For fun (and since I didnt want this stuff on my personal machines), I decided to buy a Raspberry Pi and use that as my rsync target with the bitlocker disk mounted using dislocker.
I think I start out trying to install a packaged version with apt-get, but had dependency problems (might have had something to do with trying to run under Ubuntu on Raspberry Pi) , so reverted to these instructions: http://blog.airbuscybersecurity.com/post/2016/01/Mounting-Bitlocker-Volumes-Under-Linux
On the server side, I ended up with two scripts:
vmdiskmount:
dislocker-fuse -V /dev/sda1 -u -- /mnt/dislocker
mount -t ntfs-3g -o loop /mnt/dislocker/dislocker-file /mnt/vmdisk
mount | grep vmdisk
vmdiskumount:
umount /mnt/vmdisk && umount /mnt/dislocker
mount | grep dislocker
I also setup usermapping to map between windows SIDs and my linux user/group. This goes in /mnt/vmdisk/.NTFS-3G/UserMapping:
# User mapping proposal :# -------------------- cut here -------------------1001::S-1-5-21-4271255075-229453548-3213529333-6405:1001:S-1-5-21-4271255075-229453548-3213529333-513::S-1-5-21-4271255075-229453548-3213529333-10000# -------------------- cut here -------------------On the client side, its just standard rsync commands to send the data. Again, corp security required more dancing - cygwin needed to run as admin, but you cant do that directly anymore, so you have to run a DOS window as admin and launch cygwin from there. Also, trying to rsync the c drive doesnt work well because only the trusted installer user has write privs, so rysnc gets locked out as soon as it syncs the root directory on c: (which is the first thing it does). Trick is to specify directories under c: as the rsync sources rather than the c drive itself.
