Skip to main content

BitLocker Hard Drive Encryption

Connector name

agtbitlocker

Connector type

Executable

Type (UI field value)

Bitlocker Hard drive Encryption

Connector status / support

Customer-Verified

Clients may contact Bravura Security support for assistance with this connector. Troubleshooting and testing must be completed in the client's test environment as Bravura Security does not maintain internal test environments for the associated target system.

Installation / setup

Bravura Security Fabric can also list users and retrieve Bitlocker discovery keys managed by Microsoft BitLocker Administration and Monitoring by using the agtmbam connector .The primary difference between agtbitlocker and agtmbam is the setup used for storing recovery keys (Active Directory or the MBAM database). Both connectors offer similar functionality, except that agtmbam accounts are Active Directory accounts so associate simply, while agtbitlocker requires a setup to associate machine IDs with profiles.

The following Bravura Security Fabric operations are supported by this connector (depending on your product license and version):

  • Challenge-response - generate an unlock code to recover control of a machine after reboot

  • List:

    • accounts

For a full list and explanation of each connector operation, see connector operations.

Note that for BitLocker:

  • Encryption keys, passwords and unlock codes are associated with machines, not users. The association between users and machines must be acquired out of band – for example using a network login script.

  • The above data is stored in Active Directory – there is no key recovery server.

  • Response codes remain valid until they are administratively changed.

Notes on challenge-response operation

For the challenge response operation, the challenge input field is used to identify which computer the user is trying to retrieve a recovery key for. Users enter the on screen code from their Bitlocker-encrypted machine into Bravura Security Fabric 's Unlock encrypted systems/accounts module, which returns the code they enter to unlock the machine.

The process for agtbitlocker is:

  1. End user accesses Bravura Pass and choose Unlock encrypted systems/accounts then chooses Bitlocker.

  2. The "Recovery Key ID" must be obtained from the affected device from the Bitlocker Recovery screen.

  3. That "Recovery Key ID" is provided as input to the Unlock encrypted systems/accounts module in Bravura Pass as the challenge code.

  4. The agtbitlocker connector gets the "Recovery Key" from the Bitlocker target system then returns it to the user.

See Self Service Anywhere: Encrypted systems accounts for more information.

In this section: