Solved

Bitlocker to go - blocking devices

Posted on 2016-10-20
2
47 Views
Last Modified: 2016-10-24
I am using Windows 7 Enterprise globally in my enterprise and Windows Server 2012 managing via AD and GPO's.
I want to enable Bitlocker to go to ensure portable storage devices are encrypted on usage.
Will enabling Bitlocker to go block other USB device port access?
We use USB keyboards and USB Mice and also USB Bluetooth receivers for wireless keyboards and mice.
Will Bitlocker to go require these to be encrypted also - I suspect so?
Any information appreciated.
0
Comment
Question by:fsaiexpert
2 Comments
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 41852337
No, other non-storage devices are not affected.
I can offer an article of mine about a neat concept (which however would require windows 8.x or windows 10 on the client side): https://www.experts-exchange.com/articles/25879/A-new-aspect-to-securing-USB-data-SID-protectors.html
0
 
LVL 61

Accepted Solution

by:
btan earned 250 total points
ID: 41852371
1) BitLocker To Go does not block other USB device port access. But there is GPO that restricts a user from writing to a USB device unless the device is encrypted with BitLocker To Go. The following policy settings are used to control how users can access drives and how they can use BitLocker on their computers. https://technet.microsoft.com/en-us/library/jj679890(v=ws.11).aspx

Deny write access to fixed drives not protected by BitLocker
- This policy setting is used to require encryption of fixed drives prior to granting Write access.

Deny write access to removable drives not protected by BitLocker
- This policy setting is used to require that removable drives are encrypted prior to granting Write access, and to control whether BitLocker-protected removable drives that were configured in another organization can be opened with Write access.

Control use of BitLocker on removable drives
- This policy setting is used to prevent users from turning BitLocker on or off on removable data drives.

2) Bitlocker To Go does policy not affect USB that is not removable drive unless the USB keyboards and USB Mice and also USB Bluetooth receivers has storage and the OS ill then treat it as removable media.

There are other means that can block the USB storage devices but the usb mouse, keyboard etc will remain enabled - see the various means via Registry and GPO
https://social.technet.microsoft.com/Forums/windowsserver/en-US/4f135025-9870-4f43-aff5-f5ccc8b40220/block-usb-drive-via-group-policy-but-keyboard-mouse-printers-and-usb-datacard-work?forum=winserverGP&prof=required
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Resolve DNS query failed errors for Exchange
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now