BitLocker is an operating system-level extension to Vista and Windows 7 that combines on-disk encryption and special key management techniques. The data and the operating system installation are both protected by two-factor authentication, specifically, a hardware key used in conjunction with a long passphrase.
Windows 7 ultimate includes BitLocker To Go, which takes the capability of BitLocker that performs bit-level full volume encryption and extends its use to removable storage devices such as USB keys, meaning if we lose our USB thumb drive, our data is safe
REQUIREMENTS:
- BitLocker is only available in the Windows 7 Ultimate and
- A USB flash drive. BitLocker will store its key on the flash drive to use to unlock the Windows 7 drive at startup.
- Have at least two partitions. One partition must include the drive Windows 7 is installed on and must be at least 400 MB. This is the drive that BitLocker will encrypt. The other partition is the active partition, which must remain unencrypted so that the computer can be started. If you have the 100 MB System Reserved partition that Windows 7 creates during installation on a blank drive or partition, then BitLocker will store the key on it instead. If your computer does not have two partitions, BitLocker will create them for you.
- Windows 7 and USB flash drive formatted with the NTFS file system.
- A BIOS that supports USB devices during computer startup.
- System supports TPM ( Trusted platform module)
[NOTES FROM THE FIELD] – BitLocker can still be used on some systems to encrypt the Windows operating system drive even when the Trusted Platform Module (TPM) version 1.2 is not present. In that situation the end user needs to insert a USB startup key to boot the computer or to bring a system out of hibernation.
How to Setup Bitlocker on Windows 7:
1. Decide if you want 128-bit or 256-bit encryption. NOTE: By default, Windows 7 will use AES encryption with 128-bit encryption keys and Diffuser unless changed already by you previously. 2. Plug in the USB flash drive. NOTE: You will still be able to use the USB flash drive as normal. Just do not remove the BitLocker startup key file (step 7) that is used to unlock your Windows 7 at startup. 3. Open the Start menu and click on the Computer button, then right click on the Windows 7 or other operating system drive or partition letter and click on Turn on BitLocker.
A) Go to step 5.
A) Go to step 5.
OR
4. Open the control Panel, and click on the BitLocker Drive Encryption icon.
4. Open the control Panel, and click on the BitLocker Drive Encryption icon.
A) Click on Turn On BitLocker for the Windows 7 or other operating system drive or partition letter.
5. Select the Require a Startup key at every startup option.
6. Select the USB flash drive and click on the Save button.
7. Select the Save the recovery key to a USB flash drive option. NOTE: It is highly recommended that you do the other two options as well and save this key file somewhere safe. You will need the recovery key number to gain access to the encrypted Windows 7 or other operating system drive if you should lose or damage the USB flash drive with the startup key, or if BitLocker locks the drive.
A) Select the USB flash drive and click on the Save button.
B) When finished, click on the Next button.
8. Check the Run BitLocker system check box, then click on the Continue button.
9. Click on the Restart Now button. WARNING: This will restart your computer immediately. Close and save anything that you are working on first.
10. When the computer restarts, BitLocker will start encrypting the Windows 7 drive. Click on the BitLocker icon in the taskbar notification area (far right) to see the encryption status. NOTE: This may take a while to finish.
11. When BitLocker is finished, click on the Close button.
12. You will now have a Manage BitLocker option in the Control Panel and Computer for the encrypted drive. (See screenshots below)
13. If you click on Manage BitLocker, these will be the options that you will have below.
14. You're done. The Windows 7 or other operating system drive or partition is now encrypted with BitLocker Drive Encryption. You will now be required to plug in the USB flash drive that contains the startup key in order to unlock and startup Wnidows 7 or the other operating system.
Option Two
Turn Off BitLocker to Decrypt Windows 7 Drive
1. Open the control panel, and click on the BitLocker Drive Encryption icon. 2. Click on Turn Off BitLocker for the Windows 7 or other operating system drive or partition letter that you want to turn off BitLocker with.
3. Click on the Decrypt Drive
4. BitLocker will now start decrypting the drive. Click on the BitLocker icon in the taskbar notification area (far right) to see the encryption status. NOTE: This may take a while to finish.
5. When finished, click on the Close button.
6. The Control Panel and Computer will now have the Turn On BitLocker option again.
7. If you would like to restore the default Group Policy setting to have BitLocker use a TPM instead of a USB flash drive, then do METHOD ONE (step 5) or METHOD TWO (step 2) in the PREPARATION section at the top of the tutorial. 8. You're done. The Windows 7 drive or other operating system drive or partition is now decrypted.
0 comments:
Post a Comment