/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INIDA: Windows 7 builds upon the strong security lineage of Windows Vista and comes with some enhancements in its hard drive encryption scheme called BitLocker. One among them is BitLocker to go, which lets users encrypt their portable flash drives.
Windows 7: All you want to know
Setting up BitLocker To Go on a USB drive is very simple. All you need is to right click on the USB drive in 'My Computer' and select the 'Turn On BitLocker' command from the menu. This will prompt you to set up a a password that you will use to unlock the drive, or use the PIN of your smart card. This means, either you can use a simple password to encrypt your data or you can use your corporate smart card for decrypting your pen drive.
Jazz up your apps on Windows 7
After you set up a password or use a smart card, BitLocker To Go will prompt you to store a recovery key to unlock your drive in the event you forget the password or lose your smart card. As you store the recovery key, you'll be prompted to begin the encryption process. Press 'Start Encryption' and it will encrypt the drive. The amount of time that it will take to complete the process will depend on how large the drive is and also on the available processing power.
|
By right clicking on your USB drive and selecting 'Turn on BitLocker' command you can encrypt a removable drive. |
Once the USB drive is encrypted by BitLocker, you will see a lock icon on the drive when you put it to a Windows 7 machine. |
The enhancements
One very significant change in Windows 7 is changing of the default partitioning scheme of BitLocker. By default, BitLocker needs a separate 1.5 GB partition which it uses for booting the machine and is not encrypted. Installing BitLocker in Vista used to be very difficult without creating this partition. You had to either create that partition by using some utilities or reformat and reinstall the entire OS again. This was because Vista by default used to create just one partition for both installing the OS and booting the machine.
With Windows 7, this problem has been taken care of. Win 7 by default creates whatever partitions are required for BitLocker and you don't need to do any kind of modification on your partition to deploy it. The interface of BitLocker is also more simplified now. You just need to right click on your hard drive and select 'Turn On BitLocker', or use the BitLocker option through the control panel.
But like Windows Vista, if you don't have TPM, BitLocker by default will throw an error for encrypting your hard drive and will not continue. In case you are not familiar with, TPM stands for Trusted Platform Module. The benefit you get with TPM is that you don't have to store the public key anywhere else, like in a USB drive and connect it every time to access your data.
At the same time, it also ensures that no one can read the data in the disk unless it is accessed from the same machine, through the same OS and even from the same channel of the hardware connector connecting the disk with the motherboard.
|
if you don't have a TPM chip on your system, you can just select this checkbox in Group Policy Editor to enable BitLocker support with USB drives instead of TPM chips. |
Again like Windows Vista, you can bypass the use of TPM in Windows 7 by changing some settings in the group policy and enabling the use of a USB drive instead of a TPM chip. However, the interface and options in Windows 7 Group Policy editor for enabling non-TPM encryption has changed a bit. Here is how you do it.
First open up the Group Policy Editor by typing 'Edit Group Policy' in the 'Run' window. Go to Administrative Templates>Windows Components>BitLocker Drive Encryption> Operating System Drives. Double click on 'Required additional authentication at startup', and click on 'Enable' button in the new window. This will highlight some options. Select the checkbox which says 'Allow BitLocker without a compatible TPM' and then click on 'Apply' and close the Group Policy Editor. Now you will be able to turn on BitLocker even if you don't have a TPM chip on your machine.
Running this wizard is very simple. All you have to do is to go to BitLocker Drive Encryption option in the control panel and click on the option which says 'Turn On BitLocker' just next to your drive letter. This will fire up a wizard which will either detect a TPM chip or will ask you to put in a USB drive in the machine (only if you have allowed it in the Group Policy, as discussed above) which will be further used as a key for booting up your machine. Once it captures all the details, the wizard will reboot your machine to check if it can read the USB drive while booting or not. If it passes the test it will encrypt your hard drive.