One of the most significant security enhancements to Windows Vista was the addition of a technology called BitLocker Encryption. Unlike EFS, rather than simply encrypting a single file, BitLocker, combined with a Trusted Platform Module (TPM) chip on a PC’s motherboard, encrypts the entire hard disk or partition, thus making the system more secure. Since BitLocker encrypts the entire disk drive, the computer cannot be booted unless it can access the disk, and even removing the disk and placing it as a slave disk on a working computer cannot give you access to the disks’ contents.
BitLocker is supposed to help users and companies to protect their data, especially executives traveling around with key corporate data on their laptops. BitLocker integrates with a TPM 1.2 chip and uses a 128-bit or 256-bit AES encryption algorithm. You can optionally use BitLocker on non-TPM systems, but to do that you must supply a USB memory key or an alphanumeric password in order to access the system.
Note: BitLocker is only available on Windows Vista Enterprise and Ultimate editions.
If your computers’ motherboard is TPM complaint (meaning it has a TPM chip on the motherboard that is used hold encrypted keys), BitLocker will be enabled by default. If your motherboard is not TMP complaint then BitLocker will not be enabled by default, and you will need to enable it (that’s what this article all about).
With a TPM compliant motherboard your computer will do all the work for you. Without it, you will need an external USB key to store the encrypted keys on, and you will need to insert it into the USB port every time you boot your PC.
Go to Control Panel and click on the Bitlocker Icon. If you don’t see a BitLocker icon there’s a high probability that your computer does NOT has a TPM compliant motherboard.
If you do see a BitLocker icon, double-click on it to open it. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
If the TPM administration link appears in the left pane, your computer has the TPM security hardware. If this link is not present, you will need a removable USB memory device to turn on BitLocker and store the BitLocker startup key that you’ll need whenever you restart your computer.
Before you can turn on BitLocker Drive Encryption you need to make sure that your computer’s hard disk has the following:
To enable BitLocker without a TPM compliant motherboard please follow the proceeding steps:
You will need to use the BitLocker Drive Preparation Tool to prepare your disk drive for BitLocker. I will prepare a demo on this in later articles.
Got a question? Post it on our Windows Vista Forums!