Home > BitLocker demystified: Keying up
Windows Vista security:
EMAIL THIS LICENSING & REPRINTS

BitLocker demystified: Keying up

11 Jan 2007 | SearchWindowsSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

This portion of the BitLocker guide deals with controlling BitLocker behaviors using key management. Channel professionals will learn what BitLocker can and can't do in this tip, from SearchWindowsSecurity.com.

In order for a system to use BitLocker, the two partitions described above have to be prepared before the initial installation. BitLocker itself is turned on (and the main drive encrypted) after Vista has been installed, and it can be managed remotely through WMI so that it can be administratively set up.

Therefore, if you plan to use BitLocker on multiple systems that are set up through cloning, you'll need to enable BitLocker after the cloning process so that each machine's key will be distinct and will be for that machine only. Microsoft has a quick walkthrough of the setup process for BitLocker for an individual machine; most of the partition preparation work could be done once for a machine image.

Note that once a set of keys is issued for a volume, the keys cannot be revoked or changed. The only way to do that is to shut off BitLocker and re-enable it. It is possible, however, to create a new PIN (not the recovery password) for a volume protected by TPM.

Right now, support for third-party multifactor authentication (i.e., smart cards or fingerprint readers) isn't actively available, but BitLocker was designed to allow the eventual inclusion of such trust mechanisms. A smart-card reader, for instance, could work at boot time as long as the device drivers are available to access the device (and at this point in Windows's evolution, it's a fairly trivial add-on).

You can use Group Policy to control BitLocker behaviors. For instance, you can back up BitLocker and TPM recovery data to Active Directory if needed, and many common BitLocker behaviors can be constrained if needed (such as issuing a new PIN).


BitLocker demystified: End-to-end encryption for Vista

  Introduction
  The basics
  Keying up
  Common misconceptions
  Competition

About the author
Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!

This tip originally appeared on SearchWindowsSecurity.com.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


HomeTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogsEvents
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2006 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts