Bitlocker to go - blocking devices

I am using Windows 7 Enterprise globally in my enterprise and Windows Server 2012 managing via AD and GPO's.
I want to enable Bitlocker to go to ensure portable storage devices are encrypted on usage.
Will enabling Bitlocker to go block other USB device port access?
We use USB keyboards and USB Mice and also USB Bluetooth receivers for wireless keyboards and mice.
Will Bitlocker to go require these to be encrypted also - I suspect so?
Any information appreciated.
fsaiexpertFSAI ExpertAsked:
Who is Participating?
 
btanExec ConsultantCommented:
1) BitLocker To Go does not block other USB device port access. But there is GPO that restricts a user from writing to a USB device unless the device is encrypted with BitLocker To Go. The following policy settings are used to control how users can access drives and how they can use BitLocker on their computers. https://technet.microsoft.com/en-us/library/jj679890(v=ws.11).aspx

Deny write access to fixed drives not protected by BitLocker
- This policy setting is used to require encryption of fixed drives prior to granting Write access.

Deny write access to removable drives not protected by BitLocker
- This policy setting is used to require that removable drives are encrypted prior to granting Write access, and to control whether BitLocker-protected removable drives that were configured in another organization can be opened with Write access.

Control use of BitLocker on removable drives
- This policy setting is used to prevent users from turning BitLocker on or off on removable data drives.

2) Bitlocker To Go does policy not affect USB that is not removable drive unless the USB keyboards and USB Mice and also USB Bluetooth receivers has storage and the OS ill then treat it as removable media.

There are other means that can block the USB storage devices but the usb mouse, keyboard etc will remain enabled - see the various means via Registry and GPO
https://social.technet.microsoft.com/Forums/windowsserver/en-US/4f135025-9870-4f43-aff5-f5ccc8b40220/block-usb-drive-via-group-policy-but-keyboard-mouse-printers-and-usb-datacard-work?forum=winserverGP&prof=required
0
 
McKnifeCommented:
No, other non-storage devices are not affected.
I can offer an article of mine about a neat concept (which however would require windows 8.x or windows 10 on the client side): https://www.experts-exchange.com/articles/25879/A-new-aspect-to-securing-USB-data-SID-protectors.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.