Microsoft Office Tutorials and References
In Depth Information
Using BitLocker Drive Encryption
Using BitLocker Drive Encryption
BitLocker Drive Encryption is another improved feature from Windows Vista that
allows you to encrypt an entire drive or partition. This drive-layer encryption
even encrypts the ilesystem and operating system files so everything is secure.
BitLocker Drive Encryption is the most secure Windows security option. This
feature is ideal for laptop owners who have sensitive data on their drives as well
as desktop users who can’t risk their information getting into the wrong hands.
BitLocker Drive Encryption works by encrypting the entire partition, including
the ilesystem, with a 256-bit encryption algorithm. Using a Trusted Platform
Module (TPM) chip, USB thumb drive, or a typed-in passkey, BitLocker
protects your encrypted partition. When you boot up your computer, BitLocker
starts to load from a small unencrypted partition, prompting you to insert your
USB key or passcode to begin booting Windows 8. If everything checks out,
BitLocker unseals the encrypted partition and starts running the normal boot
code. Failure to insert the USB key or correct passcode results in a failure and
even an inability to boot Windows.
Using BitLocker Drive Encryption in Windows Vista is very difficult. The user
needs to partition the drive in a specific format before Windows is even installed
to use the feature. Windows 8 integrated the Windows Vista drive preparation
tool so now you don’t need to reinstall Windows to enable BitLocker.
Hardware Requirements
For the most secure setup, BitLocker Drive Encryption requires either a TPM chip
version 1.2 or newer built into your computer. It is possible to set up BitLocker
Drive Encryption on a computer without using a TPM device or a USB drive,
but your only source of protection is a passcode and the physical USB drive.
Enabling BitLocker Drive Encryption
TIP If your computer does not have a compatible TPM chip, you can still use
BitLocker Drive Encryption with a USB storage device. However, Microsoft has
recently decided to hide this option from users. A local group policy change must
be made to turn this option back on. Open the Start screen, type gpedit.msc , and
hit Enter. When the Group Policy editor has loaded, navigate through Computer
Configuration, Administrative Templates, Windows Components, BitLocker
Drive Encryption, and Operating System Drives. Right-click Require Additional
Authentication At Startup and click Edit. Click the Enabled option and hit OK. You
can now use a USB storage device with BitLocker Drive Encryption again.
Search JabSto ::

Custom Search