BitLocker & Application Compatibility

BitLocker & Application Compatibility

  • Comments 4
  • Likes

Recently I received an interesting question around BitLocker & Application Compatibility. In other words will an application, which works on a machine without BitLocker also work on a machine with BitLocker enabled? I believe it sounds as simple a question as important it is.

 

Quick answer is that the BitLocker Drivers are at a very low level in the software system stack; below the file system. So BitLocker is transparent to applications and it shouldn’t cause any incompatibility for most applications that runs in normal Windows environment.

However, considering how important could this topic could be in Enterprise situations I thought of going beyond what I know or expect and finding some real world data around it. I contacted several Enterprise & Medium businesses who had BitLocker deployed for some time and asked their experience. Here are some facts & findings:

 

·         Will an application which works on a machine without BitLocker also work on a machine with BitLocker enabled?

For almost all case, yes. In this case, I could just say “Yes” but the reason I’m saying “almost all” is because I recommend that Enterprise Administrators evaluate which application interact with the disk via file system & which do not. For applications that do not use file system and interact directly with the raw data on disk, Application owners or IT administrators may want to perform a sanity check for those application with & without enabling BitLocker.

 

·         Which applications are known to have incompatibilities due to BitLocker enablement?

In the study I performed, few back-up applications that operate the disk at sector level were heard to have compatibilities raised after enabling BitLocker. Similarly some system internal utilities that access the drive at the block level may have incompatibilities. Some disk partitioning tools trying to manipulate BitLocker encrypted partition may also have issues with partitions that are BitLocker encrypted – however such issues were found to be intuitive to detect & troubleshoot. I didn’t hear any desktop application that did not work with BitLocker.

 

·         Did we find any evidence of application compatibility issues after enabling BitLocker?

For any desktop application, so far no application compatibility issues were found.

 

·         On which Operating System BitLocker was enabled by these customers?

Windows Vista & Windows7.

 

·         For how long those BitLocker deployments were in place?

From 2 to 3 years, including pilot & production deployments both.

 

Other things to know

Other than the application specific  incompatibilities as you would expect, in some scenarios like patch update, OS upgrade or automated deployments you may need to suspend/pause (or in rare cases decrypt) BitLocker on one or more partitions. Best practices, scripts & other information on this topic is already covered in many of the BitLocker documents e.g. BitLocker FAQ. 

 

Hope this helps! If you had a different experience, do post a comment here or send me a message.

 

-Tanu Mutreja

[This posting is provided "AS IS" with no warranties, and confers no rights.]

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Hi Tanu! I was wondering what you were looking to do with the info we provided on our BitLocker deployment. It's nice to see that you are getting info out there on real world experiences so that folks who are proceeding with more trepidation will see it is OK to take the plunge and join in using BitLocker.

  • Hey Jerry,

    Yeah, that's the part I love about Customer Advisory - learn from engineering to help our customers better while at the same time learn from our customers to help engineering & other customers do better. I must say later one involves incredible, wide & continuous learning experience that too from industry experts.

    Thank you!

    -Tanu.

  • I just attempted to install Windows Ubuntu. I believe the failed attempt to be due to bitlocker on my domain client Lenovo (T60p) running Windows 7, one partition, bitlocked. www.ubuntu.com/.../windows-installer

  • Hey Laura, OS upgrade & install require you to suspend / disable BitLocker before installing/upgrading. In your case since new OS is non-windows i.e. new OS doesn't understand BitLocker encryption at all , I would recommend decrypting the drive before install.