Solved

Bitlocker to go - blocking devices

Posted on 2016-10-20
2
236 Views
Last Modified: 2016-10-24
I am using Windows 7 Enterprise globally in my enterprise and Windows Server 2012 managing via AD and GPO's.
I want to enable Bitlocker to go to ensure portable storage devices are encrypted on usage.
Will enabling Bitlocker to go block other USB device port access?
We use USB keyboards and USB Mice and also USB Bluetooth receivers for wireless keyboards and mice.
Will Bitlocker to go require these to be encrypted also - I suspect so?
Any information appreciated.
0
Comment
Question by:fsaiexpert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 55

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 41852337
No, other non-storage devices are not affected.
I can offer an article of mine about a neat concept (which however would require windows 8.x or windows 10 on the client side): https://www.experts-exchange.com/articles/25879/A-new-aspect-to-securing-USB-data-SID-protectors.html
0
 
LVL 64

Accepted Solution

by:
btan earned 250 total points
ID: 41852371
1) BitLocker To Go does not block other USB device port access. But there is GPO that restricts a user from writing to a USB device unless the device is encrypted with BitLocker To Go. The following policy settings are used to control how users can access drives and how they can use BitLocker on their computers. https://technet.microsoft.com/en-us/library/jj679890(v=ws.11).aspx

Deny write access to fixed drives not protected by BitLocker
- This policy setting is used to require encryption of fixed drives prior to granting Write access.

Deny write access to removable drives not protected by BitLocker
- This policy setting is used to require that removable drives are encrypted prior to granting Write access, and to control whether BitLocker-protected removable drives that were configured in another organization can be opened with Write access.

Control use of BitLocker on removable drives
- This policy setting is used to prevent users from turning BitLocker on or off on removable data drives.

2) Bitlocker To Go does policy not affect USB that is not removable drive unless the USB keyboards and USB Mice and also USB Bluetooth receivers has storage and the OS ill then treat it as removable media.

There are other means that can block the USB storage devices but the usb mouse, keyboard etc will remain enabled - see the various means via Registry and GPO
https://social.technet.microsoft.com/Forums/windowsserver/en-US/4f135025-9870-4f43-aff5-f5ccc8b40220/block-usb-drive-via-group-policy-but-keyboard-mouse-printers-and-usb-datacard-work?forum=winserverGP&prof=required
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question