BitLocker Drive Encryption NOT secure from drive mapping on network

You’re misunderstanding what BitLocker is supposed to protect against. The goal of BitLocker is to protect your data from cold boot attacks (as explained in a Technet blog entry).

When you unlock a volume protected by BitLocker, the system gains access to the keys necessary to decrypt the drive and behaves as if it was a regular drive.

That is necessary to make the system compatible with any and all applications (and drivers) without requiring them to know about BitLocker. (That’s why it’s called transparent disk encryption: applications and drivers don’t see it.)

This means you’re free to share the volume over the network and, if you carelessly apply no kind of ACL restriction on who can access the data, then everyone can access it freely.


Once you enter your password the drive behaves just like any other unencrypted drive, as the encryption becomes transparent to the OS.

If you share your drive and other users/computers have the required permissions to access it, they will be able to do so and won't even know the drive was encrypted.

Full disk encryption is designed to protect from offline attacks on the storage media itself, if it's stolen for example. It's not designed to protect against a machine accessing it once it got the password, at this point it's the machine's responsibility to restrict access to the drive based on its permissions and network share settings.