Windows 7: Bitlocker-To-Go

I have a USB to IDE bridge that has 80GB of very useful space and a thumb drive for presentation backups etc. But all of these contains very sensitive information. Or you just want to hide some thing from someone in your drive? Since I’m already running a Windows 2008 R2, I’ll try now to use my bitlocker-to-go 😀

So what really is Bitlocker-To-Go? In my nutshell, its a drive encryption tool built-in for Windows 7. It secures your removable devices so that in an event of a security compromise such as say leaving it on an event, your sensitive information is safe and you don’t have to be fired because you left vital company information in it :D.

I’m using a Windows Server 2008 R2, and we need to install the BitLocker Feature from server manager.

 

In order to use Bitlocker, you have to enable it thru Group Policy, it can be configured both for local and domain group policy.

I’ll be doing a local policy, if you know how to do Domain Group Policy, you can implement this enterprise wide. In local policy, you have to launch the local group policy editor: gpedit.msc

 

In the Local Group Policy Editor, navigate to the Computer Configuration, expand Administrative Templates, Windows Components and Bitlocker Drive Encryption. I’m going to implement this on my removable data drives so I click the node and see the contents.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

First we must enable the Bitlocker on removable drives. Right click and select edit from the context menu.

Its also a good thing to enable the “Allow access to BitLocker-protected removable data drives from earlier versions of Windows” so that you can use this even with Vista or even XP.

 

 

 

 

 

 

Lets step up a notch, lets also configure the password complexity.

 

 

 

 

 

 

After applying the Group Policies, insert your USB Drive and this wizard will appear.

Yes we want to encrypt the drive!

 

 

 

 

Since were only encrypting a thumb drive, yes its safe to do this.

 

 

 

 

 

 

After clicking yes, the wizard continues. wait to finish.

 

 

 

 

 

 

 

 

 

 

 

Remember the policy on password above that we configured?

Use a complex password, the longer the better.

 

 

 

 

 

 

 

You can save a recovery key to a file, just incase you forget your password because hey, we all have fat fingers and we all forget passwords.

 

 

 

 

 

 

 

 

 

 

 

Start encrypting!

 

 

 

 

 

 

 

 

 

It takes about a few minutes depending on the size of your disk. Do the math, I have 1GB, finished the wizard in 15mins.

 

 

 

 

 

 

There! So we should remove the disk and attach it again to check if its already password protected and encrypted.

 

 

 

There! A password protected, encrypted thumb drive even without third party tools. I love Windows 7 😀

 

 

 

Lets test it on a Vista Machine:

 

Unfortunately our domain does not allow auto run 😀 so we have to run the BitlockerToGo.exe to access our file

 

 

 


As expected, we are asked for our password

 

 

 

 

 

 

And for Vista machines, here is our BitLocker To Go Reader!

Advertisements

Published by

johndelizo

John is currently creating digital assets that protects people and their future, a technical trainer and a full time geek specializing on development and deployment of innovations created with .NET framework on Windows platform as well as Windows infrastructure projects. He is the primary contact of the Philippine Windows Users Group, a contributor at the Microsoft Philippines Community forums and regularly conducts community sessions as well as other Microsoft technology events. John owns the Busy Saving The World Techblog.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s