BitLocker & Application Compatibility
Recently I received an interesting question around BitLocker & Application Compatibility. In other words will an application, which works on a machine without BitLocker also work on a machine with BitLocker enabled? I believe it sounds as simple a question as important it is.
Quick answer is that the BitLocker Drivers are at a very low level in the software system stack; below the file system. So BitLocker is transparent to applications and it shouldn’t cause any incompatibility for most applications that runs in normal Windows environment.
However, considering how important could this topic could be in Enterprise situations I thought of going beyond what I know or expect and finding some real world data around it. I contacted several Enterprise & Medium businesses who had BitLocker deployed for some time and asked their experience. Here are some facts & findings:
· Will an application which works on a machine without BitLocker also work on a machine with BitLocker enabled?
For almost all case, yes. In this case, I could just say “Yes” but the reason I’m saying “almost all” is because I recommend that Enterprise Administrators evaluate which application interact with the disk via file system & which do not. For applications that do not use file system and interact directly with the raw data on disk, Application owners or IT administrators may want to perform a sanity check for those application with & without enabling BitLocker.
· Which applications are known to have incompatibilities due to BitLocker enablement?
In the study I performed, few back-up applications that operate the disk at sector level were heard to have compatibilities raised after enabling BitLocker. Similarly some system internal utilities that access the drive at the block level may have incompatibilities. Some disk partitioning tools trying to manipulate BitLocker encrypted partition may also have issues with partitions that are BitLocker encrypted – however such issues were found to be intuitive to detect & troubleshoot. I didn’t hear any desktop application that did not work with BitLocker.
· Did we find any evidence of application compatibility issues after enabling BitLocker?
For any desktop application, so far no application compatibility issues were found.
· On which Operating System BitLocker was enabled by these customers?
Windows Vista & Windows7.
· For how long those BitLocker deployments were in place?
From 2 to 3 years, including pilot & production deployments both.
Other things to know
Other than the application specific incompatibilities as you would expect, in some scenarios like patch update, OS upgrade or automated deployments you may need to suspend/pause (or in rare cases decrypt) BitLocker on one or more partitions. Best practices, scripts & other information on this topic is already covered in many of the BitLocker documents e.g. BitLocker FAQ.
Hope this helps! If you had a different experience, do post a comment here or send me a message.
-Tanu Mutreja
[This posting is provided "AS IS" with no warranties, and confers no rights.]
Comments
Anonymous
January 01, 2003
Hey Laura, OS upgrade & install require you to suspend / disable BitLocker before installing/upgrading. In your case since new OS is non-windows i.e. new OS doesn't understand BitLocker encryption at all , I would recommend decrypting the drive before install.Anonymous
January 01, 2003
The comment has been removedAnonymous
September 02, 2010
Hi Tanu! I was wondering what you were looking to do with the info we provided on our BitLocker deployment. It's nice to see that you are getting info out there on real world experiences so that folks who are proceeding with more trepidation will see it is OK to take the plunge and join in using BitLocker.Anonymous
May 18, 2011
I just attempted to install Windows Ubuntu. I believe the failed attempt to be due to bitlocker on my domain client Lenovo (T60p) running Windows 7, one partition, bitlocked. www.ubuntu.com/.../windows-installerAnonymous
March 08, 2016
Pingback from BitLocker & Application Compatibility | BitLocker??? Drive Encryption Team Blog