Encrypting Additional Drives with BitLocker
As you may know, BitLocker Drive Encryption only encrypts the C:\ drive. If you have additional drives in your PC, or use an external USB hard drive with your notebook, you can’t encrypt that drive with BDE. Officially that is :)
While Vista SP1 will bring support for encrypting the other volumes in your system you can do it today using the command line tool manage-bde.wsf. Now before we get started I must inform you that this is in now way supported by Microsoft. I’ve tried it, it worked for me, but I highly recommend taking a backup of the data before proceeding!
With that out of the way launch the Command Prompt as Administrator and run the following command to encrypt additional drives:
cscript manage-bde.wsf -on X: -recoverykey Y:\ -recoverypassword
In this example X: is the drive you wish to recover and Y: is the drive the recovery key will be saved to. Remember to backup the recovery key and store it in a secure location. You can store this key on the C: drive (which is encrypted) and it will make things easier when you need to unlock the drive.
Once that is complete you will need to run a command to “unlock” the drive in order to access the data. With the drive plugged in run the following command:
cscript manage-bde.wsf -unlock X: -recoverykey C:\WO97N74A-A99A-9923-C798-45FF0139DDE9.BEK
If you lose the key you can unlock the drive with the recovery password with the following command:
cscript manage-bde.wsf -unlock X: -recoverypassword 846295-102210-220394-001294-333982-001923-094856-223451
Too make it easier I suggest creating a batch file and dropping it in the startup folder.
Written by rodney.buike. Read more great feeds at is source WEBSITE
no comments.
Read more articles on Windows Client and Security.
- [+] Digg: Feature this article
- [+] Del.icio.us: Bookmark this article
- [+] Furl: Bookmark this article
