Encrypting USB Drives in Windows 7 - BitLocker

BitLocker is an easy way to encrypt and password-protect sensitive data on your USB drive.

BitLocker is a full-disk encryption protection technology for removable storage devices. For example, it is compatible with all FAT (FAT32, exFAT, etc.) file systems in addition to NTFS, dramatically increasing its compatibility with existing devices. Enabling BitLocker is straightforward: Simply connect the removable storage device, open Computer, right-click the device, and choose "Turn on BitLocker" from the pop-up menu that appears.

The BitLocker Drive Encryption wizard will start up in a separate window. After a moment's pause, you'll be asked to choose between password- and smartcard-based locking. Most individuals will need to use a password, but many businesses are starting to use smartcards, which allow administrators to centrally manage BitLocker certificates in Active Directory. Smartcards provide two-factor authentication: In addition to the physical card requirement, the user will still need to type in a four-digit PIN.

In the next step of the wizard, you are asked how you would like to store your recovery key. This key will help you recover the contents of a protected drive should you forget your password, lose your smartcard, or suffer some similar problem. You have two choices: Save (to a text file) or Print. After that, you're prompted that the encryption is about to start.

Warning: Disk encryption is still an agonizingly slow process. It takes BitLocker over 20 minutes to encrypt a 2 GB USB memory stick device, for example (for larger storage devices, calculate accordingly). As suggested by the BitLocker Drive Encryption wizard, you can pause encryption if you need to remove the device for some reason. If you don't do so, you could damage or lose files stored on the device.

 Once the drive is encrypted, you'll notice a few changes. The icon for BitLocker-encrypted disks is different, for starters, and includes a padlock/key overlay when viewed with the other storage devices under Computer. When you remove and then insert a protected storage device, you will be prompted to provide a password to unlock the disk. Once you do so, the normal Auto Run dialog will appear and the device will work normally. 

With BitLocker installed on a storage device, you can configure it in various ways. If you right-click a protected device in Explorer, a new "Manage BitLocker" option appears in the pop-up menu, replacing "Turn on BitLocker." (You can also access this functionality from the BitLocker Drive Encryption control panel, of course.)

The resulting dialog provides a number of options, including ways to change and remove the device's password, remove a smart card (if one is configured), add a smart card, re-save or print the recovery key, and automatically unlock the drive on the current PC. The BitLocker Drive Encryption control panel provides one unique additional option: The ability to turn off BitLocker. This is the only place in Windows 7 from which you can remove BitLocker. Unfortunately, decrypting the drive can take just as long as the encryption process does. Warning: BitLocker-protected devices work identically on all Windows 7 systems. But on "downlevel" Windows XP and Vista PCs, Microsoft provides a BitLocker Reader application on the encrypted device, allowing users to access the stored files. There is one huge limitation to BitLocker Reader, however: It is read-only. So after you've provided the password to unlock the drive, you can view files and copy them to your PC hard drive. But you cannot save files back to the device.

To find BitLocker on CAE computers, click the windows button and search bitlocker as shown below.

bitlocker.png



Keywords:encrypt, USB drive, Windows 7, BitLocker   Doc ID:14062
Owner:Noel K.Group:Computer-Aided Engineering
Created:2010-05-25 19:00 CDTUpdated:2016-06-24 11:13 CDT
Sites:Computer-Aided Engineering
Feedback:  0   0