This post will cover everything I have learned “Bitlocker To Go”. I personally love Bitlocker but I will also cover some of the things that may have upset at it as well. What is “Bitlocker to go”? Well Bitlocker is Microsoft’s disk encryption technology. Encrypting disks has become very important over the years because of the amount of digital theft going on.
** NOTE **
“Bitlocker to Go” only comes in Enterprise and Ultimate SKU’s of Windows 7.
** NOTE **
Please note that if you want to use “Bitlocker to Go” on a flash drive and you want to be able to read it on Windows XP or Vista Machines there is a couple of requirements.
You must have:
- The flash drive must be formatted with FAT or FAT32 AND
- Windows XP SP3 installed or
- Windows Vista Sp2 install
- If the Drive is formatted with NTFS you will not be able to read the drive on machines other then Windows 7 machines!!! This information is not all that readily available. I did happen to find an online Microsoft article that does tell you you need FAT in order to use “Bitlocker to go” on older Operating Systems.
A great post from Microsoft on Bitlocker – More info here on Bitlocker
Microsoft has made everything to do with Windows 7 much easier. They have taken the built in search capabilities and made them even better. Just incase you can’t find the Bitlocker control panel applet you can actually search for it very quickly.
Go to the “START ORB” – and type Bitlocker.
You don’t even have to type the whole word. As you can see I only typed “Bit” and you can see that it found the control panel applets and Bitlocker Drive Encryption is the first item! Nice!
Click on “Bitlocker Drive Encryption”. You will see a window that will tell you what is going on with Bitlocker on your machine.
From this screen you can Disable Bitlocker. If the drive was not Bitlocked then you could enable it from here. Another easy way of enabling Bitlocker on a drive is by opening up “Computer” in the START menu. Right clicking the drive and selecting “Turn on Bitlocker…” as seen in the screen shot.
If you “Turn on Bitlocker…” You will be walked through a Wizard that will ask you for a Password key that you will need to use in order to decrypt the disk. You will also be asked to save a certificate so that if you ever forgot the password you could decrypt the key and get the contents off the machine. Backup the key and put it in a safe place! Once you do that you will see a windows pop up telling you are encrypting the disk:
The time to Bitlock the drive will be different depending on the size of the drive. I’ve only done two drive but the times seem consistent per GB. For a 1GB Flash drive it took 8.5 minutes to fully encrypt the drive.
How Does Bitlocker to Go Work?
“Bitlocker To Go” works very similarly to TrueCrypt but it is done in such a way that is much less confusing in some ways. Unlike TrueCrypt you can deploy Bitlocker through group policy! There is nothing in the open source community that can even come close to doing this on such a grand scale with very little IT resources.
By opening a “Bitlocker To Go” drive on Windows XP you can gain some insight on how it works. Microsoft creates a single VERY large file that normally takes up most of the drive. In my case it was called “COV 0000. ER”. The rest of the files are made up of language locals (.mui), BitlockerToGo.exe (The reader program) and a autorun.inf file.
Here’s a screen shot of the files:
Besides the one really large file that contains all the data there is a total of 914 files on my drive with a total size of 5.4MB. The total overhead of the Bitlocker files seem to be very small.
When you insert a “Bitlocker To Go” flash drive into a machine you will be prompted to enter you password. Although I don’t recommend it you can also tell your machine to “Automatically unlock on this computer from now on”.
This does make using the “Bitlocker to Go” drive much easier but you are also more prone to forget the password. Also if you were to ever leave the machine unlocked or someone gained access to your machine they could then have access to the drive.
Screenshot of entering password on Windows 7:
After entering the password the drive “Just Works” like any other drive!
If you are on Windows XP or Vista how ever this will be your experience:
First enter your password:
Then “Drag and drop the files to your computer to view them”. You only have READ ONLY capabilities if you use anything else besides Windows 7.
External links you might find useful: