0
We have a user that needs a new laptop (OS is Win10 Pro) and the only one available in the remote office does not have a TPM. However, our new security protocols dictate that BitLocker must be used on all laptops.
I set the laptop up with a Sandisk single small form-factor USB flash drive to store the startup keys...but I need a backup in case that flash drive fails, or he takes it out (he's been instructed not to, but still) and loses it, etc. Obviously the laptop won't boot if this drive is lost, so basically I'm looking for a way to prevent the flash drive from being a SPoF.
Can I simply copy the flash drive?
KidACrimson
Posted 2017-11-07T16:07:42.257
Reputation: 285
Yes, Of course you can duplicate the disk. – Ramhound – 2017-11-07T17:06:20.790
Ok, thanks @Ramhound. When I look at in in Explorer I don't see anything, but I will check hidden files, or perhaps just image-copy solution... – KidACrimson – 2017-11-07T18:28:28.600
Apparently it's a .BEK file that I need to copy. That, plus matching the format (FAT32) and copied flash drives should work for the startup key, per: https://social.technet.microsoft.com/Forums/windows/en-US/64b9cc66-5fe4-446d-bc88-baae7b6a3a9a/bitlocker-usb-key-create-a-duplicate?forum=w7itprosecurity
– KidACrimson – 2017-11-07T18:45:32.507