question

MalloryAnderson-9646 avatar image
0 Votes"
MalloryAnderson-9646 asked PercivalYang-MSFT commented

Bitlocker Technical Questions

Hello,

I have some questions about BitLocker:

  1. If a drive has BitLocker Encryption, but it is not enabled, and the drives are then duped using a drive duper, is there any risk to the data on the drive or does that only ensue once BitLocker is enabled on a specific hardware chassis?

  2. To duplicate a drive, it appears you must unlock/disable/decrypt before duping. If you have a drive with BitLocker encryption not enabled, can you use that drive to dupe over a drive that is BitLocker enabled, or will it brick the drive?

  3. How are the keys associated? Does it come once the drive is associated to the TPM module in the chassis, or is it based on the drive itself?


windows-10-security
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
@Mallory Anderson
Just checking in to see if the information provided was helpful.

If the reply helped you, please remember to mark it as an answer.
If no, please reply and tell us the current situation in order to provide further help.

0 Votes 0 ·

1 Answer

PercivalYang-MSFT avatar image
0 Votes"
PercivalYang-MSFT answered PercivalYang-MSFT commented

Hi,
Before we go. You should pay attention to many things before using bitlocker, you should backup any important data before performing experiment.

If not enabled means you haven’t turn bitlocker on, certainly there is no risk doing question 1&2.

If not enabled means bitlocker is being disabled which appears automatically unlock each time but still under encryption.
As to question 1:
No need to worry data only if have recovery key, but we suggest you to decrypt the disk and do the duplication, any accidents during duping will lead to serious outcome.

As to question 2:
You mean that duplicate an encrypted disk to another encrypted disk (status: disabled)
It’s risky and we don’t suggest this operation especially using third party tool, to use native Microsoft backup tool requires decrypting target Disk at first, then select the disk to store the backup,

As to question 3:
It depends on whether your Device has TPM and how your GPO is configured. Here‘s GPO location:
Search→edit group policy→Computer Configuration→Administrative Template→Windows Components→Bitlocker Drive Encryption.

Hope above information can help you.

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi!

Thank you!

For question 2, it would be taking a no encrypted drive and duping over an encrypted drive. I need to know if that will work.

The reason for question three is there is talk of encrypting with bitlocker, duping to the other drives, and having one key. I believe this to be highly suspect, and need confirmation that this is not the case; that each asset would require its own key for encryption/decryption.

0 Votes 0 ·

Hi
Bitlocker encrypts the drive, Once you unlock/disable/decrypt the drive, you can do file copy in (automatically encrypt) or copy&paste out (without encrypting)
Since you are using third party tool to dupe the drive, I can not guarantee but it's high likely inherit the bitlocker. Duplicate an encrypted drive to a no encrypted drive will possibly trigger recovery mode, Recovery Key is with the drive. For example, if you connect your encrypted drive to another Device(PC). it will trigger the recovery mode, Use recovery key in your Microsoft can resolve this issue



0 Votes 0 ·