Full Disk Drive Encryption RRS feed

  • General discussion

  • Hi

    I need to have encryption on my disk drive and have Windows Vista, is there a way to get this installed?  I know Bitlocker comes with Windows 7 and only if you have a specific version.  I am not too technical so would need basic instructions and guidance, appreciate any help

    Tuesday, March 1, 2011 7:36 PM

All replies

  • To enable BitLocker on a Windows Vista computer, the computer must meet the following
    ■ Unless you plan to rely solely on a USB startup key, the system must have a TPM v1.2
    (revision 85 or later), and it must be enabled. (TPM chips may be disabled by default
    and can be turned on using the computer’s BIOS.) The TPM provides system boot-process integrity measurement and reporting.
    ■ The system must have v1.21 (revision 0.24 or later) TCG-compliant (Trusted Computing Group) BIOS with support for TCG specified Static Root Trust Measurement
    (SRTM) to establish a chain of trust prior to starting Windows.
    ■ If you plan to use a USB startup key, the system BIOS must support the USB Mass Storage Device Class2, including both reading and writing small files on a USB flash drive in
    the pre-operating system environment.
    ■ The computer must have at least two volumes to operate, and they must be in place
    before Windows Vista is installed:
    ❑ The boot volume is the volume that contains the Windows operating system and
    its support files; it must be formatted with NTFS. Data on this volume is protected by BitLocker.
    You can have multiple instances of Windows Vista installed on a computer with a BitLockerencrypted volume, and they will all be able to access the volume if you enter the recovery password every time you need to access the volume from a different partition. You can also install earlier versions of Windows on volumes not encrypted with BitLocker. However, earlier versions of Windows will not be able to access the BitLocker-encrypted volume.
    How to Configure BitLocker Partitions
    BitLocker requires at least two partitions, both with NTFS enabled. Ideally, you should configure these partitions prior to deploying a Windows Vista computer. If you need to configure
    partitions for BitLocker after installing a Windows Vista Ultimate Edition computer, you can
    use the BitLocker Drive Preparation Tool.
    The BitLocker Drive Preparation Tool is only available as a Windows Ultimate Extra. Therefore, it cannot be used with a Windows Vista Enterprise Edition computer. To install the BitLocker Drive Preparation Tool, follow these steps:
    1. Click Start, click All Programs, and then click Windows Update.
    2. Click Check For Updates.
    3. Under There Are Windows Ultimate Extras Available For Download, click View Available Extras. If this link does not appear, the BitLocker Drive Preparation Tool might
    already be installed.
    4. On the Choose The Updates You Want To Install page, under Windows Ultimate Extras,
    select BitLocker And EFS Enhancements. Then, click Install.

    After installing the BitLocker Drive Preparation Tool, follow these steps to configure your
    computer’s partitions for BitLocker:
    1. Click Start, All Programs, Accessories, System Tools, BitLocker, and then click BitLocker
    Drive Preparation Tool.
    2. Click I Accept.
    3. On the Preparing Drive For BitLocker page, click Continue.
    4. The BitLocker Drive Preparation Tool shrinks your C: drive, and then creates a new S:
    partition, marks it active, and copies the necessary files to the new S: partition.
    5. Click Finish.
    6. Click Restart Now to restart your computer.
    Now the computer has a small boot partition—separate from the system partition—that meets
    the disk partitioning requirements for BitLocker.

    BitLocker can store decryption keys on a USB flash drive instead of using a built-in TPM module. This allows you to use BitLocker on computers that do not have the TPM hardware. Using
    BitLocker in this configuration can be risky, however, because if the user loses the USB flash

    drive, the encrypted volume will no longer be accessible and the computer will not be able to
    start without the recovery key. Windows Vista does not make this option available by default.
    To use BitLocker encryption on a computer without a compatible TPM, you will need to
    change a computer Group Policy setting by following these steps:
    1. Open the Group Policy editor by clicking Start, typing gpedit.msc and then pressing
    2. Navigate to Computer Configuration\Administrative Templates\Windows
    Components\BitLocker Drive Encryption.
    3. Enable the Control Panel Setup: Enable Advanced Startup Options setting. Then, select
    the Allow BitLocker Without A Compatible TPM check box.


    Tunde Abagun MCP,MCSA,MCTS,MCITP en p "for the love of Computers"
    Wednesday, March 2, 2011 6:01 AM