• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 528
  • Last Modified:

Pitfalls by using bitlocker on an O/S

Has anyone run across any issues/pitfalls using bitlocker on the O/S.  Data corruption/blue screen/compatibility issues/etc....
I know there is no issues on peripherals but don't think it would be so faultless on the actual o/s
0
nomaadic
Asked:
nomaadic
1 Solution
 
btanExec ConsultantCommented:
Some that I can think off
- Key mgmt for recovery of HDD in the event that typically will be connected to backend AD. If the recovery key is lost and user forget or loses his USB key, then the recovery would not be trivial
- If Bitlocker is tied to the TPM, it is binded to machine, so cloning of machine to machine will not be possible to ease mass deployment
- Even during migration to new machine or OS, you may have to temporary disarm Bitlocker which it create a temp key w/o needing user interaction. This may have a short window of exposure
- You cannot use Group Policy to enforce BitLocker PIN rules.
- BitLocker currently does not support smart cards for pre-boot authentication.
- Support for computers that use Extended Firmware Interface (EFI)-based system firmware is planned for Windows Server 2008, but it is not currently supported in Windows Vista.
- Bitlocker creates a  system volume partition (~1.5 Gbytes, on top of another for the OS) to store its startup codes and if machine with recovery partition (for auto revert), have to make sure it is compatible. Ideally there should not be hosting those partition to avoid conflict in bootup if any.
- Bitlocker required  BIOS setting to start up first from the hard drive, not the USB or CD drives.


This FAQ can be useful @ http://technet.microsoft.com/en-us/library/cc766200(WS.10).aspx 
0
 
nomaadicAuthor Commented:
Thanks
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now