BitLocker, VHDs, and the Cloud

BitLocker, VHDs, and the Cloud

Virtual hard disks (in VHD or VHDX format) aren’t just for virtual machines. You may have noticed that in Windows 8.1 and some earlier Microsoft OS you can create a virtual hard disk either using the Disk Management node of the Computer Management Console or by using PowerShell.

In Windows 8.1 you can mount a virtual hard disk by double clicking on it. You can dismount it by right clicking on the disk and clicking eject. You can do the same thing with an appropriate PowerShell command.

At this point you’re probably thinking “sure Orin, that’s cool, but why would I want to do any of this”.

Well another cool thing that you can do with mounted VHDs is encrypt them with BitLocker-to-Go. I hadn’t thought about this much until TrueCrypt was discontinued by the developers. If you weren’t aware of TrueCrypt, it was an application that allowed you to create a hidden encrypted volume on which you could store stuff on. One of the parting messages from the TrueCrypt developers was that BitLocker had pretty much reached the stage where it could do what TrueCrypt did and so there wasn’t as much need for TrueCrypt. Here’s a story reporting on that suggestion.

I was thinking about all this because I wanted to back up some sensitive information. I wanted to store it on a USB drive, but also thought that OneDrive or DropBox might be a good place to put it. My concern with any location such as using the cloud was “what happens if my account gets compromised”. That’s one of the big drawbacks of storing stuff in the cloud – you have to assume that someone determined might get access to your stuff.

The nice things about virtual hard disks is that you can make them whatever size suits you.  So I made some small test virtual hard disks, mounted, initialized and formatted them. Copied across some files, and then used the BitLocker control panel to encrypt them. I then ejected them and placed them into OneDrive.

On another computer running Windows 10 I was able to take the VHD out of OneDrive, mount it and then unlock it using the BitLocker control panel, and access the files.

In the old days I used to play around with EFS encrypted folders. Given that EFS is being deprecated, using BitLocker with small virtual hard disk volumes provides another method of keeping sensitive data encrypted. It’s probably not all that practical, but it does give you another option of encrypting and then accessing your data without jumping through all the crazy hoops that one usually needs to jump through when performing that kind of task.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.