BitLocker Management

Supported versions and editions:

DriveLock BitLocker Management supports the following operating systems:

  • Windows 7 SP1 Enterprise and Ultimate, 64 bit, TPM chip required
  • Windows 8.1 Pro and Enterprise, 32/64 bit
  • Windows 10 Pro and Enterprise, 32/64 bit

Native BitLocker environment

Starting with version 2019.1, you don't have to use the native BitLocker administration or group policies to decrypt computers that were previously encrypted with native BitLocker; these system environments can be managed directly now. DriveLock detects native BitLocker encryption automatically and creates new recovery information. The drives are only decrypted and encrypted automatically if the encryption algorithm configured in the DriveLock policy differs from the current algorithm.

After that, you can use DriveLock BitLocker Management to manage your computers and securely store and utilize the recovery information.

Password requirements

In Drivelock BitLocker Managment, the difference between PIN, passphrase and password is confusing for the user, we have simplified it by only using the word "password". In addition, this password is automatically applied in the correct BitLocker format, either as a PIN or as a passphrase.

Due to the fact that Microsoft has different requirements for the complexity of PIN and passphrase, the following restrictions apply to the password:

  • Minimum: 8 characters In some cases 6 characters (numbers) are also accepted. For more information see the current BitLocker Management documentation on DriveLock Online Help.
  • Maximum: 20 characters

Note that BitLocker's own PBA only provides English keyboard layouts when using BitLocker, so the use of special characters as part of the password can lead to login problems.

Encrypting extended disks

Microsoft BitLocker limitations prevent external hard drives (data disks) from being encrypted if you have selected "TPM only (no password)" mode, because BitLocker expects you to enter a password (so called BitLocker passphrase) for these extended drives.

Group policy configuration

If you distributed the DriveLock BitLocker configuration to the agents via group policies, you cannot set computer-specific passwords via the DriveLock Control Center because of a technical issue.

In this case, the DriveLock Agent ignores the required machine-specific policies.

Encryption on Windows 7 agents

On Windows 7 agents, the following error may occur when you use the new execution options added in DriveLock 2020.2: BitLocker does not encrypt on Windows 7 if the "when the screen saver is configured and active" and "when no application is running in full screen mode" options are enabled.