ITPOL
asked on
Microsoft Bitlocker auto-unlock removable drive
Hi,
I am trying to setup bitlocker on some removable USB drives so that I can run backups to them.
I want the drives to automatically unlock when they are inserted without having to type in the password each time.
I have previously managed to set this up in a test environment, but that's been scrapped a long time ago, so I cant remember how I managed to do it.
Bit more info;
The drives are already encrypted, but when I insert the drive it is locked, so if I enter the password, it unlocks it in ready-only mode. If I use the recovery key, it unlocks it correctly, but doesn't auto-unlock it next time I insert the drive (even if I select automatically unlock)
cheers
I am trying to setup bitlocker on some removable USB drives so that I can run backups to them.
I want the drives to automatically unlock when they are inserted without having to type in the password each time.
I have previously managed to set this up in a test environment, but that's been scrapped a long time ago, so I cant remember how I managed to do it.
Bit more info;
The drives are already encrypted, but when I insert the drive it is locked, so if I enter the password, it unlocks it in ready-only mode. If I use the recovery key, it unlocks it correctly, but doesn't auto-unlock it next time I insert the drive (even if I select automatically unlock)
cheers
ASKER
Apologies; its Windows Server 2008 R2 Sp1. Fully patched.
and yes it is reproducible; I have two servers setup identically, 5 USB disks all encrypted for each server, and I get the same symptoms on each server.
The plan is for the disks to be rotated daily, but I want them to auto-unlock so that the backup can run without user intervention.
These servers are not yet in production so the disk drives so not yet contain any data.
bitlocker-error.PNG
and yes it is reproducible; I have two servers setup identically, 5 USB disks all encrypted for each server, and I get the same symptoms on each server.
The plan is for the disks to be rotated daily, but I want them to auto-unlock so that the backup can run without user intervention.
These servers are not yet in production so the disk drives so not yet contain any data.
bitlocker-error.PNG
ASKER
Also, my servers don't have a TPM as far as I can tell, and I haven't got any of the fixed drives encrypted.
There are no group policy settings being applied either...
There are no group policy settings being applied either...
> I want them to auto-unlock so that the backup can run without user intervention.
Why not script that? I am not sure, but I would try manage-bde.exe /? to see your options.
Why not script that? I am not sure, but I would try manage-bde.exe /? to see your options.
ASKER
Yeah I was keeping that as a backup solution to be honest. Im certain that will allow me to work the way I want, but I still want to know what I'm doing wrong. I feel I've got a mis-configuration somewhere, or I have misunderstood what I have read.
ASKER
Just made a discovery; If I have the USB key plugged in that I saved the recovery keys to when I encrypted the drives, they unlock successfully.
Going to try moving them next...
Going to try moving them next...
ASKER
That was a red herring. Nothing to do with the USB key. It turns out that the drives on server 1 unlock automatically, exactly as I want.
The drives on server 2 do not.
The servers were built the same, I am logging on with the same user, they sit in the same OUs, RSOP shows the same policies being applied, nothing in the "\Windows Components\Bitlocker" section.
When I run a Manage-bde -status against the drives on either side, they look exactly the same.
Ahhhhhhh,
The drives on server 2 do not.
The servers were built the same, I am logging on with the same user, they sit in the same OUs, RSOP shows the same policies being applied, nothing in the "\Windows Components\Bitlocker" section.
When I run a Manage-bde -status against the drives on either side, they look exactly the same.
Ahhhhhhh,
Sorry, no insight here, neither.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Please finalize it, this question is growing old :)
ASKER
finalized
Please tell us what OS and service pack you are using.
Is this reproducible on other computers with the same OS/servicepack?
Then: please be careful with backups on encrypted media. At least double those.