you will need to utilize a Flash Drive for it to work properly. This seems to be the ...
2
votes
2
answers
2k
views
Bitlocker - "Recovery information was successfully backed up to Active Directory", but not really?
I have a device that needs to have its' bitlocker recovery backup up to AD for visibility in the "Bitlocker Recovery" tab of the object in Active Directory.
I found that the device only had a TPM ...
2
votes
1
answer
1k
views
how do I view current tpm owner in windows?
How do I see if a TPM owner has already been set? All see are examples of how to clear the TPM, reset owner password, change owner. I just want to see if the owner is set and possibly who it is set to....
2
votes
2
answers
1k
views
Checking which PCR triggered for BitLocker recovery
We have an MBAM server and tested policies which work normally for nearly every machine we've migrated. Though, I have seen 3 systems now that prompt for a recovery key instead of the users PIN. ...
2
votes
1
answer
504
views
Hyper-V Guest data encryption
I have a new requirement to encrypt the data inside an sql database while it is at rest.
So far I've looked at Bitlocker (see below), and other commercial products (I won't name because I'm not ...
2
votes
1
answer
9k
views
How can I input password to manage-bde -pw option via windows powershell
I am trying to encrypt Data volume (for example E:) with the following command:
manage-bde -protectors -add E: -pw
When I execute the above command, it will ask for the password, so I entered it. It ...
2
votes
1
answer
282
views
Bitlocker whole disk encryption on second (non-boot) drive
I'm working on a project where I need to encrypt only the data drive on a machine and I don't want there to be any user interaction at the console on boot. These systems will be running at remote ...
2
votes
1
answer
252
views
Is my plan for Bitlocker deployment missing anything?
1.) Confirm that TPM is activated in the BIOS of all workstations.
- All of these workstations are using Windows 10 Pro, which I believe automatically activates the TPM chip when the OS is installed ...
2
votes
1
answer
2k
views
Windows encrypted software raid
Is it possible to have (preferrably with Windows-on-board tools of Windows Server 2012 R2 and Windows Server 2016) to have a software raid mirror on 2 encrypted disks? (Locally preferred.)
From what ...
2
votes
1
answer
5k
views
Encrypting mapped network drives in Windows
I have Win Server 2012 and the drives of one of the HDDs connected to it are mapped as network drives in a Windows 10 client. If I encrypt those drives using bitlocker with the user account on the ...
2
votes
1
answer
7k
views
Bitlocker Drive cannot save files on this drive [closed]
I have a freshly installed Windows 2008 R2 Server with a C drive containing the operating system and d drive as a normal data drive. Ive turned on encryption on the d drive using Bitlocker. The ...