This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 5%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
I am new to BitLocker. I am being asked to implement in a company with the following setup
Want to encrypt with BitLocker but Flash Drives and External Hard Drives can only be used on Company Computers
Seems like I could use a combination of SID Protector and Auto-Unlock or Password, but how do I enforce that Auto-Unlock or Password can only work on Company Computers?
Is there a more detailed implementation guide available on Auto-Unlock
@Abram Kaufman
Hi,
You could refer to the guide below:
https://4sysops.com/archives/unlock-bitlocker-encrypted-drives-with-auto-unlock-or-sid-protector/
Read the article about the requirements of SID protector:
https://www.experts-exchange.com/articles/25879/A-new-aspect-to-securing-USB-data-SID-protectors.html
Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
Hope above information can help you.
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thank you for the links. I already read these and neither answer my problem
We have computers on a Private Network, not connected to the Domain.
We have users using work computers at Home, that may or may not be connected to the Domain via VPN. Many of our tools do not require VPN so many users can work from home without connecting to the office. And in fact many of those users are engineers, they work in the office, transfer their designs to a USB drive, and then continue at home on a work computer.
I cannot let users enable Auto-Unlock on their own, cause then they could do it on any computer. So I think I need to disable Auto-Unlock by anyone other than an admin, but then how do we enable the computers to use USB
Thank you for your feedback.
I feel sorry that this question is hard to answer.
If we have any updates or any thoughts about this issue, we will keep you posted as soon as possible.
Your kind understanding is appreciated.
Understood. For better clarification this is what we want to do
I know how to support this with computers on the domain (directly and via VPN)
Not sure how to do this with computer NOT on the domain and/or internet.
Thanks
Hi,
I appreciate your patience.
To be honest, for your demand, open a support ticket with Microsoft should be a more effective way than ask in Q&A.
https://support.microsoft.com/en-gb/hub/4343728/support-for-business
I was doing some more reading and unless I am misunderstanding I think SID Protector AND Auto-Unlock would work, but I am still not sure on one thing
SID Protector - I can use this for all machines on the Domain
Auto-Unlock - I can use this for all machines on a private network
However, can the same USB Device support both SID Protector AND Auto-Unlock?
Scenario 1 - User A uses Flash Drive x on Computer 1 and Computer 4 to transfer files to/from. Computer 1 is on the domain. Computer 4 is not on the domain
Can we use SID Protector on Computer 1 and configure Computer 4 to use Auto-Unlock, both on Flash Drive x
Scenario 2 - Users A, B, C, D use Flash Drives x, y, z on Computers 1, 2, 3 and Computers 4, 5, 6. Computers 1, 2, 3 are on the domain, Computers 4, 5, 6 are not on the domain.
Can we use SID Protector on Computers 1, 2, 3 and configure Computers 4, 5, 6 to use Auto-Unlock, both on Flash Drives x, y, z