DriveLock Bitlocker Management
Start your test now!
Category: Use Case
Module: BitLocker Management
Test time: 30 min
This use case will show you how encrypt your endpoints quickly and easily with DriveLock BitLocker Management.
1. What is the use case about?
DriveLock extends BitLocker drive encryption - The free BitLocker encryption is a great benefit for Microsoft customers and an important contribution to protecting your company's data. But only if encryption is centrally managed and consistently controlled, it can meet all legal requirements.
DriveLock adds essential and important additional features to the BitLocker functionality. Its advanced and user-friendly DriveLock Operations Center provides easy and centralized management.
CAUTION: If your computer is already BitLocker-encrypted, DriveLock will take over the encryption respectively create new protectors for recovery. The previous encryption algorithm will not be changed by this process.
2. How does it affect your client computer?
In this use case, all local hard disks are encrypted with BitLocker. Depending on the selected DriveLock group HW type notebooks or HW type workstations, the encryption is secured with TPM, DriveLock PBA or Microsoft PBA.
TPM
No PBA is active. An active TPM chip is required for this. Encryption starts automatically without any user interaction.
DriveLock PBA
The DriveLock PBA is installed automatically. The end user receives messages about the history of reboots. The user logged in at the time of installation is automatically added to the PBA user database with their AD credentials. In addition, an emergency user is set up:
User name: admin
Password: DriveLock1
Domain: emergency
CAUTION: Please note that the PBA only operates on UEFI systems on Windows 10 environments and above. If BitLocker Management is used on BIOS systems, the original BitLocker PBA is used.
Microsoft PBA
The Microsoft PBA is used instead of the DriveLock PBA for BIOS systems.
The end user is prompted to enter a BitLocker password, then encryption begins. During the encryption process, a tray icon informs you that encryption is in progress. After encryption has started, the end user will see a BitLocker PBA screen every time the test computer starts up.
Here you must enter your BitLocker password that you defined in this use case.
3. How to monitor the results in the DOC?
DriveLock also offers a specific Encryption dashboard.
This dashboards provides you with all the information about your computers encrypted with BitLocker.
In addition, you can get more details in the view under Security Controls > Encryption or in the Computers view.
Computer-specific details for each dedicated volume are available in the Details pane on the right after you select a specific computer.
The Volumes section contains all the detailed information.
Here you can see TPM properties and all volumes including size, protectors, encryption methods and status. Also what recovery data is available for this device.
From the DOC, you can perform simple management actions regarding BitLocker, such as setting a new BitLocker password, prompting the user to reset the password, or viewing the recovery key.
BitLocker-relevant events can be found in the tab of the same name in the Encryption view or under Analytics > Events, where you can use the predefined BitLocker Management filter.
To perform a recovery via da DOC, you will find the required BitLocker certificate DLBlDataRecovery.cer in the Settings > Certificates area or locally on an installed agent under C:\ProgramData\CenterTools DriveLock\PolicyFileStg (PW: DriveLock1)
If a recovery key is requested, you can choose the recovery data and the certificate you want to use.
After using a recovery key, it cannot be used again. A new key is generated and uploaded to the central DriveLock service.