Bitlocker and a second hard drive

[Bill]

I have two hard drives. One has been partitioned for Bitlocker.

The backup goes to the second hard drive (E. If the laptop is stolen can
the E: drive be swapped without bitlocker key and then give up the secrets of
its backup of the bitlocker protected drive? Or is there something expected
between the Bitlocker drive protected and the unprotected drive, disallowing
it to work if compromised?

Thanks


--
Bill

 

[Jesper]

RE: Bitlocker and a second hard drive

Yes, if you have a system backup on an external drive then that will give up
the secrets if it is stolen. It doesn't even need to be stolen with the
computer for that to happen.

In Vista SP1 you will supposedly be able to encrypt that drive as well.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20


"Bill" wrote:

> I have two hard drives. One has been partitioned for Bitlocker.
>
> The backup goes to the second hard drive (E. If the laptop is stolen can
> the E: drive be swapped without bitlocker key and then give up the secrets of
> its backup of the bitlocker protected drive? Or is there something expected
> between the Bitlocker drive protected and the unprotected drive, disallowing
> it to work if compromised?
>
> Thanks
>
>
> --
> Bill

 

[Alun Jones]

Re: Bitlocker and a second hard drive

"Jesper" <Jesper@discussions.microsoft.com> wrote in message
news:922DA0E0-9FBE-4D47-9117-425C23525792@microsoft.com...
> Yes, if you have a system backup on an external drive then that will give
> up
> the secrets if it is stolen. It doesn't even need to be stolen with the
> computer for that to happen.
>
> In Vista SP1 you will supposedly be able to encrypt that drive as well.

If you're willing to run "cscript c:\windows\system32\manage-bde.wsf", you
can encrypt drives other than the boot drive in Vista without SP1. Vista SP1
will, I imagine, merely provide a GUI wrapper around this facility.

Alun.
~~~~

 

[Jesper]

Re: Bitlocker and a second hard drive

It's just that it is unsupported to encrypt non-boot volumes in Vista RTM.
That's why I did not mention it. The plan, last I heard, was to support it in
SP1.

---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20


"Alun Jones" wrote:

> "Jesper" <Jesper@discussions.microsoft.com> wrote in message
> news:922DA0E0-9FBE-4D47-9117-425C23525792@microsoft.com...
> > Yes, if you have a system backup on an external drive then that will give
> > up
> > the secrets if it is stolen. It doesn't even need to be stolen with the
> > computer for that to happen.
> >
> > In Vista SP1 you will supposedly be able to encrypt that drive as well.
>
> If you're willing to run "cscript c:\windows\system32\manage-bde.wsf", you
> can encrypt drives other than the boot drive in Vista without SP1. Vista SP1
> will, I imagine, merely provide a GUI wrapper around this facility.
>
> Alun.
> ~~~~
>
>
>

 

[Alun Jones]

Re: Bitlocker and a second hard drive

Good point - even the API that manage-bde.wsf uses documents that
encryption of drives other than the "currently running operating system
volume" is not supported.

I'm looking forward to seeing this supported in future versions of Vista.

Alun.
~~~~

"Jesper" <Jesper@discussions.microsoft.com> wrote in message
news:5C62A0D4-0BC1-4360-ADD9-1780C5CA4810@microsoft.com...
> It's just that it is unsupported to encrypt non-boot volumes in Vista RTM.
> That's why I did not mention it. The plan, last I heard, was to support it
> in
> SP1.
>
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
>
>
> "Alun Jones" wrote:
>
>> "Jesper" <Jesper@discussions.microsoft.com> wrote in message
>> news:922DA0E0-9FBE-4D47-9117-425C23525792@microsoft.com...
>> > Yes, if you have a system backup on an external drive then that will
>> > give
>> > up
>> > the secrets if it is stolen. It doesn't even need to be stolen with the
>> > computer for that to happen.
>> >
>> > In Vista SP1 you will supposedly be able to encrypt that drive as well.
>>
>> If you're willing to run "cscript c:\windows\system32\manage-bde.wsf",
>> you
>> can encrypt drives other than the boot drive in Vista without SP1. Vista
>> SP1
>> will, I imagine, merely provide a GUI wrapper around this facility.
>>
>> Alun.
>> ~~~~
>>
>>
>>