BitLocker is a new volume encryption technology that allows you to encrypt entire disk volumes. With Vista SP1 and Windows Server 2008, you can encrypt both the boot volume (the one that contains the Windows system files) and data volumes. Vista prior to SP1 only allows you to encrypt the boot volume, but no other volumes.
BitLocker can be used with or without a Trusted Platform Module (TPM) and with or without a USB key. The TPM allows BitLocker to check the integrity of the startup components before booting into the operation system. If you use only the TPM, you can boot up normally without having to authenticate.
However, for a more secure startup routine, you can choose to enable USB key or PIN authentication during boot up. When you enable USB key or PIN authentication on boot up, the user must insert the USB key with his authentication key installed on it or enter a PIN configured during BitLocker setup. Without either of these, the machine won’t boot up. Of course, the best configuration is to use a TPM to confirm the integrity of the startup routine and then use a USB key or PIN for startup authentication.
Before you can get BitLocker up and running, you need to use Vista Enterprise or Ultimate Edition, or Windows Server 2008. The TPM is not a requirement, but without it you won’t have the startup integrity check. If you want to use a USB key, your BIOS must support booting from a USB device. If you just want to use a startup PIN, without USB or TPM, then you don’t need a TPM chip or a USB compliant BIOS.
However, in all cases, you need to configure your hard drives with at least two NTFS partitions. The first partition, which must be at least 1.5 GB is used for the unencrypted startup partition that contains the system files required to start the computer. The second partition is the boot partition, which contains the Windows system files.
What if you have a new Windows Vista computer and your drives haven’t been setup for you? Are you stuck? No. You can use the BitLocker Drive Preparation Tools. This tool will prepare the partitions for you so that you can get BitLocker up and running.
For more information, check out the BitLocker Drive Preparation Tool page at:
Thomas W Shinder, M.D.
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: [email protected]
MVP – Microsoft Firewalls (ISA)