Encryption of External Drives (Windows Computers)
Applies To: WatchGuard Full Encryption
WatchGuard Full Encryption uses Microsoft BitLocker technology to encrypt and decrypt data stored on external drives. If not already installed, Full Encryption automatically installs BitLocker on supported drives and then manages the drives.
- Connect an External Drive
- Unencrypted Drives and Data Control Settings
- Use BitLocker to Decrypt an External Drive
Encryption is not available for external Mac drives.
Connect an External Drive
When using Full Encryption, a computer user can connect and disconnect an external drive at any time. When the user connects an unencrypted drive, a message shows that prompts them to use BitLocker to encrypt the drive. This message appears each time a user connects an unencrypted drive or when Full Encryption initiates on a device that contains unencrypted drives. The message shows for five minutes.
You can enable or disable the Prompt for Removable Storage Drive Encryption prompt from the management UI. For information about how to configure the Prompt for Removable Storage Drive Encryption prompt, go to Configure Encryption Settings.
When you encrypt external drives:
- Full Encryption encrypts only the used space of a drive.
- The same key encrypts all partitions on the external drive.
- The encryption process does not require the creation of a system partition.
- If you remove an external drive while encryption is in progress, the contents of the drive might be corrupted.
Unencrypted Drives and Data Control Settings
Unless configured otherwise, you can use an unencrypted drive. However, in Data Control settings, if you enable the Write to Removable Storage Drives option, and Full Encryption or BitLocker did not encrypt the drive, you cannot write to the drive.
If Data Control settings prevent the connection of external drives to the computer, the user does not receive an encryption message. If a third-party solution other than Full Encryption encrypted a removable drive, and the user connects the drive to the computer, no encryption message shows. In this scenario, Full Encryption does not manage recovery keys.
For more information on Data Control settings, go to Data Control Settings.
Use of BitLocker to Locally Decrypt an External Drive
When using BitLocker to manually decrypt a drive from the Control Panel in Microsoft Windows, if Full Encryption was used to encrypt the drive, changes made to local settings automatically revert to settings made in the Full Encryption management UI.