You should make sure to save this recovery key somewhere safe that is not the PC in use. The aim of BitLocker is to protect computers and drives against data breaches and intrusions.
The main benefits are:. Not all computers or drives can use BitLocker. Windows currently supports the following operating systems:. As well as this, you need to be logged into the PC as an administrator, and you should have access to a printer so that you can print the recovery key.
To enable BitLocker, you start by heading to the start menu search box, and search for Manage BitLocker. You may find this under Device Encryption, or as its own setting in the control panel. First, Windows will check your system settings and configuration to make sure that you can use BitLocker. For example, if your TPM module is off, Windows will automatically turn this on for you. Before encryption begins, you will be asked to choose a password.
This will need to be used every time you access your PC or drive, even before the operating system starts up. You can choose to enter this manually, or via a USB drive. The options for Windows 10 are save the file to your Microsoft account, save to a flash drive, save to a local or cloud file, or print the recovery key manually. Choose as many as you want for your own peace of mind. Discussing the enterprise options would require at least two additional articles.
And I am not selling BitLocker. I wish I could. I would be a rich man then. How do you get access to the drive in the case of a failure or disk problem? It doesn't appear that this would be possible with BitLocker in use, correct? Joe, this is an interesting question. I will have a look at this problem and post something about it then. I seem to recall that one of the early issues with BitLocker was that you could encrypt only the C: drive.
Is that still the case in the Windows 7 version? In any case, glad to see you preaching the benefits of encryption. Too many organizations overlook this important security step. BitLocker data drive encryption was introduced with service pack 1 for Vista. I think the main problem with Vista's BitLocker was that drive preparation was rather complicated once the OS was installed. I think all these teething troubles have been overcome. If some employee cam get his hands on a disc in the raid set in your server room.
You have a whole other ballpark of security issues. Happy, you would be surprised how easy it is to get physical access to hard disks in most organizations. Small companies often don't have security guidelines and big companies have the problem that many people simply need access to the server room. And what about you? Can you be trusted? I don't beleive trueCrypt is approved. I guess if you are deeply paranoid and think the whole world is out to get you, as you seem to be from the tone of your article your points will make total sense.
However, using your "expert" knowledge to scare users into implementing your suggestions is not the best way to get people to heed your advice. Do you have any statistics on the likelyhood or risk of this kind of attack within any given business, I think not? How can you possibly make such strong assertions without this kind of data? The risk to Laptops and other mobile devices has been demonstrated and is clear, and your suggestion to encrypt removable H.
D's is a good one, that said you seem to be advocating living in a world where businesses do not trust there suppliers staff or customers. I don't know many people who would want to live in that world. Ultimately What I am saying is as an "expert" why don't you suggest a more balanced approach to security issues? I'm interested in knowing what you see as the issue and pitfalls of implementing Bitlocker in a very large 50KK client environment. It seems that Bitlocker can be a good fit into a small organization 50 users.
For large orgs it looks like a solid third party solution would be the way to go. Neil, I often used the "statistical argument" when it comes to security in the past. Sometimes this argument is valid, for example when it is revealed that the IE has a new vulnerability but nobody knows how many websites are already infected with an exploit.
However, in most cases the "statistical argument" is invalid when it comes security. Whenever you introduce a new line of defense in your network, you don't know about any statistical data that would justify the costs.
We live in a complex world and you can't have statistical evidence for everything. Thus sometimes you just have to trust your instincts and the more experience you have the better your instincts are.
My instincts tell me encrypting hard drives is a must nowadays. Maybe it is just because I already saw attacks that only worked because the hard drives were not encrypted. One thing is for sure. It is true, the whole world is out to get the PCs in your network. The number of computers in botnets is growing every day. And those networks with weak security are the first to be attacked. That belief is based on everything I've read about Bitlocker and from some initial testing of the feature.
As listed by MS, Bitlocker is only available in the Ultimate edition which for a large volume buy is the Enterprise edition. It is not available in the Pro edition. If you have info that proves that wrong, I would like to see it.
You did not reply with any list of items that would be seen as issues with regard to the implementing of Bitlocker or for that matter, Bitlocker ToGo.
I am really interested in seeing what you have to say. You said that BitLocker is for small organizations and I said that Microsoft thinks it is mostly for big organizations and this is why only the Enterprise and Ultimate edition support Bitlocker.
I've had bad experiences with third party encryption solutions. The point is that hard drive encryption is like the file system a part of the operating system. You can never be sure that a Windows update will break your third party encryption solution and shuts down your whole network. So I would buy a third party solution even if it has a few fancy additional features. BitLocker can be centrally managed through Group Policy and supports zero-sign on.
That is even better than single-sign on. So I still think the title of the article fits perfectly. My point was to elicit from you the bad with the good. You clearly have a fondness for the feature but along with that usually comes some detriments.
There have to be some "gotchas" with the feature and you have not enlightened us to them based on your experiences. This is a scope that many people simply cannot comprehend. From your point of view a large company is one with systems.
Multiply that by 10 and then you have a truly large organization. You should now "understand" the scale we are addressing. As you have yet to address the short comings of Bitlocker, here are some things that I'm seeing and maybe you can counter to give me some feedback.
This is a critical short coming for companies mandated to implement the Disabilities Act. This one thing is enough to stop Bitlocker from being implemented. There is a huge cost saving loss here. Once the computer account is deleted, all of the recovery data is lost. Microsoft clearly found this out with their own rollout and has yet to provide an offline solution. Such a solution required extra effort on the consumer side and is those a pitfall.
If a user wants to use the key device with Bitlocker Togo they are out-of-luck. On top of this, the USB device not being encrypted is readily accessible for copying which presents a security hole. In large organizations, policies are implemented to ensure that passwords and access methods are changed on a regular basis. Bitlocker does not provide any mechanism for this policy compliance.
Actually, there is a total lack of this methodology for the entire Bitlocker process especially for Bitlocker ToGo as to determining is files copied to a device have been encrypted. This to me makes Bitlocker look like an after though for inclusion with the OS. Another hole in the solution is that the recovery data can be displayed using this process. When installing the BitLocker optional component on a server you will also need to install the Enhanced Storage feature, which is used to support hardware encrypted drives.
Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. Note TPM 2. Is this page helpful? Yes No. Any additional feedback? Skip Submit. Submit and view feedback for This product This page. View all page feedback. This topic for the IT professional provides an overview of the ways that BitLocker Device Encryption can help protect data on devices running Windows.
BitLocker frequently asked questions FAQ. This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. Prepare your organization for BitLocker: Planning and policies. BitLocker basic deployment.
0コメント