Solved

Bitlocker on Administrative Shares

Posted on 2013-01-23
5
998 Views
Last Modified: 2013-02-18
I have a win8 workstation that is not domain enabled. The only hard disk on it is bitlocker enabled with TPM. Is it correct that any other machines will not be able to access the Administrative Shares of this workstation?

Not even the Domain Administrator on which this workstation is connected to?
0
Comment
Question by:frukeus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 54

Expert Comment

by:McKnife
ID: 38809963
Hi.

The encryption Bitlocker does not protect the drive when the key is entered and the drive is mounted, so the answer is "no".
0
 
LVL 1

Author Comment

by:frukeus
ID: 38812861
But this is not an external drive....it is the system drive.

I can understand that when an external drive is connected and key entered, the entire drive is visible to the connected machine. But Bitlocker should protect a system drive from remote access via admin shares since the remote system has no way of entering a key, rite?
0
 
LVL 54

Accepted Solution

by:
McKnife earned 500 total points
ID: 38816682
No, not correct, sorry. Bitlocker does not do anything to protect from against unwanted network access.
Whenever your system starts, c: is mounted after you enter the PIN (if you use a PIN together with your TPM... you should). After it's mounted and windows has booted, the server service shares the shared folders. If we let alone default settings in win7, c: would not be shared, there would be no c$. Only after setting the registry key LocalAccountTokenFilterPolicy (see http://helgeklein.com/blog/2011/08/access-denied-trying-to-connect-to-administrative-shares-on-windows-7/ ), it would be shared and accessible.
No Bitlocker involved.
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 38903973
I've requested that this question be closed as follows:

Accepted answer: 500 points for McKnife's comment #a38816682

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Create Professional Looking Email Signatures

Create "Professional HTML Email Signatures" with ease.
7 Day Money Back Guarantee if not 100% Satisfied.
Affordable - Try it out for 7 Days Totally Risk Free.
Installers provided for over 45 Email clients.
Both Windows & MAC Supported.
Highly Recommended!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
A quick guide on how to use Group Policy to create a custom power plan and set it active on Windows 7.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question