Bitlocker works well… ‘well-ish’ is probably better to say. Let just start with the issues.
- No TPM, NO C: Encryption period.
- With TPM, you need to reboot to enable TPM, then turn on Bitlocker for C: and the process will make a new 300mb partition on the drive and reboot again. Then it will encrypt your C: – which takes 1/2 hour or more depending on size of data.
- BitLocker To Go – (BTG) only supports FAT/FAT32 – not NTFS?
- Once a drive is unlocked (D: local drive or a BTLG drive) on a user session it stays unlocked unless you script it to lock or you logout/logon again.
- Unlocking the drive is via a password, but to lock it again requires Administrator access CMD prompt “manage-bde –lock d:”
So that said, it does work, it works well and even lets you share USB drives with WXP and Vista users with provided software that lets you ‘unlock’ the data on those platforms. Which is nice.
Got C: Encrypted then you can pause it for updates/upgrades (you don't need to decrypt it). Which is nice.
So here is my little thought flow chart on how it works.
Unlock as user with UAC
Relock running as Administrator !
No comments:
Post a Comment