1 But even if you just back up the data on your encrypted drive religiously – to the point where losing that drive completely and without warning would not be a disaster – then you’re safe. An image backup of the encrypted drive will backup everything. Backing up seems like a cure for just about anything, and here’s another case. There are two key elements to using BitLocker safely.īack up. It’s not uncommon, or even unreasonable, for organizations to insist that it be used to keep data secure. Using BitLocker safelyĪll that being said, BitLocker is pretty cool encryption technology, and people often want to use it. Even if you re-create an account with the same ID and password, it’s a different account, and will not work to access the data on the encrypted drive. That log-in account simply doesn’t exist anywhere but on the machine that performed the encryption in the first place. However, BitLocker encryption also invalidates one of the techniques to recover data from a hard drive salvaged from a damaged computer: connecting it to another computer.ĭecryption is tied to the log-in account that encrypted the data. On one hand, you’d say, sure, when a system fails, you expect to lose data. In fact, losing your log-in account for any reason whatsoever could be enough to lose access to your encrypted data. The problem is, your new account is not the account that set up the encryption – so it doesn’t have access to the encrypted data. The typical solution is to create a new account with a new profile to regain access to the machine. However, one of the things we do see in Windows from time to time is the “corrupt profile”. For various reasons, information associated with your account can become damaged such that you can’t log in. Normally we think about simple things – like forgetting the log-in password – to lose access to an account, and indeed, that’s one way to do it. There are several ways you can lose access to all the data on your encrypted drive. It’s losing this recovery key, or not saving it in the first place, that can lead to complete data loss. The decryption key is associated with your login account.Īs part of the setup process, you should be given the option of saving a recovery key for your encrypted drive. Log in to your machine using your normal log-in account, and you’ll have access to the contents of your encrypted drive. BitLocker will check to ensure that your system supports BitLocker, and having done so, will proceed to encrypt your drive.īitLocker is pretty transparent once it’s set up. Run BitLocker from within Control Panel, and turn it on. The process of encrypting your drive with BitLocker is fairly straight forward. That doesn’t mean it can’t be done, so do follow the instructions in this article. Microsoft has made it harder to encrypt yourself into a corner. Start a free trial to begin protecting your Windows devices today, and feel free to contact us if you have any questions.For the record, I actually now use BitLocker for whole-drive encryption. See our BitLocker Encryption page for more information, and view our Windows installation guide to set up DriveStrike on your Windows machines. The “-enable” and “-disable” commands do not create or delete keys.ĭriveStrike provides BitLocker integration with easy key management through our web console.Keys will subsequently be needed to access the drive. Running “-enable” restores normal BitLocker operation.However, BitLocker encryption is still active, and both existing and new data written to the disk are still encrypted. Thus, the “-disable” command makes BitLocker keys readable by anyone, bypassing any boot prompt. The “-disable” and “-enable” commands operate on BitLocker keys, not BitLocker encryption.“-rebootcount 3” will disable BitLocker for the next 2 reboots, then re-enable BitLocker automatically after the 3rd reboot.“-rebootcount 0” disables BitLocker indefinitely, and must be explicitly re-enabled through the “-enable” command.BitLocker will be re-enabled automatically after the next reboot, unless “-rebootcount X” args are specified….After the machine is completely decrypted, you can then re-enable BitLocker and Encrypt your machine to your desired specifications. Close the command prompt and select “Continue – Exit and continue to Windows 10.” Once you are logged into your machine, open Manage BitLocker (Control Panel > System and Security > BitLocker Drive Encryption) and completely decrypt the machine by turning BitLocker off.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |