ForensiT Homepage
Forum Home Forum Home > ForensiT Support > Domain Migration
  Active Topics Active Topics
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

Bitlocker?

 Post Reply Post Reply
Author
Message
  Topic Search Topic Search  Topic Options Topic Options
TMC185 View Drop Down
Newbie
Newbie


Joined: 20 Apr 2020
Online Status: Offline
Posts: 6
  Quote TMC185 Quote  Post ReplyReply Direct Link To This Post Topic: Bitlocker?
    Posted: 20 Apr 2020 at 10:20am
Hi,

I'm new here and before I dive into using the tool, I have a question on Bitlocker encrypted drives and GPO effects on the workstation.
1) Can the machine and/or user profile be migrated to a new domain with Bitlocker enabled on the OS drive?
2) Are there any GPO settings that should be disabled prior to doing a migration?

Thanks in advance!!


Tony
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Online Status: Online
Posts: 1372
  Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 20 Apr 2020 at 11:26am
Hi Tony,

BitLocker works at a file system level and is transparent to user-mode applications like User Profile Wizard, so the migration has no effect. However, if you are migrating from an existing domain, and you have BitLocker recovery keys backed up in Active Directory, you will need an alternative backup.

If you have a Group Policy in the old domain that sets the DNS suffix, we advise you to disable it before running the migration. Remember too that User Profile Wizard migrates redirected folder settings unchanged, so if you have a Group Policy setting folder redirection, you will need to address that.
Back to Top
TMC185 View Drop Down
Newbie
Newbie


Joined: 20 Apr 2020
Online Status: Offline
Posts: 6
  Quote TMC185 Quote  Post ReplyReply Direct Link To This Post Posted: 20 Apr 2020 at 12:49pm
Hi,

Thanks for the reply.

So would it help if I suspend Bitlocker prior to the migration, then once the migration is complete and the machine rebooted, wouldn't Bitlocker write the key to the new domain?
If that's so, is there a way in the wizard to suspend Bitlocker?

As for the GPO, our domains are already trusted and a GPO is set to have both domains in the DNS suffix so  we should be OK there, correct?

Thanks!


Tony
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Online Status: Online
Posts: 1372
  Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 21 Apr 2020 at 7:55am
Suspending Bitlocker won't make any difference to the migration; I don't know if the key is written to the the new domain when it is resumed.

As there is no requirement to to suspend Bitlocker, there is no option in User Profile Wizard to do this, although you could run a PowerShell script.
Back to Top
TMC185 View Drop Down
Newbie
Newbie


Joined: 20 Apr 2020
Online Status: Offline
Posts: 6
  Quote TMC185 Quote  Post ReplyReply Direct Link To This Post Posted: 21 Apr 2020 at 8:08am
Hi again,

Thank you for your assistance. I'll give it a go!


Tony
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.000 seconds.