Mein Dokument - DriveLock Online Help · Title: Mein Dokument Created Date: 4/12/2019 3:04:11 PM

BitLocker Management

Guide

DriveLock SE 2018

Table of Contents

1 WELCOME TO DRIVELOCK BITLOCKER MANAGEMENT 4

2 BASICS 5

2.1 Creating a BitLocker Management policy 5

2.2 Licensing BitLocker Management 6

3 ENCRYPTION AND DECRYPTION 8

3.1 Encryption with BitLocker Management 8

3.1.1 Sample process for encryption with password 8

3.2 Create encryption certificates 10

3.3 Specifying encryption settings 12

3.3.1 The General tab 12

3.3.2 The Recovery tab 15

3.3.3 Algorithms for BitLocker Management 16

3.4 Specifying pre-boot authentication settings 16

3.4.1 The Authentication type tab 16

3.4.2 The Password options tab 18

3.5 Decryption 20

3.5.1 Decrypting encrypted drives 20

4 RECOVERY 22

4.1 Recovering encrypted hard disks 22

4.2 Recovery process 24

5 CLIENT COMPUTER 28

5.1 System requirements for BitLocker Management (client computers) 28

5.2 BitLocker Management on client computers (DriveLock Agent) 28

5.3 Encrypting client computers 29

5.4 BitLocker pre-boot authentication 31

6 DRIVELOCK CONTROL CENTER 33

2

6.1 BitLocker Management in the DCC 33

6.1.1 Assigning a computer-specific BitLocker password 34

6.1.2 Allowing a user-defined BitLocker password 36

6.2 BitLocker event report 38

6.2.1 Customizing the BitLocker event report 38

6.2.2 Event list 39

INDEX 42

COPYRIGHT 44

3

1 Welcome to DriveLock BitLocker Management

1 Welcome to DriveLock BitLocker Management

BitLocker Management offers you a number of advantages when compared to the standardusage of Microsoft BitLocker:

l Manage encryption with BitLocker technology from a central location

l Keep track of all client computers whose hard disks are encrypted with BitLocker

l Monitor the encryption and decryption states of individual client computers in theDriveLock Control Center

l BitLocker Management provides a secure and central administration of recovery keys

l Quickly decommission devices when they are lost or stolen in case they are re-con-nected to the network

l BitLocker Management prohibits unauthorized access to decommissioned or recycleddevices

4

2 BASICS

2 BASICS

2.1 Creating a BitLocker Management policy

The first thing you do when starting with BitLocker Management is to create a new policy.

Please do the following:1. Open the Policies node in the DriveLock Management Console.

2. Create a new policy and enter a descriptive name for it.For example (see figure) BitLocker policy.

3. Follow the instructions in the Sample process chapter and in the related links.

4. Save and publish the BitLocker policy you created and, if required, assign it specific orall computers, groups or OUs (see figure).For more information on how to assign policies with DriveLock, please refer to chapterPolicy Assignment in the Admin Guide at https://drivelock.help.

5

https://drivelock.help/

2 BASICS

5. Open the DriveLock Control Center (DCC) to monitor the encryption process or statuson the individual computers.

2.2 Licensing BitLocker Management

To license BitLocker Management, please proceed as follows:1. Select the policy where you want to license BitLocker Management.

2. Select Global configuration, then Settings and then click License.

3. This opens the License Properties; go to the General tab.

4. Click Add license file... and follow the instructions.

5. Next, select your license file(BitLocker license).

6. In the following dialog, please specify how to activate your license file. We recommendonline activation.

Note: Make sure that you are connected to the Internet.

7. Finally, confirm that your license for BitLocker Management will be added to DriveLockEnterprise Service.

8. Confirm your settings in the final dialog to activate BitLocker Management.

9. Your license appears in the license properties on the General tab.

10. Next, open the Licensed computers tab. Select the client computers where you wantto use BitLocker Management. You can also add individual computers, groups or organ-izational units by clicking Add.

6

2 BASICS

11. Check the BitLocker Management box.

Note: If you have already licensed Disk Protection (DriveLock FDE) in yourDriveLock package, note that you cannot use or select BitLocker Managementat the same time! Please only check the BitLocker Management box.

