BitLocker Management

Supported versions and editions:

DriveLock BitLocker Management supports the following operating systems:

  • Windows 7 SP1 Enterprise and Ultimate, 64 bit, TPM chip required
  • Windows 10 Pro and Enterprise, 32/64 bit
  • Windows 11 Pro and Enterprise, 64-bit

Native BitLocker environment

Since version 2019.1, if you want to manage an existing system environment that already contains computers encrypted with BitLocker, they no longer need to be decrypted beforehand via the existing BitLocker management or group policies. DriveLock detects native BitLocker encryption automatically and creates new recovery information. The drives are only decrypted and encrypted automatically if the encryption algorithm configured in the DriveLock policy differs from the current algorithm.

After that, you can use DriveLock BitLocker Management to manage your computers and securely store and utilize the recovery information.

Using passwords

With DriveLock BitLocker Management, the misleading distinction between PINs, passphrases and passwords is simplified by simply using the term "password". Also, this password is automatically used in the correct BitLocker format, either as a PIN or as a passphrase.

Since Microsoft has different requirements for the complexity of PIN and passphrase, the following restrictions apply to the password:

  • Minimum: 8 characters. In some cases, you can also enter 6 characters (numbers); for more information, see the Password options chapter in the current documentation.
  • Maximum: 20 characters

Note that BitLocker's own PBA only provides English keyboard layouts, which means that using special characters as part of the password may cause login issues.

Encryption of external hard disks

Microsoft BitLocker limitations prevent external hard disks (data disks) from being encrypted if you have selected the "TPM only (no password)" mode, since BitLocker expects you to enter a password (BitLocker terminology: passphrase) for these extended drives.

Encryption on Windows 7 agents

On Windows 7 agents, the following error may occur when you use the new execution options added in DriveLock 2020.2: BitLocker does not encrypt on Windows 7 if the "when the screen saver is configured and active" and "when no application is running in full screen mode" options are enabled.

Moving from Disk Protection to BitLocker Management

You must remove Disk Protection with the appropriate policy setting before you can use BitLocker Management.