sunnyimran Posted February 25, 2016 Share Posted February 25, 2016 Hi, For some specific purpose, I have created a VHD, connected it as NTFS drive F:\ and Turned ON bit-locker on it. BitLocker is set to use password to unlock the F:\ Windows 7 Ultimate has two Admin accounts say admin-1 and admin-2. I want to keep this F:\ drive unlocked and accessible within admin-1 account only. When admin-1 logs-off or locks computer with WinKey+L the bitlocker F:\ drive must become in locked state. For any other user like admin-2, F:\ should be locked and must ask password for access. But when admin-1 re-logs-in or unlocks its computer, F:\must be accessible. I am aware bitlocker has nothing to do with user accounts and privileges. I tried the CMD batch file as: manage-bde -lock F:\ -forcedismountbat file works fine manually under admin priviliges and re-locks F:\ in any account. But I am looking same solution to happen at admin-1 log-off or computer lock. I got idea about creating a sched task to run the bat file above but I can't find any trigger to start that bat file at user log-off or computer lock. Please suggest how is it possible? Link to comment Share on other sites More sharing options...
jaclaz Posted February 25, 2016 Share Posted February 25, 2016 I am not sure to understand. Running a script at logoff is a "standard" feature, of Group Policy *like*:https://technet.microsoft.com/en-us/library/cc753404.aspxexample:http://www.nextofwindows.com/how-to-run-a-script-or-command-at-logoff-in-windows-7-8 As well the trigger "On workstation lock" should do as a Scheduled task:https://technet.microsoft.com/en-us/library/dd851678.aspx#BKMK_trighttps://technet.microsoft.com/en-us//library/cc748841.aspx You tried them and they don't work or you weren't able to find the above info? jaclaz Link to comment Share on other sites More sharing options...
sunnyimran Posted February 27, 2016 Author Share Posted February 27, 2016 OK, let me re-phrase the scenario Windows 7 x64, two admin accounts Admin-1, Admin-2, other Standard accounts. All I want is this: I need a VHD file Bitlock encrypted, mounted and accessible as F: --> Only in Admin-1 account.VHD file exists on D:\ If Admin-1 account logs in, VHD file should automatically mount as F: and should be unlocked and accessible.If any other account logs in (including Admin-2), VHD file should be locked and bitlocker asking for password. Password is known to Admin-1 only That's all I want. please suggest Link to comment Share on other sites More sharing options...
jaclaz Posted February 27, 2016 Share Posted February 27, 2016 I understand the scenario, but don't understand the actual question(s). In the OP you essentially stated that you had a working script and asked:1) How can I run this script at log-off event?2) How can I run this scriptat workstation lock event? Have you tested the suggestions?Do they work or not in your environment? Now you seemingly want another thing, to have at admin-1 log-in to have the bitlocker vhd automounted and accessible.Which script (manually run) do you have that allows that?I don't think it is possible at all:https://www.medo64.com/vhdattach/faq/ and it would gtreatly undermine the security of the system as - even if possible - you would need to store *somehow* and *somewhere* the bitlocker vhd password. jaclaz Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now