12. Apply your changes by clickingOK.

7

3 ENCRYPTION AND DECRYPTION


3.1 Encryption with BitLocker Management

BitLocker Management allows you to manage the encryption of the client computers withBitLocker in your network from a central point.

After you license BitLocker Management, a new subnode named BitLocker Managementappears in the policy tree’s Encryption node. Open the new subnode to specify the encryp-tion and authentication settings and to generate the encryption certificates.

Note: If you are using BitLocker Management for the first time, start by creating thecertificates.

3.1.1 Sample process for encryption with password

To quickly and easily encrypt the drives on your client computers, follow the instructionsbelow in the specified order.

This sample process starts with the licensing of DriveLock BitLocker Management and endswith the encryption of the drives on the client computers.

Note: For more information on the individual steps, see the cross-references.

1. Create a new policy and assign a descriptive name.In this documentation, the policy is referred to as the BitLocker policy.

8


2. Enter the respective licenses in the policy.

3. Go to the Encryption node in the policy and click the BitLocker Management sub-node. Read more here.

4. First, create the encryption certificates.

5. Next, specify the following Pre-Boot authentication settings:l On the Authentication type tab, select BitLocker pre-boot authentication.

Check the Automatically unlock all data partitions box.

l On the Password options tab, select the User must change password optionand specify the complexity requirements you want for the password.

Apply your changes by clickingOK.

6. Next, enter the Hard disk encryption settings:l Open the General tab.

1. First of all, check the Encrypt local hard disks on Agent computersoption.

2. Then set the entry AES-XTS (256 bit key length) to the highest positionin the encryption algorithm priority.

3. Optionally check the Configure encryption settings per drive box andselect the encryption algorithm mentioned above for the drives C: and theexpected data drives via the Settings button. You can also specify Notencrypted if you do not require encryption.

4. Click OK to close the dialog.

5. In the Initial encryption section, check the Encrypt only used disk space(fast initial encryption) option; in the Initial protection section, select ’0‘ for the number of days the decryption will be delayed.

l Next, open the Recovery tab and select the first option DriveLock EnterpriseService.

Click OK to close the dialog.

7. Save and publish the policy.

8. Depending on the setting, the hard disk encryption is executed immediately on the cli-ent computers or after the user enters the password.

9. Note: For more information on installing the DriveLock Agent or on policy man-agement in general, please refer to the DriveLock Installation or AdministrationGuide at https://drivelock.help/.

9



3.2 Create encryption certificates

To create encryption certificates, please proceed as follows1. When you are finished creating the BitLocker policy and licensing BitLocker Man-

agement, save and reopen the policy. Then the BitLocker Management subnodeappears in the policy tree.

Note: A text message indicates that no encryption certificates have been gen-erated yet:

2. Click the Encryption certificates option or open the link in the text message.

3. In the Encryption certificate Properties dialog, select the Generate certificates button.

You can import any existing certificates by clicking theManage certificates button. Ifyou do so, make sure that you do not overwrite any existing certificates because oth-erwise recovery will be impossible.

4. Follow the wizard and specify a certificate backup location. This can either be afolder in the file system or a smart card.

Note: Please make sure that the appropriate security requirements regardingstorage location and access are met.

5. In the next step, define the passwords for the private keys (see figure).

Note: In this dialog you enter a password for the emergency logon, which willonly be fully available in the next version, and also a password for the recovery.

10


6. Next, DriveLock generates the encryption certificates in the location you specified.

11


3.3 Specifying encryption settings

3.3.1 The General tab

On this tab you set the most important parameters for encryption and decryption withBitLocker.

The following options are available:1. Encrypt local hard disks on Agent computers:

l Check this option when you are ready to start the encryption process on the cli-ent computers. Before you do so, check that all other encryption settings (seebelow) are specified.

Note: When this option is set and the policy has been assigned accord-ingly, the encryption process starts!

l Uncheck this option to start the decryption process (see details in chapterDecryption); specify the value that suits you best in the Installation protection sec-tion.

12


Note: When you uncheck this option and do not specify a delay, thedecryption process starts immediately after assigning the policy.

2. Encryption algorithm priorityl The list of the different encryption methods is processed from top to bottom.

When BitLocker Management finds the matching algorithm, it will be used forencryption.

