BitLocker To Go is a Windows technology that allows you to encrypt your USB drives so that if they are lost or stolen they can't be read. BitLocker To Go uses a password or SmartCard to secure the data and thus does not require any special hardware like Trusted Platform Module.
BitLocker To Go Demo 02:14
Requirements
Windows 7 Enterprise or Ultimate editions to create BitLocker To Go Drives
Windows 7 Enterprise or Ultimate editions can read and write to BitLocker to Go drives
Any Windows 7 Edition can read BitLocker To Go drives
Earlier editions of Windows like Windows XP can read BitLocker To Go files by using BitLocker To Go reader software. The BitLocker reader software needs to be used and this means the BitLocker To Go drive does not appear in Windows Explorer as a drive letter. The reader will automatically be placed on the USB drive when it is configure for BitLocker To Go.
Configuring BitLocker To Go
To configure a new BitLocker To Go drive, open the control panel, select system and security and then select BitLocker Drive Encryption. Under the BitLocker To Go section select the option turn on BitLocker.
Recovery Key
Each time you create a new BitLocker To Go drive Windows will create a recovery key. The recovery key can be saved to a USB drive or printed out. It is important to keep the recovery key in a save location. The recovery key will be needed if you forget the password to the BitLocker To Go drive, without the recovery key or the password you will not be able to access the data.
Group Policy
There are six group policy settings that apply to BitLocker To Go. These are found under.
Computer Configuration-Administrative Templates-Windows Components-BitLocker Drive Encryption-Removal Data Drives
1) Control use of BitLocker on removal drives\Determines if the user can configure BitLokcer To Go drives and also pause the encryption once it has started. This settings also determines if the user can removed BitLocker To Go from the USB drive once it has been configured.
2) Configure use of SmartCards on removal data drives\This allows you to require SmartCards when using BitLocker To Go.
3) Deny write access to removable drive not protected by BitLocker\This prevents USB drives being written to that are not protected by BitLocker. It also prevents USB drives being used that belong to anther organization.
4) Allow access to BitLocker protected removal data drive from earlier versions of Windows\This determines if the BitLocker To Go drives will be available in earlier editions of Windows. You can also configure this group policy setting to not include the reader software on the BitLocker To Go drive.
5) Configure use of password for removable drives\This setting determines how complex the password will be. You also have the option for Windows to contact a domain controller with the password to ensure that it meets the password complex password policy for that domain.
6) Choose how BitLocker-protected removable drives can be recovered\This allows you to configure the key lengths for recovery keys and if additional information will be saved with the recovery key that may help recover the BitLocker To Go drive at a later time.
See null or http://itfreetraining.com/ for are always free training videos. This is only one video from the many free courses available on YouTube.
24 Comments