Can A SysAdmin Decrypt Bitlocker To Go?


  1. Posts : 40
    Windows 7 Professional x64
       #1

    Can A SysAdmin Decrypt Bitlocker To Go?


    At work we have Windows 7 Enterprise, and I would like to use Bitlocker To Go (BTG) to encrypt my USB ('flash') drive. The purpose is to prevent anybody - including system administrators - from viewing the contents of my USB drive.

    Can a system administrator decrypt a BTG-protected USB drive without knowing the password? Can a system administrator simply turn off BTG on my USB drive?
      My Computer


  2. Posts : 40
    Windows 7 Professional x64
    Thread Starter
       #2

    I discovered that it is possible for a system administrator to decrypt a USB drive encrypted by Bitlocker-To-Go.

    When a user encrypts a USB drive with BTG, the user is asked how they would like to generate a recovery key: by printing or storing in a file.

    If so enabled in Group Policy, Windows will store a copy of the recovery key in a location accessible to a system administrator.

    This isn't so unreasonable when you understand that BTG was created so enterprises can protect their data from falling into unauthorized hands. BTG is provided as a tool that enterprises can either offer or mandate to employers. It makes sense that the enterprise should have way to recover their own data when it is stored on an employee's USB drive.

    So for my purposes, Bitlocker-To-Go is unsatisfactory.
      My Computer


  3. Posts : 5,642
    Windows 10 Pro (x64)
       #3

    It would work to your satisfaction if you did it at home on your own computer. But I question the purpose of this. Sounds like you might be up to no good concerning your employer.
      My Computer


  4. Posts : 40
    Windows 7 Professional x64
    Thread Starter
       #4

    Surely you didn't become a Gold Member for posts like that.
      My Computer


  5. Posts : 5,642
    Windows 10 Pro (x64)
       #5

    Like what? Telling you that it would work to your satisfaction if you did it from home?
      My Computer


  6. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #6

    Well I'm a Gold member and the answer to your question is very simple. It is inappropriate to do what you want on a company computer without the proper permission from the the owner/operator/administrator/IT department. You can of course do such things on your own computer at home or any other place you choose to use your computer. Daddyman being polite to other members is always appreciated on this Forum.
      My Computer


  7. Posts : 40
    Windows 7 Professional x64
    Thread Starter
       #7

    Layback Bear said:
    Daddyman being polite to other members is always appreciated on this Forum.
    That concept appears to have been forgotten by logicearth. I didn't come here to be accused by my fellow posters.
      My Computer


  8. Posts : 5,642
    Windows 10 Pro (x64)
       #8

    Being polite does not prevent one from voicing opinions. Or as you put it "accusing" you of some action.
      My Computer


  9. Posts : 40
    Windows 7 Professional x64
    Thread Starter
       #9

    <placed in Ignore list>
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 11:58.
Find Us