Monday, May 28, 2012

Thinking of Bitlocker or Bitlocker To Go?

Bitlocker works well… ‘well-ish’ is probably better to say. Let just start with the issues.

  1. No TPM, NO C: Encryption period.
  2. With TPM, you need to reboot to enable TPM, then turn on Bitlocker for C: and the process will make a new 300mb partition on the drive and reboot again. Then it will encrypt your C: – which takes 1/2 hour or more depending on size of data.
  3. BitLocker To Go – (BTG) only supports FAT/FAT32 – not NTFS?
  4. Once a drive is unlocked (D: local drive or a BTLG drive) on a user session it stays unlocked unless you script it to lock or you logout/logon again.
  5. Unlocking the drive is via a password, but to lock it again requires Administrator access CMD prompt “manage-bde –lock d:”

So that said, it does work, it works well and even lets you share USB drives with WXP and Vista users with provided software that lets you ‘unlock’ the data on those platforms. Which is nice.

Got C: Encrypted then you can pause it for updates/upgrades (you don't need to decrypt it). Which is nice.

So here is my little thought flow chart on how it works.

Encrypting the PC w7

 

Unlock as user with UAC

image

Relock running as Administrator !

image

No comments:

Blog Archive