Note: We recommend placing the strongest algorithm at top level.

l You can also sort the algorithms manually according to your requirements.

l Hardware encryption algorithm:This is a special algorithm some producers build in to their hard disks. If youwant to use this algorithm, please move it to the top of the list.

l Example:You may want to move the AES with Elephant diffuser (128 or 256 bit keylength) entry up if you have many computers with Windows 7 systems toencrypt, so that this algorithm is preferred.

3. Configure encryption settings per drive:l Select the required encryption algorithm for the system drive and the data drives

by clicking the Settings button or choose 'Not encrypted' if no encryption isrequired.

l Example:You may define a company policy for all computers across your network,whereby drive C: is always the system partition, drive D: always the data partitionand drive E: always only contains user data. Now you can define that both drivesC: and D: are encrypted with the AES-XTS (256 bit key length) algorithm (onlyworks with Windows 10!) and drive E: remains unencrypted, so that the users canaccess their data without any difficulties.

Note: Please ensure that the drive letter and system partition assignmentis the same for all computers this BitLocker policy is assigned to.

13


4. Encrypt only used disk space (fast initial encryption):l Select this option to encrypt only the used disk space in very short time.

l Background:With Windows 8, BitLocker introduced a feature that the hard disk does not haveto be fully encrypted, but only the part where data is stored. Encryption is muchfaster for this reason.

l Issue:Data that has been deleted from the hard disk and that is no longer visible in theExplorer may actually still exist and the original data can be accessed with specialtools.

Note: We recommend choosing this option if you want to encrypt new harddisks, for example, or if you are absolutely sure that the hard disks do not con-tain any old critical data.

5. On configuration changes, delay decryption by [x] days:l To start the decryption process, change the setting to 0 days (the default setting

is 3 days).

l Or else specify the number of days you want to delay the decryption.

Note: This setting delays the decryption for the specified number of days. Thiscan be helpful if you want to get the client computers and their users ready fordecryption (for example, a delay may be practical during holiday periods).

14


3.3.2 The Recovery tab

On this tab you can specify where DriveLock stores the encrypted recovery information.These are the settings you need when you start the recovery process.

The following option is currently available:1. DriveLock Enterprise Service:

Select this option if you want to send the encrypted recovery data to the DriveLockEnterprise Service (DES).

15


3.3.3 Algorithms for BitLocker Management

BitLocker Management uses the following algorithms that are based on the operating sys-tems in use. See System requirements.

Operating system Algorithm

Windows 7

l AES 128 bit with diffuser

l AES 256 bit with diffuser

l AES 128 bit

l AES 256 bit

Windows 8.1

l AES 128 bit

l AES 256 bit

Windows 10l AES XTS 128 bit

l AES XTS 256 bit

3.4 Specifying pre-boot authentication settings

3.4.1 The Authentication type tab

Which pre-boot authentication type you choose depends largely on whether or not the com-puters whose hard disks you want to encrypt with BitLocker contain a TPM (Trusted PlatformModule).

The following options are available:a. Select the first option No pre-boot authentication,

l if there is a TPM built in on the hard disks you want to encrypt. In this case, anadditional authentication when booting the computer is not required.

Note: The protector DriveLock uses is called TPM only.

l Here, BitLocker accesses a TPM which has to be activated first in BIOS.

l If you chose this option, you can close the dialog and continue because you donot need to specify a password on the next tab.

b. Select the second option BitLocker pre-boot authentication (see figure),l if there is no TPM built in on the hard disks you want to encrypt or if you are not

sure whether it is active.

16


l In this case, DriveLock uses the original BitLocker PBA.

l Open the Password options tab to specify a password or to select one of theother options.

In both cases, we recommend checking the Automatically unlock all data partitionscheck box. With this option set, both the system partition and all data partitions are unlockedafter authentication on the computers you assign the BitLocker policy to.

Note: Unlike Microsoft, DriveLock unlocks the data partitions automatically for allusers of a computer.

17


3.4.2 The Password options tab

On this tab you have three different possibilities:

1. You specify a BitLocker password and select none of the other options in the in thetop part of the dialog:

l The encryption process starts when you activate it and/or assign the policy. Theuser of the client computer is allowed to change the password later or continuesto use the password you specified.

