Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Bitlocker to go - blocking devices

Posted on 2016-10-20
2
Medium Priority
?
321 Views
Last Modified: 2016-10-24
I am using Windows 7 Enterprise globally in my enterprise and Windows Server 2012 managing via AD and GPO's.
I want to enable Bitlocker to go to ensure portable storage devices are encrypted on usage.
Will enabling Bitlocker to go block other USB device port access?
We use USB keyboards and USB Mice and also USB Bluetooth receivers for wireless keyboards and mice.
Will Bitlocker to go require these to be encrypted also - I suspect so?
Any information appreciated.
0
Comment
Question by:fsaiexpert
2 Comments
 
LVL 57

Assisted Solution

by:McKnife
McKnife earned 1000 total points
ID: 41852337
No, other non-storage devices are not affected.
I can offer an article of mine about a neat concept (which however would require windows 8.x or windows 10 on the client side): https://www.experts-exchange.com/articles/25879/A-new-aspect-to-securing-USB-data-SID-protectors.html
0
 
LVL 65

Accepted Solution

by:
btan earned 1000 total points
ID: 41852371
1) BitLocker To Go does not block other USB device port access. But there is GPO that restricts a user from writing to a USB device unless the device is encrypted with BitLocker To Go. The following policy settings are used to control how users can access drives and how they can use BitLocker on their computers. https://technet.microsoft.com/en-us/library/jj679890(v=ws.11).aspx

Deny write access to fixed drives not protected by BitLocker
- This policy setting is used to require encryption of fixed drives prior to granting Write access.

Deny write access to removable drives not protected by BitLocker
- This policy setting is used to require that removable drives are encrypted prior to granting Write access, and to control whether BitLocker-protected removable drives that were configured in another organization can be opened with Write access.

Control use of BitLocker on removable drives
- This policy setting is used to prevent users from turning BitLocker on or off on removable data drives.

2) Bitlocker To Go does policy not affect USB that is not removable drive unless the USB keyboards and USB Mice and also USB Bluetooth receivers has storage and the OS ill then treat it as removable media.

There are other means that can block the USB storage devices but the usb mouse, keyboard etc will remain enabled - see the various means via Registry and GPO
https://social.technet.microsoft.com/Forums/windowsserver/en-US/4f135025-9870-4f43-aff5-f5ccc8b40220/block-usb-drive-via-group-policy-but-keyboard-mouse-printers-and-usb-datacard-work?forum=winserverGP&prof=required
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question