BitLocker & Application Compatibility

Recently I received an interesting question around BitLocker & Application Compatibility. In other words will an application, which works on a machine without BitLocker also work on a machine with BitLocker enabled? I believe it sounds as simple a question as important it is.

 

Quick answer is that the BitLocker Drivers are at a very low level in the software system stack; below the file system. So BitLocker is transparent to applications and it shouldn’t cause any incompatibility for most applications that runs in normal Windows environment.

However, considering how important could this topic could be in Enterprise situations I thought of going beyond what I know or expect and finding some real world data around it. I contacted several Enterprise & Medium businesses who had BitLocker deployed for some time and asked their experience. Here are some facts & findings:

· Will an application which works on a machine without BitLocker also work on a machine with BitLocker enabled?

For almost all case, yes. In this case, I could just say “Yes” but the reason I’m saying “almost all” is because I recommend that Enterprise Administrators evaluate which application interact with the disk via file system & which do not. For applications that do not use file system and interact directly with the raw data on disk, Application owners or IT administrators may want to perform a sanity check for those application with & without enabling BitLocker.

 

· Which applications are known to have incompatibilities due to BitLocker enablement?

In the study I performed, few back-up applications that operate the disk at sector level were heard to have compatibilities raised after enabling BitLocker. Similarly some system internal utilities that access the drive at the block level may have incompatibilities. Some disk partitioning tools trying to manipulate BitLocker encrypted partition may also have issues with partitions that are BitLocker encrypted – however such issues were found to be intuitive to detect & troubleshoot. I didn’t hear any desktop application that did not work with BitLocker.

 

· Did we find any evidence of application compatibility issues after enabling BitLocker?

For any desktop application, so far no application compatibility issues were found.

· On which Operating System BitLocker was enabled by these customers?

Windows Vista & Windows7.

· For how long those BitLocker deployments were in place?

From 2 to 3 years, including pilot & production deployments both.

 

Other things to know

Other than the application specific incompatibilities as you would expect, in some scenarios like patch update, OS upgrade or automated deployments you may need to suspend/pause (or in rare cases decrypt) BitLocker on one or more partitions. Best practices, scripts & other information on this topic is already covered in many of the BitLocker documents e.g. BitLocker FAQ.

Hope this helps! If you had a different experience, do post a comment here or send me a message.

-Tanu Mutreja

[This posting is provided "AS IS" with no warranties, and confers no rights.]