17

I have a USB drive encrypted with BitLocker Drive Encryption. Each time I insert the drive in my USB port it works as expected, requires me to enter the password.

Maybe I have the BitLocker Drive Encryption configured wrong or something not sure but, after inserting the USB drive and entering my password I can go to a completely different PC with a different network ID etc on the same network I'm able to see everything on my thumb drive. Not only can I see everything from other PCs I can write to it delete etc. I thought it would have required me to enter my password when I mapped to it from a different PC.

Can anyone explain why other PCs can map to my encrypted drive and have full access to everything?

smitelli
  • 2,035
  • 3
  • 15
  • 19
Rose
  • 405
  • 1
  • 4
  • 9
  • 5
    This is why is a domain network you DO NOT make users local administrator on all PC's. If you weren't a local administrator, then you wouldn't be able to access the automatic administrative share. – longneck Mar 10 '15 at 14:18

2 Answers2

58

You’re misunderstanding what BitLocker is supposed to protect against. The goal of BitLocker is to protect your data from cold boot attacks (as explained in a Technet blog entry).

When you unlock a volume protected by BitLocker, the system gains access to the keys necessary to decrypt the drive and behaves as if it was a regular drive.

That is necessary to make the system compatible with any and all applications (and drivers) without requiring them to know about BitLocker. (That’s why it’s called transparent disk encryption: applications and drivers don’t see it.)

This means you’re free to share the volume over the network and, if you carelessly apply no kind of ACL restriction on who can access the data, then everyone can access it freely.

Palec
  • 336
  • 2
  • 9
Stephane
  • 18,557
  • 3
  • 61
  • 70
22

Once you enter your password the drive behaves just like any other unencrypted drive, as the encryption becomes transparent to the OS.

If you share your drive and other users/computers have the required permissions to access it, they will be able to do so and won't even know the drive was encrypted.

Full disk encryption is designed to protect from offline attacks on the storage media itself, if it's stolen for example. It's not designed to protect against a machine accessing it once it got the password, at this point it's the machine's responsibility to restrict access to the drive based on its permissions and network share settings.