Since we have started to install the second generation Intel SSDs in our laptops, there has been a need to look at additional storage.
Since we keep an ISO copy of the various software products we work with on the laptop, which is BitLocker enabled, it is preferable that any external storage device being used to store the content also be encrypted.
Enter in BitLocker To Go which is a new feature with Windows 7 Ultimate and Enterprise.
We have a 500GB 2.5” external USB/eSATA drive that we will use for portable storage with the laptop. The drive in the enclosure is brand new:
Once we have partitioned the drive with an NTFS partition, we jumped into the BitLocker management page:
We clicked on the Turn On BitLocker link for the attached 500GB drive:
In this case we enabled the need to use a password every time the drive is attached to the host as well as any other systems the drive may be connected to.
We saved the recovery key to a USB flash drive. From there, we upload all of our keys to Vlad’s off-site storage facilities that we subscribe to as well as resell.
It is important to note that any content on the BitLocker enabled external storage will be read only when connected to any other machine but the original host.
After clicking next, there will be a final warning:
Here we are ten minutes later after clicking the Start Encrypting button:
Even with the eSATA connection being used to hook the drive up to our Tecra S10, the process was going to take a while. We had started it just before finishing up for the evening, so the whole encryption process took somewhere in the neighbourhood of 3-4 hours for 500GB.
We can now keep anything we need to on the external drive with no real worries about losing it or having it stolen.
When it comes time to plug the drive in, take note that there will be a UAC prompt and then:
Note the option to “Automatically unlock on this computer from now on” is not checked.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book