Loss of Shares on BitLocker Encrypted Data Volume
Posted on 2008-06-20
I have a problem that I can't find an answer for at MS yet. Possibly because Server 2008 is too new?
We have a server with BitLocker installed. The OS drive is not encrypted, but we used manage-bde to encrypt our second Data Volume D: (due to government client project requirements). We're not in production yet, so I have some room to play. Currently we manually unlock the D: drive using a script that calls manage-bde and feeds it the Encryption key file.
We access programs and files from this server using an SMB Share. If the server needs to be rebooted, upon reboot, login and unlocking D:, the SMB share disappears. We have to recreate it manually. This is not a good situation since we need the share accessible should the server reboot overnight (we have overnight processes that run and would need to access the files on the share).
I haven't gone as far as testing Autounlock because I am reluctant to encrypt the OS volume right now. But I did put the Unlock script in the Startup Scripts via local Group Policy and while it works, the share still disappears and has to be recreated.
One interesting thing is that when I recreate the share, the original share permissions are automatically filled in.
So the question here is, is it possible to have shares on a BitLocker encrypted drive that remain after a reboot? Would the Autounlock (with an encrypted OS volume) work different than the Unlock script as a Startup Script such that the Shares are retained?
This is an important issue for us and a very annoying problem.