Note: Please note that you are responsible for communicating the pass-word to the users over a secure channel.

2. You check the User cannot change password box:l Please specify a fixed password which the user can never change. The initial

encryption process starts automatically even without the user being logged on tothe client computer, after you activate it and/or assign the policy.

l As soon as the user starts the computer, the BitLocker password must be entered

18


to unlock the encrypted hard disks.

Note: Please provide users with the appropriate password informationover a secure channel.

l The password is entered independently of the encryption progress, i.e. theBitLocker password must be entered as soon as the encryption has started.

3. You check the User must change password option (see figure):l The user can specify a password, you do not enter a password here.

l If required, you can define the requirements the user password must meet.

l The encryption process starts as soon as the user specifies the password.

l The password may be changed later.

Check the Password must meet complexity requirements box to set the criteria youwant the user password to meet:

l The password may be between 8 and 20 characters long. A number below 8 or higherthan 20 leads to an error message.

l Define the minimum requirements (number of letters, number, special characters etc.).

If you want to set individual passwords for individual client computers, you can do so in theDriveLock Control Center. Here you can also monitor the encryption progress. Please refer toBitLocker Management in the DriveLock Control Center (DCC) for more information.

19

3.5 Decryption

Decryption is triggered with a single setting that is specified in theHarddisk encryption set-tings on the General tab.

You can monitor the decryption process (same as the encryption process) in the DriveLockControl Center (DCC), see below:

The Event report (BitLocker events) also provides information on the decryption/encryptionof individual computers.

3.5.1 Decrypting encrypted drives

To start decrypting encrypted drives, please proceed as follows:1. Open the respective BitLocker policy.

2. Open the General tab in theHarddisk encryption settings dialog.

3. Uncheck the Encrypt local hard disks on Agent computers option.

20

4. Specify a value for the On configuration changes, delay decryption by x daysoption. The default value is 3, which means that decryption starts after 3 days. Depend-ing on the value you enter, the decryption will be delayed by x days.

Note: In order to start the encryption process immediately, enter the value 0here.

5. Click OK to confirm your settings.

6. The following message appears in the status bar of the client computer that is beingdecrypted.

21

4 RECOVERY

4 RECOVERY

4.1 Recovering encrypted hard disks

If users can no longer access their hard disk (system partition) encrypted with BitLocker Man-agement, for example because they have forgotten their BitLocker password, the recoverycertificate and the associated private key must be used to provide access.

In this case, please start the recovery process. For this purpose, DriveLock offers you two pos-sibilities:

1. In the DriveLock Control Center, open HelpDesk and click the BitLocker recoverybutton.(see figure).

2. In the DriveLock Management Console, select the Operating node and open thecontext menu for Agent remote control to select the BitLocker Managementrecovery menu item (see figure).

22

4 RECOVERY

In both cases, the Recovery Wizard will open and guide you through the steps.

23

4 RECOVERY

4.2 Recovery process

To recover access to an encrypted hard disk, please proceed as follows:

1. Open the Disk Recovery wizard either from the DriveLock Control Center or theDriveLock Management Console.

2. In the first dialog, select the BitLocker recovery key option.

Note: The Emergency logon option will be fully available in the next version.

Select where the recovery information is retrieved from:.

Note: Which option you select, depends on your settings in the encryption set-tings dialog. We recommend the DriveLock Enterprise Service option.

3. In the next dialog, select the location of the certificate and/or private key (*.PFX file).

You can also access the information stored in theWindows Certificate Store.

24

4 RECOVERY

Note: If you specified earlier in the encryption settings dialog that the recoveryinformation resides in the file system, please enter the matching password forthe private key here.

4. Next, select the client computer that needs recovery from the list. Use a filter, ifrequired.

5. Continue by requesting a recovery key in the next dialog.

Note: The challenge-response feature will be fully available in the next version.

6. Wait a moment while DriveLock retrieves the recovery information.

7. The next dialog issues the recovery key.

Note: Select the drive defined as system partition on the client computer.

8. Provide the user with the recovery key.

Note: Please note that you are responsible for communicating the recovery keyto the users over a secure channel.

