Thursday, 15 October 2009

Windows 7 – Enabling BitLocker To Go

Since we have started to install the second generation Intel SSDs in our laptops, there has been a need to look at additional storage.

Since we keep an ISO copy of the various software products we work with on the laptop, which is BitLocker enabled, it is preferable that any external storage device being used to store the content also be encrypted.

Enter in BitLocker To Go which is a new feature with Windows 7 Ultimate and Enterprise.

We have a 500GB 2.5” external USB/eSATA drive that we will use for portable storage with the laptop. The drive in the enclosure is brand new:

09-10-14 BitLocker To Go - 1 - New Drive

Once we have partitioned the drive with an NTFS partition, we jumped into the BitLocker management page:

09-10-14 BitLocker To Go - 4 - BitLocker Management

We clicked on the Turn On BitLocker link for the attached 500GB drive:

09-10-14 BitLocker To Go - 6 - Set Password to Unlock

In this case we enabled the need to use a password every time the drive is attached to the host as well as any other systems the drive may be connected to.

09-10-14 BitLocker To Go - 7 - Save Recovery Key

We saved the recovery key to a USB flash drive. From there, we upload all of our keys to Vlad’s off-site storage facilities that we subscribe to as well as resell.

It is important to note that any content on the BitLocker enabled external storage will be read only when connected to any other machine but the original host.

After clicking next, there will be a final warning:

09-10-14 BitLocker To Go - 9 - Are You Ready To Encrypt

Here we are ten minutes later after clicking the Start Encrypting button:

09-10-14 BitLocker To Go - 12 - Encrypting at 2250Hrs

Even with the eSATA connection being used to hook the drive up to our Tecra S10, the process was going to take a while. We had started it just before finishing up for the evening, so the whole encryption process took somewhere in the neighbourhood of 3-4 hours for 500GB.

We can now keep anything we need to on the external drive with no real worries about losing it or having it stolen.

When it comes time to plug the drive in, take note that there will be a UAC prompt and then:

09-10-14 BitLocker To Go - 14 - Post Plug In Ask

Note the option to “Automatically unlock on this computer from now on” is not checked.

Philip Elder
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

No comments: