After my experience with TrueCrypt and reinstalling Windows (Link). I was wondering how the Microsoft encryption works. I’m running Windows 7 Ultimate and within this version (and Enterprise) BitLocker is available. The net steps show howto encrypt the boot/system partition.
I started BitLocker Drive Encryption.
On the left bottom there is a link for TPM Administration. Because my laptop has a TPM chip. I want to use it. TPM holds my certifications for the Encryption.
Choose: Initialize TPM.
Click: Restart.
The BIOS of the computer will ask for permissions. Give it . After login into Windows. The following screen will popup.
Choose: Manually create the password.
Give a TPM Owner Password.
Click on: Save the Password. Save it on a USB stick.
When ready, click on: Initialize.
When ready, Close.
We can use the TPM chip with BitLocker.
Start BitLocker again.
Click on: Turn On BitLocker.
Click: Save the recovery key to a USB flash drive.
When ready, click Next.
Select: Run BitLocker system check. Just to be sure everything is working
When you are ready to encrypt. Click on: Start Encrypting.
And then, we wait…
Now the harddisk/partition is encrypted. But no password is asked when booting the pc. This is because the certificates are stored on the TPM chip. Windows is owner of this chip, so only your Windows can unlock the partition/harddisk. That’s why Windows 7 comes with a 100MB hidden boot partition. This unencrypted partition is needed for booting the encrypted system. The following steps shows how to enable a PIN or password for booting Windows. Just to have that hand’s on experience of safety
First open: GPEDIT.MSC
Navigate to: Computer Configuration –> Administrative Templates –> Windows Components –> BitLocker Drive Encryption –> Operation System Drives. Open: Require additional authentication at startup.
Select: Enabled
Deselect: Allow BitLocker without a compatible TPM
Configure TPM startup PIN: Require startup PIN with TPM
Click on: OK
!!Tip!! If you want to use characters in your PIN, enable the: Allow enhanced PINs for startup policy.
Experienced Consultant/Architect with a demonstrated history of working in the information technology and services industry. Skilled in Citrix, Microsoft, VMware, Ivanti, etc.
Perform the following steps to get a random background picture on the StoreFront and NetScaler logon page. For a demo visit https://portal.tyl.nl and refresh the page a couple of times. StoreFront: First we start by Read more…
Oke here’s my problem. When I’m writing installation documents I’m always adding screenshots. This screenshots are taken by Screenhunter or Snagit and then pasted into my word document. In the word document I have a Read more…
0 Comments