9. Last, the user enters this key in the BitLocker recovery dialog when starting the client

25

4 RECOVERY

computer.

Note: Note that this recovery key represents a major security risk. For thisreason, BitLocker Management immediately initiates a password change by theuser and replaces the recovery key with a new one.

10. The Change BitLocker Password wizard starts on the client computer and the user mustspecify a new password.

26

4 RECOVERY

11. As soon as this is done, the user can enter this password when starting up the clientcomputer.

27

5 CLIENT COMPUTER

5 CLIENT COMPUTER

5.1 System requirements for BitLocker Management (client computers)

DriveLock BitLocker Management supports the following operating systems:l Windows 7

l Starting with Windows 7 SP1 (version 6.1.7601)

l only 64 bit operating system

l only Ultimate and Enterprise Editions

l an existing Trusted Platform Module (TPM chip or vTPM) is mandatory

l Windows 8l starting with Windows 8.1, Update 1 (version 6.3.9600)

l 32 bit and 64 bit operating systems

l only Professional and Enterprise Editions

l no TPM required (recommended for security reasons)

l Windows 10l starting with Windows 10 1607 (version 10.0.14393)

l 32 bit and 64 bit operating systems

l only Professional, Enterprise and Education Editions

l no TPM required (recommended for security reasons)

5.2 BitLocker Management on client computers (DriveLock Agent)

As soon as you assign your BitLocker policy to the respective client computers, DriveLockBitLocker immediately starts encrypting the hard disks. Depending on the settings you spe-cified in the Pre-Boot authentication settings dialog, encryption starts with or without theuser having to enter a password.

Note: Please provide users with the appropriate password information.

The user may also redefine the password later. The DriveLock Agent on the client computerprovides the Change BitLocker password button on the Encryption tab for this purpose.

28

5 CLIENT COMPUTER

5.3 Encrypting client computers

On the client computers, the hard disk encryption and the corresponding passwordentry are carried out as follows:

1. In one case, the user starts the (unencrypted) client computer and logs on to Windowsas usual. In the other case, the user is already logged in and the DriveLock Agent hasjust been assigned the new BitLocker policy.

2. Two options are available:

a. If you specified a set password, the encryption process starts automatically andimmediately without the user’s interaction (no password entry or definitionrequired).

The user can only follow the encryption process in the status bar.

.

29

5 CLIENT COMPUTER

When the encryption process is finished, DriveLock issues the message describedin item 5.

b. If the user must specify their own password, a wizard starts where the userdefines an authentication password.

3. In case b. the user defines a password (according to your requirements or free tochose).

4. As soon as the password has been defined and confirmed, the encryption processstarts.

5. When this process is complete, the following notice appears on the user’s screen:

30

5 CLIENT COMPUTER

6. The next time the client computer starts up, the user enters the BitLocker password aspre-boot authentication thus unlocking the encrypted system partition (and the datapartitions, where applicable).

In case a. the client computer starts without the user having to enter a password.

5.4 BitLocker pre-boot authentication

When you enter your password in the BitLocker pre-boot authentication dialog (see figurebelow), please note that the English (US) keyboard layout is used exclusively.

Warning: Make sure to inform the users of the client computers accordingly.

31

5 CLIENT COMPUTER

32

6 DRIVELOCK CONTROL CENTER


6.1 BitLocker Management in the DCC

In the DriveLock Control Center’s Helpdesk view, click Encrypted Disks to view all com-puters with encrypted and/or decrypted hard drives.

The following information, among others, is displayed here:

l Algorithm: this column shows the algorithm you set in theHarddisk encryption set-tings dialog.

l Percentage of encryption: if the drive is completely encrypted, the percentage shows100%. During the encryption or decryption process, you can see how much of the datais encrypted in percent.

l State of encryption with the following values:l Fully Decrypted: the drive is decrypted. The data is not protected.

l Fully Encrypted: the drive is encrypted.

l Encryption In Progress: the drive is currently being encrypted. See how muchof the drive is already encrypted in the Percentage of encryption column.

l Decryption In Progress: the drive is currently being decrypted. The percentagerefers to the portion that is still encrypted.

l Locked: If a drive was already encrypted with BitLocker before being managedwith DriveLock BitLocker Management (i.e. before installing the DriveLock Agentand before assigning the BitLocker policy), this status is displayed in this field.First, make sure that the user unlocks the drive so that the DriveLock Agent canaccess it.

l Protectors:l Passphrase: If the Trusted Platform Module (TPM) is missing or not enabled on

the computer, a passphrase can be used for authentication. Users must enter thispassphrase each time they start their computer in the Windows pre-boot envir-onment.

