Solved

Bitlocker to go - blocking devices

Posted on 2016-10-20
2
180 Views
Last Modified: 2016-10-24
I am using Windows 7 Enterprise globally in my enterprise and Windows Server 2012 managing via AD and GPO's.
I want to enable Bitlocker to go to ensure portable storage devices are encrypted on usage.
Will enabling Bitlocker to go block other USB device port access?
We use USB keyboards and USB Mice and also USB Bluetooth receivers for wireless keyboards and mice.
Will Bitlocker to go require these to be encrypted also - I suspect so?
Any information appreciated.
0
Comment
Question by:fsaiexpert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 41852337
No, other non-storage devices are not affected.
I can offer an article of mine about a neat concept (which however would require windows 8.x or windows 10 on the client side): https://www.experts-exchange.com/articles/25879/A-new-aspect-to-securing-USB-data-SID-protectors.html
0
 
LVL 63

Accepted Solution

by:
btan earned 250 total points
ID: 41852371
1) BitLocker To Go does not block other USB device port access. But there is GPO that restricts a user from writing to a USB device unless the device is encrypted with BitLocker To Go. The following policy settings are used to control how users can access drives and how they can use BitLocker on their computers. https://technet.microsoft.com/en-us/library/jj679890(v=ws.11).aspx

Deny write access to fixed drives not protected by BitLocker
- This policy setting is used to require encryption of fixed drives prior to granting Write access.

Deny write access to removable drives not protected by BitLocker
- This policy setting is used to require that removable drives are encrypted prior to granting Write access, and to control whether BitLocker-protected removable drives that were configured in another organization can be opened with Write access.

Control use of BitLocker on removable drives
- This policy setting is used to prevent users from turning BitLocker on or off on removable data drives.

2) Bitlocker To Go does policy not affect USB that is not removable drive unless the USB keyboards and USB Mice and also USB Bluetooth receivers has storage and the OS ill then treat it as removable media.

There are other means that can block the USB storage devices but the usb mouse, keyboard etc will remain enabled - see the various means via Registry and GPO
https://social.technet.microsoft.com/Forums/windowsserver/en-US/4f135025-9870-4f43-aff5-f5ccc8b40220/block-usb-drive-via-group-policy-but-keyboard-mouse-printers-and-usb-datacard-work?forum=winserverGP&prof=required
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question