Bitlocker Windows 10
A few months ago I was asked to install Bitlocker on a redundant set of backup computers using external USB hard drives for backup storage. I supposed the main purpose was to guard in case of physical theft.
I found that the drives, if unlocked, could be accessed over the network. I thought that a bit odd and not so desirable but nonetheless met the objectives of physical theft.
Now I find that the external drives, even when unlocked, can't be accessed over the network. This is causing some operational problems. So I'm wondering if something changed and how to provide selected access to those drives?
I found that the drives, if unlocked, could be accessed over the network. I thought that a bit odd and not so desirable but nonetheless met the objectives of physical theft.
Now I find that the external drives, even when unlocked, can't be accessed over the network. This is causing some operational problems. So I'm wondering if something changed and how to provide selected access to those drives?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I sometimes suspected that procrastination pays off! Thank you.
This isn't a case of the drive not being accessible. It is accessible from the local workstation. It is not accessible from any other over the network. This behavior is new after years of behaving well.
I also notice this when I look at who is connected:
I am connected from my workstation "fred"
I'd not noticed this information before. It seems to say that I'm logged in as a user named Guest and there is NO Guest.???
This isn't a case of the drive not being accessible. It is accessible from the local workstation. It is not accessible from any other over the network. This behavior is new after years of behaving well.
I also notice this when I look at who is connected:
I am connected from my workstation "fred"
I'd not noticed this information before. It seems to say that I'm logged in as a user named Guest and there is NO Guest.???
Did you understand what I said about the server service? Please restart it for a test: open services.msc, scroll down to "server", right click and choose restart it.
ASKER
Yes. Thank you. Right now the thing is rolling through setting permissions on that drive and it takes many hours over USB 2. That's something that needs to be changed. It's an older mini-tower with but single internal HD capacity. I guess USB 3 might also be an option and keep it external.
Also in Advanced Security for Local Disk (D:) which is the one I'm trying to fix access on:
I'm seeing:
Owner: Account Unknown(S-1 .............33399) Change
As I recall, I wasn't able to Change the ownership - which I suspect may have something to do with this as well?
OK. So I was able to change the ownership now.
Also in Advanced Security for Local Disk (D:) which is the one I'm trying to fix access on:
I'm seeing:
Owner: Account Unknown(S-1 .............33399) Change
As I recall, I wasn't able to Change the ownership - which I suspect may have something to do with this as well?
OK. So I was able to change the ownership now.
ASKER
There are two drives:
Internal boot hard drive C:
External backup hard drive D:
I can see into C: just fine across the network using Guest.
I can see into D: if I match the username/password for one of the workstation's Users at the client. An old tried and true method that I generally don't like to use.
I cannot see into D: otherwise from other computers. Only the local computer.
So, it *is* accessible but only under certain circumstances.
I restarted the Server service and that seems to have had no effect.
I read recently where Microsoft is getting rid of Guest. But I have no idea exactly what that means in terms of time and in terms of affect.
I think I can fairly well conclude that Guest is NOT working on D: on this computer for sharing files.
Internal boot hard drive C:
External backup hard drive D:
I can see into C: just fine across the network using Guest.
I can see into D: if I match the username/password for one of the workstation's Users at the client. An old tried and true method that I generally don't like to use.
I cannot see into D: otherwise from other computers. Only the local computer.
So, it *is* accessible but only under certain circumstances.
I restarted the Server service and that seems to have had no effect.
I read recently where Microsoft is getting rid of Guest. But I have no idea exactly what that means in terms of time and in terms of affect.
I think I can fairly well conclude that Guest is NOT working on D: on this computer for sharing files.
ASKER
I see that the Server service depends on Server SMB 2.xxx Driver - which I can't find.
And, srvnet - which I also can't find.
???
And, srvnet - which I also can't find.
???
It is accessible under certain conditions. Well, your problem is that you are not sure what account is used. Simply use net use command to connect to it like in
net use x: \\server\share /user:username password
net use x: \\server\share /user:username password
ASKER
How does one do that for Guest? That's where the failure is.
You input the username that should access the data. If at the target machine there is an account Fred, and Fred is allowed to acess the data, you should type
net use x: \\server\share /user:Fred FredsPassword
net use x: \\server\share /user:Fred FredsPassword
ASKER
Thank you McKnife.
Yes. I know how to access using passwords, etc.
The issue here is Guest.
Yes. I know how to access using passwords, etc.
The issue here is Guest.
Look, turn off simple file sharing on both computers and the guest account will not be used. I have no steps on how to do this ready as I am on a domain network, where this is off by default, but you can google it.
ASKER
Thanks for the reply.
That's exactly the approach I intend to use in the fullness of time.
The reasons for the delay are beyond the scope of today's quest.
Meantime, the group of users has been accessing via Guest just fine.
I only want to restore things for now.
That's exactly the approach I intend to use in the fullness of time.
The reasons for the delay are beyond the scope of today's quest.
Meantime, the group of users has been accessing via Guest just fine.
I only want to restore things for now.
If you unlock a drive after booting, the service called "server" is not able to share the drive in time. So you need to restart the service after unlocking and shares on the drive will be accessible.