33


l Recovery Key (also Numerical Password): The recovery key is always used as aprotector for encryption.

Note: Microsoft uses two protectors by default for the original encryptionof a system or data partition with BitLocker. These are either TPM, TPMand PIN or Passphrase and Numerical Password.

l TPM: This protector only works on drives with a built-in TPM (’TPM only’). Enter-ing a PIN (BitLocker password) is not required.

l TPM and PIN: A built-in TPM is also required in this case. Here the TPM and aPIN (BitLocker password) are used for authentication. Users must enter this pass-word each time they start their computer in the Windows pre-boot environment.

l External Key: DriveLock uses this protector if the auto-unlock option is specifiedfor the drive (Automatically unlock all data partitions in the Authentic-ation type dialog).

Note: DriveLock also provides the recovery key for data partitions. Evenwithout the auto-unlock option, this external key allows you to access adata partition that is not protected with a password. This ensures thatdata partitions can also be unlocked using the recovery key, even if TPMis used as the protector.

6.1.1 Assigning a computer-specific BitLocker password

You can specify a BitLocker password for individual computers in the DriveLock ControlCenter’s (DCC) Helpdesk view.

34


Note: This password is specified for the selected computers; this password settingoverwrites the settings in the BitLocker policy originally assigned to these com-puters.

To specify the password, please proceed as follows:

1. Click .

2. Select In the password dialog.

a. Enter and confirm a password.

b. Select the computers you want to assign the password to from the list. You canalso use the buttons next to the list.

c. Click OK.

3. Select Import password from CSV file.a. Enter the path to the CSV file, see figure below:

35


b. Select the computers you want to assign the password to from the list. You canalso use the buttons next to the list.

c. Click OK.

6.1.2 Allowing a user-defined BitLocker password

In the DriveLock Control Center’s (DCC) Helpdesk view, you can enable users of individualcomputers to assign their own BitLocker password.

Note: The users are asked to specify a BitLocker password for their computer. Whenthe users assign this password, DriveLock overwrites the respective setting in theBitLocker policy originally assigned to these computers.

To enable users to change their password, please proceed as follows:

1. Click .

2. In the next dialog, click Yes. You confirm that the original password will be overwritten.

Note: This setting is only available if the original BitLocker policy supports pass-word changes.

3. Click OK.

36


4. A dialog asking the user to change their password appears on the respective computer.

5. The Event report in the DCC issues the following event:

37

6.2 BitLocker event report

DriveLock BitLocker Management logs all activities, events and errors that occur withBitLocker actions.

To view these events, open the BitLocker event report in the DriveLock Control Center (DCC).You can customize the view to suit you best.

For more details on the individual events, refer to the BitLocker event list.

6.2.1 Customizing the BitLocker event report

Please proceed as follows to customize the event report in the DriveLock ControlCenter:

1. On the Start tab, open the Event report area.

2. In the Entities section, select BitLocker events.

3. The Actions tab provides a table with all the BitLocker events.

4. Customize the table according to your needs by specifying filters or grouping columns,for example.

Note: For more information, please refer to the DriveLock Control Center UserGuide at DriveLock Online Help, chapter Working area.

5. Save your changes.

6. If you reopen the event report, the BitLocker events button appears in the Recentlyused section.

38


6.2.2 Event list

The table contains all events related to BitLocker as displayed in the DriveLock ControlCenter. All events below are triggered by DriveLock BitLocker Management:

l On the DriveLock Agent:

EventID

Event level(Info, Warn-ing, Error)

Event text Description

609 Error BitLocker key backup failedThe BitLocker recovery key backupfailed

610 WarningBitLocker cannot apply con-figuration

The BitLocker configuration couldnot be applied

611 Warning BitLocker not licensedBitLocker is configured to encryptlocal hard disks but is not licensedon this computer

612 InformationBitLocker configurationchange delayed

A change in the BitLocker con-figuration was detected, but thechange is not applied due to the'delay decryption' setting in thepolicy

