This step-by-step guide provides the instructions you need to use Windows® BitLocker™ Drive Encryption in a test environment. We recommend that you first use the steps provided in this guide in a test lab environment. Step-by-step guides are not necessarily meant to be used to deploy Windows Vista® operating system features without accompanying documentation (such as those listed in the section) and should be used with discretion as a stand-alone document.
What is BitLocker Drive Encryption?
BitLocker Drive Encryption is an integral new security feature in the Windows Vista operating system that provides considerable protection for the operating system on your computer and data stored on the operating system volume. BitLocker ensures that data stored on a computer running Windows Vista remains encrypted even if the computer is tampered with when the operating system is not running. This helps protect against "offline attacks," attacks made by disabling or circumventing the installed operating system, or made by physically removing the hard drive to attack the data separately.
BitLocker uses a Trusted Platform Module (TPM) to provide enhanced protection for your data and to assure early boot component integrity. This helps protect your data from theft or unauthorized viewing by encrypting the entire Windows volume.
BitLocker is designed to offer a seamless user experience. It is designed for systems that have a compatible TPM microchip and BIOS. A compatible TPM is defined as a version 1.2 TPM. A compatible BIOS must support the TPM and the Static Root of Trust Measurement as defined by the Trusted Computing Group. For more information about TPM specifications, visit the TPM Specifications section of the Trusted Computing Group's Web site
The TPM interacts with BitLocker to help provide seamless protection at system startup. This is transparent to the user, and the user logon experience is unchanged. However, if the TPM is missing or changed, or if the startup information has changed, BitLocker will enter recovery mode, and you will need a recovery password to regain access to the data.
Who should use BitLocker Drive Encryption?
This guide is intended for the following audiences:
IT planners and analysts who are evaluating the product
In this guide
The purpose of this guide is to help administrators become familiar with the BitLocker Drive Encryption feature of Windows Vista. The sections below provide basic information and procedures that administrators need to start configuring and deploying BitLocker within their networks.
Scenario 1 provides instructions for creating the two partitions required for BitLocker Drive Encryption. Scenario 2 explains how to encrypt a drive using BitLocker and a TPM. Scenario 3 describes using the BitLocker advanced startup options. Scenario 4 describes how to access encrypted data after lockdown, and how to test BitLocker by generating a lockdown. Scenario 5
Klik link om hele artikel te lezen