mjgardne
asked on
Win32 OpenEncryptedFileRaw() fails for BITLOCKER under Windows 7.
Hello,
I have a Win7 Ultimate development computer. The application is running elevated by an Administrator. We have the SEBACKUPNAME token. The code works under Vista and WinXP, but not under Win7.
To ensure that my code, which performs backups and restores of NTFS encrypted files, is working properly under Win7, I created an encrypted drive and placed a few files on it. Without unlocking the encrypted drive by entering my password, I ran my application which simply tries to successfully OpenEncryptedFileRaw(). The code works perfectly under WinXP and Vista, but it fails under Win7. When I try to OpenEncryptedFileRaw() on a file on the encrypted drive without opening the drive with our password, I receive the following error:
Error Code: 0x80310000
Error Msg: This drive is locked by BitLocker Drive Encryption. You must unlock this drive from Control Panel.
Since our code is a backup and restore utility, it must be able to backup encrypted files without knowing the encryption password. We should be able to use the OpenEncryptedFileRaw(), ReadEncryptedFileRaw(), WriteEncryptedFileRaw(), and CloseEncryptedFile() functions, but they never work under Win7 even with the simplest test program. One strange thing that I noticed is that when OpenEncryptedFileRaw() fails, we get a non-zero return code, which is correct, however GetLastError() always returns that the operation had successful completed... So... strange.
Anyway, I'd appreciate any help with this issue and I am wondering whether this is an error in Win7 or a "cockpit error" by me.
Thanks for your help,
Mike
I have a Win7 Ultimate development computer. The application is running elevated by an Administrator. We have the SEBACKUPNAME token. The code works under Vista and WinXP, but not under Win7.
To ensure that my code, which performs backups and restores of NTFS encrypted files, is working properly under Win7, I created an encrypted drive and placed a few files on it. Without unlocking the encrypted drive by entering my password, I ran my application which simply tries to successfully OpenEncryptedFileRaw(). The code works perfectly under WinXP and Vista, but it fails under Win7. When I try to OpenEncryptedFileRaw() on a file on the encrypted drive without opening the drive with our password, I receive the following error:
Error Code: 0x80310000
Error Msg: This drive is locked by BitLocker Drive Encryption. You must unlock this drive from Control Panel.
Since our code is a backup and restore utility, it must be able to backup encrypted files without knowing the encryption password. We should be able to use the OpenEncryptedFileRaw(), ReadEncryptedFileRaw(), WriteEncryptedFileRaw(), and CloseEncryptedFile() functions, but they never work under Win7 even with the simplest test program. One strange thing that I noticed is that when OpenEncryptedFileRaw() fails, we get a non-zero return code, which is correct, however GetLastError() always returns that the operation had successful completed... So... strange.
Anyway, I'd appreciate any help with this issue and I am wondering whether this is an error in Win7 or a "cockpit error" by me.
Thanks for your help,
Mike
ASKER
Hmmm... I may have found a part of the answer... I think that I have been confusing BitLocker with EFS... I assumed they were the same thing, but they are not... I found an article that compared the two technologies. My application was trying to access a BitLock'ed file whereas under Vista and WinXP, I was accessing and EFS file. If I try to access an EFS file under Win7, I will bet that it will work (I will verify tomorrow). BUT... The refined questions are the following: (1) How can I permit our backup and restore application to backup and restore encrypted files under BitLocker; and (2) How to tell whether BitLocker or EFS is being used for an encrypted file?
ASKER
Hmmm... I have not found anything specifically stating that VSS must be used to backup/restore a BitLocker volume, but it makes sense... Still searching for the answer...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER