The Windows Servicing Guy

Tips and tricks from a Windows support engineer on issues related to servicing

Interesting Bitlocker question that came up the other day

Interesting Bitlocker question that came up the other day

  • Comments 1
  • Likes

I wanted to mention something that came up the other day here at work that might prove informative to some of you.  With the Windows 7 release, we've seen a pretty good increase in the number of Bitlocker calls we are seeing.  Most seem to be regarding implementation of the new features in Win7 with Bitlocker to Go, but this one was about Bitlocker implementations in Vista moving to Windows 7 (and vice versa).

On Windows Vista systems with Bitlocker enabled, you can move that drive to a Windows 7 installation and decrypt the volume using manage-bde.  However, when you attempt to do the reverse, moving a Win7 Bitlocker encrypted volume to Windows Vista and attempt to decrypt it, it seems to fail.

So, the question was this: If I have a Windows 7 Bitlocker encrypted volume, can I decrypt it under Windows Vista?

The answer to this is No.  You cannot move a Windows 7 Bitlocker encrypted disk to a downlevel operating system and decrypt it.  It has to be done under Windows 7.  This is because the Windows 7 implementation is slightly different than the Vista implementation and they arent backwards compatible.  What you can do, if the volume is FAT32, is use the Bitlocker to Go reader and access the data on the drive in Vista or XP.  But you wont be able to decrypt it.

I dont know that its a common question, but I thought it interesting nonetheless.

  • Can a BitLocker encrypted drive be prevented from formatting if he boots to another OS? If a malicious user gains physical access to my machine, he'll try accessing the data. When he's not successful, he'll try to destroy the data. You need to add format protection next.