![]() New data written to the disk is still encrypted. Instead, suspension makes key used to decrypt the data available to everyone in the clear. Suspension of BitLocker does not mean that BitLocker decrypts data on the volume. To enforce BitLocker protection on this volume, add a key protector.Īccording to Microsoft's documentation about suspending BitLocker: ![]() "manage-bde -protectors -add -?" for information on adding more key protectors.īitLocker protection is suspended until key protectors are created for the NOTE: This command did not create any new key protectors. Assuming your volume is C:, run manage-bde -on C: from an elevated Command Prompt (no, this won't turn BitLocker on.it's already on): PS C:\> manage-bde -on c:īitLocker Drive Encryption: Configuration Tool version 4Ĭopyright (C) 2013 Microsoft Corporation. ![]() This means they can access your data too. The volume is indeed encrypted but BitLocker is "suspended." This means the Full Volume Encryption Key (FVEK) used to scramble the data is saved to disk in plaintext where anyone can access it. The volume is encrypted but the encryption key is saved "in the clear"
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |