Make your system safer than the crown jewels.
Published
on 23 January 2007
For companies, data security is a big headache: a lost or stolen PC might contain sensitive information that, in the wrong hands, could be very damaging. BitLocker is designed to eliminate this threat, and you'll find it in the Enterprise and Ultimate editions of Windows Vista. So what is it, and how does it work?
The idea behind BitLocker is a simple one: it uses a technique called encryption to scramble the data on your hard disk, and once the data is encrypted it can't be accessed by other people – even if they use hacking tools or run a different operating system. You can still access your data, but other people can't.
BitLocker has been designed to work with PCs that include a TPM (Trusted Platform Module) chip, and if your PC has such hardware then you'll be able to log on normally when BitLocker is running. If you don't have a TPM chip you can still use BitLocker, but you'll need a USB flash drive. Your BitLocker password will be installed on this drive, and you'll need to insert the drive every time you boot your PC.
Although many firms now offer TPM-enabled hardware, such PCs are still relatively rare – so in this tutorial we'll show you how to use BitLocker with a USB flash drive. Before you start, make sure you're logged on as the system administrator.
Missing chip
Because we're not using a TPM-enabled PC, we need to make a few changes to Windows Vista before we can use BitLocker. Click on Start and in the search box, type gpedit.msc. Press Enter and then click Continue if the User Account Control dialog pops up.
Change the policy
Click on Local Computer Policy > Administrative Templates > Windows Components and double-click on BitLocker Drive Encryption.
Enable advanced options
Click on Control Panel Setup: Enable advanced startup options. This will display the advanced startup dialog box.
Enable the USB
Click on Enabled and make sure Allow BitLocker without a compatible TPM. This means you'll be able to use BitLocker with your USB flash drive. Click on OK.
Apply the changes
Click on the Start menu and then type gpupdate.exe in the Search box. Press Enter and wait for the "User Policy update has completed successfully" message. BitLocker is now ready to use.
Click on Start > Control Panel > Security > BitLocker Drive Encryption. You'll see that BitLocker is currently switched off; to turn it on, simply click on Turn On BitLocker.
The BitLocker preferences screen will now pop up. Put your USB drive into a spare port and then click on Require Startup USB key at every start-up.
BitLocker will now ask you to select the appropriate drive; on our PC, it's drive F. Click on Save.
You'll now be asked where BitLocker should save the recovery password – you'll need this if changes are ever made to the system start-up settings, or if the drive is moved to another computer. The more copies of the password you have, the better.
There's one final step, which is a system check that makes sure BitLocker can read your keys – if it can't, you could lock yourself out of your own system. Make sure Run BitLocker System Check is ticked and then click Continue. Your PC will now restart and check your USB key - if everything's OK you'll see the "remove storage media" message and Windows Vista will load normally.
Once you've logged in, click Start > Control Panel > Security > BitLocker Drive Encryption and you'll see that BitLocker is busily scrambling your data. From now on, you'll need to plug in your USB key every time you boot your PC. If you don't, you'll be locked out - so make sure you don't lose your flash drive!
Add to del.icio.us | 
Digg This Article | 
Add to StumbleUpon