613 WarningBitLocker manually recon-figured

BitLocker was manually recon-figured

614 Warning Decryption scheduled

Company policy or licensing on thiscomputer is configured to startdecryption of all hard disks. Decryp-tion is scheduled to start on [date/-time]

615 InformationBitLocker encryption suc-cessful

BitLocker successfully encryptedhard disk: [drive letter]

616 InformationBitLocker decryption suc-cessful

BitLocker successfully decryptedlocal hard disk: [drive letter]

617 ErrorBitLocker key backup cre-ation failed

The BitLocker key backup creationfailed

39

618 Information BitLocker encryption startedBitLocker started encrypting localhard disk: [drive letter]

619 Information BitLocker decryption startedBitLocker started decrypting localhard disk: [drive letter

620 Error BitLocker system error

BitLocker Emergency RecoveryInformation could not be moved to[target folder].Error code: [errorcode] Error: [error]

621 Information BitLocker login succeeded BitLocker login succeded

622 Warning BitLocker login failed BitLocker login failed

623 WarningBitLocker password resetdialog cancelled

The BitLocker password reset dia-log was cancelled

624 InformationBitLocker password dialogfinished

The BitLocker password dialog wasfinished

625 Error BitLocker encryption failedThe BitLocker encryption failed.Error: [error message]

626 Information BitLocker protectors appliedThe BitLocker protectors [protectorname] were applied for drive:[drive letter]

627 InformationBitLocker encryptionalgorithm applied

The encryption algorithm[algorithm] is used to encrypt drive:[drive letter]

628 InformationBitLocker recovery dataupload

BitLocker recovery data wasuploaded to the server

629 ErrorBitLocker recovery dataupload failed

BitLocker recovery data uploadfailed. Error: [error message]

630 WarningBitLocker not controlled byDriveLock detected

Drive [drive letter] is already encryp-ted with BitLocker but not con-trolled by DriveLock

Note: This means that the drive wasalready encrypted with BitLocker

40

before using DriveLock BitLockerManagement.

631 Warning Locked drive detectedBitLocker: locked drive [drive letter]detected

632 InformationBitLocker configuration suc-ceeded

BitLocker configuration succeeded

633 InformationBitLocker configurationfailed

BitLocker configuration failed.Error: [error message]

634 Information BitLocker password setBitLocker password was set by theuser for drive: [drive letter]

635 InformationBitLocker set passwordfailed

BitLocker set password failed fordrive: [drive letter]. Error message:[error message]

l On the DriveLock Control Center (DCC):

810 InformationNew initial BitLocker pass-word from DriveLock Con-trol Center

Set new initial BitLocker passwordfor client [client name] fromDriveLock Control Center

811 InformationSent agent action to changeBitLocker password fromDriveLock Control Center

Sent agent action to changeBitLocker password to client(s) [cli-ent name(s)] from DriveLock Con-trol Center

41

Index

Index

A

assignment 28

authentication type 9, 16

B

BitLocker license 6

C

certificate store 24

Copyright 44

D

data partition 13, 17

decryption 12, 14, 21

E

encryption 4, 6, 8, 12, 18, 24, 28-29

encryption algorithm 9, 13

encryption certificates 8-10

encryption method 13

events 38-39

H

hard disks 4, 8, 12, 16, 20, 22

hardware encryption 13

I

Index 42

P

password options 9, 18

pre-boot authentication 9, 16, 28, 31

42

Index

private key 10

R

recovery 9-10, 15, 22, 24

recovery keys 25

S

system partition 13, 17, 22, 25, 31

43

CopyrightInformation in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwisenoted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depictedherein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place,or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user.

© 2018 DriveLock SE. All rights reserved.

DriveLock and others are either registered trademarks or trademarks of or its subsidiaries in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Mein Dokument - DriveLock Online Help · Title: Mein Dokument Created Date: 4/12/2019 3:04:11 PM

Documents

Transcript of Mein Dokument - DriveLock Online Help · Title: Mein Dokument Created Date: 4/12/2019 3:04:11 PM