Saturday, 5 February 2011

BitLocker Drive Encryption

BitLocker Drive Encryption is a technology designed to provide protection for entire disk drives. BitLocker to Go is a development on the same technology available with Windows 7 that enables encryption of USB flash drives. You can therefore protect drives in the event of theft and data on drives that might exist on decommissioned servers.

Protection using BitLocker can be enhanced with a TPM chip on the computers' motherboard. TPM (Trusted Platform Module 1.2). BitLocker uses it to seal the keys that are used to unlock the encrypted operating system drive. When you start your operating system, BitLocker requests the key from the TPM chip and then uses it to unlock the drive. If the drive is put in a different computer it will stay locked until it is manually unlocked using a recovery key. When using a BitLocker-encrypted drive, if you add new files to the drive, they are automatically encrypted.

If the machines do not have TPM, drives (fixed or removable) can be unlocked with a password or a smart card, or you can set the drive to automatically unlock when you log onto the computer.

To add BitLocker on Server 2008 R2 (REQUIRES TPM!)

  1. Open Server Manager.
  2. Right-click Features.
  3. Click Add Features.
  4. Select BitLocker Drive Encryption
  5. Restart your computer
  6. Close the Server Manager window
  7. Open Control Panel, System and Security and open BitLocker Drive Encryption
  8. Click Turn On BitLocker
BitLocker Drive Encryption is available on Windows 7 Enterprise and Ultimate editions. However, the USB and other portable drives encrypted with BitLocker to Go cannot be accessed directly in Windows Vista or Windows XP. Microsoft has released a special utility with the name BitLocker To Go Reader (bitlockertogo.exe), which is a program that works on computers running Windows Vista or Windows XP, allowing you to open and view the content of removable drives that have been protected (or encrypted) with BitLocker Drive Encryption in Windows 7. BitLocker To Go Reader allows people running Windows 7 to share their BitLocker-protected data on removable drives, such as USB flash drives or external hard drives, with anyone running Windows 7, Windows Vista, or Windows XP.Windows XP.This will only work however if the drives have been encrypted with a password.

Before you turn on BitLocker in control panel you should see the following:

After you click Turn on BitLocker the following window will appear:

Type in a complex password and confirm. The next window to appear will ask you how you want to save a recovery key in the event of forgetting the password (print or save to file). Choose one and on the next window start encrypting.

    No comments:

    Post a Comment