Integrating existing BitLocker environments

It is now simple to include hard disks and data drives from client computers that have already been encrypted in advance with native BitLocker into DriveLock BitLocker Management. DriveLock BitLocker Management allows you to control encryption and decryption from a central point without having to deal with the encryption state of individual client computers.

Enable the Manage existing BitLocker environment option in your BitLocker policy to specify that DriveLock can start the integration. By assigning the policy to the respective client computers, BitLocker Management is activated.

If you do not enable this option and there are drives in your environment that have been encrypted with BitLocker before, DriveLock ignores these drives. They remain encrypted but cannot be managed with DriveLock BitLocker Management.

System drives differ from data drives:

  • System drives: DriveLock automatically takes over system drives that have been encrypted before with native BitLocker; they do not necessarily have to be re-encrypted. In the background, DriveLock adapts the algorithms and exchanges protectors (even External keys are deleted and re-created). If the encryption algorithms match, this is a very quick process; if they do not match, DriveLock re-encrypts the drives. Depending on the system and partition size, this may take a longer time. Since users unlock the system drive directly by logging on to the system or entering their BitLocker password, no further action is required from the user.

  • Data drives: Data drives are neither unlocked nor integrated in DriveLock BitLocker Management automatically. Users will have to take action here: A wizard pops up on the client computer where the user selects the partitions that need to be unlocked. Then, the user enters the original BitLocker password and specifies a new one. Note that a password entry is only required if the User must change password option has been enabled in the Password options dialog before. However, if this option is not selected and a password is preset, make sure to let the users know. In this case, a password change is not required; the users simply select the drives that need to be unlocked and enter their original BitLocker password.

Recovery keys: DriveLock BitLocker Management creates new recovery keys when it integrates the native BitLocker environments.

Encryption algorithms: If you adhere to the Windows default settings for encryption algorithms, DriveLock BitLocker Management can take over native BitLocker environments easily and quickly.