Windows 7 is the next generation of operating system due from Microsoft and it is still set for a planned release for early 2010 which would be three years after the release of Windows Vista.
[NOTES FROM THE FIELD] – Microsoft has now released their Release Candidate for Windows 7; I wrote a brief article Windows 7 Release Candidate (Build 7100) – Early Details on this already and indications are that Microsoft will have Windows 7 available for the 2009 holiday shopping season. Stay tuned…
This article series is an overview of BitLocker and Encrypting File System (EFS) in Windows 7. My first article in this series covered a high level review of the Encrypting File System and in this article, I’ll review some of the information with respect to Bitlocker on Windows 7.
BitLocker Drive Encryption is available on some versions of Windows Vista, Windows Server 2008 R2 and in some editions of Windows 7.
Using BitLocker Drive Encryption is one of the best ways to protect portable systems such as laptops from loss of data and information when the laptops themselves are lost or stolen. Additionally, the use of BitLocker on desktop systems is also a good consideration when you consider how much information can be lost from recycled desktop systems that have not undergone a proper hard drive wipe routine before being sold off.
BitLocker leverages the Trusted Platform Module (TPM) version 1.2 hardware component installed in many of the newer laptop systems sold today. Additionally, many motherboard hardware vendors are now incorporating the Trusted Platform Module as part of their releases.
It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline.
[NOTES FROM THE FIELD] – BitLocker can still be used on some systems to encrypt the Windows operating system drive even when the Trusted Platform Module (TPM) version 1.2 is not present. In that situation the end user needs to insert a USB startup key to boot the computer or to bring a system out of hibernation.
Additionally, systems that do not have TPM available cannot leverage the pre-startup system integrity verification offered by BitLocker with a TPM.
There are system requirements in order to leverage BitLocker. The quick rundown on these requirements are:
BitLocker uses TPM to validate the integrity of a system by performing a check of the boot components and boot configuration data. This security measure is done to verify that the system is still in the checked state it is expected to be in.
If the system appears to have been changed in some manner BitLocker leaves the system locked before the operating system is loaded to prevent access to the information that is encrypted.
The potential changes could be anything from installed Trojans or root kits that have made their way onto an affected system to a malicious user attempting to boot to the computer or laptop from an alternate operating system with the intention of gaining unauthorized access to the data on the system.
According to the information supplied by Microsoft and other resources, there are a number of scenarios where the user or an administrator would need to recover the system / unlock a hard drive because the security has denied access; these include (but are not limited to):
There are a few situations where you might need to temporarily disable BitLocker Drive Encryption to perform changes or maintenance to a system. Doing this will allow you to incorporate the changes to the system as part of an authorized change and that would keep the system from going into a state at start up that might require it to be recovered.
Some examples of these scenarios where you may need to temporarily disable BitLocker:
That’s a wrap for my overview of of BitLocker for Windows 7 – I hope you found it a good investment of your time.
Next up, I’ll be reviewing some of the high level information on the BitLocker To Go functionality which extends BitLocker data protection to USB storage devices allowing them to be secured.
I am always looking forward to any feedback you have on this or any of the articles I have written so feel free to drop in some comments or contact me directly.
Additionally, I would welcome any suggestions topics of interest that you would like to see and based on demand and column space I’ll do what I can to deliver them to you.
Best of luck in your studies.