Protect Your Files in Windows 7 Using BitLocker To Go – Part 2
BitLocker To Go is the mobile version of BitLocker Drive Encryption that allows you to do essentially the same thing as BitLocker, but on mobile drives such as External Hard Drives, Flash Drives and Thumb Drives.
BitLocker To Go provides a powerful method of encrypting all of your mobile media and documents.
Using BitLocker To Go
Using BitLocker To Go is an extremely straightforward process, and provides powerful encryption in very little time. Just connect your mobile drive, type in your password, and enjoy.
Remember, while you must be on a premium version of Windows 7 (Ultimate of Enterprise) to encrypt BitLocker drives, you can use any version of Windows to unlock the drive, including older generations like Windows Vista and Windows XP.
When a mobile drive is encrypted with BitLocker To Go, it is accessible using a password chosen during setup. This works on all versions of Windows 7. On Windows Vista and XP, you can use the BitLocker To Go Viewer to unlock the drive and view files within.
Setting Up BitLocker To Go in Windows 7
Setting up BitLocker To Go is also a fairly simple process. Just connect your mobile drive, for example, a flash drive, right click, and choose Turn On BitLocker… — then follow the setup steps, choose your password, and encrypt the drive.
While encryption speed greatly depends on the speed of the drive, encryption should take about 30 seconds for a standard 2GB flash drive, depending on how much data is on the drive. You can also choose to automatically unlock the drive when logged into your Windows account.
An important step to remember when setting up your BitLocker To Go encryption is the Recovery Key. You will be prompted to save a recovery key on your hard drive. It is important not to forget this step.
If you ever forget your password, you can use this file to unlock your drive and gain access to your files again. You are offered the option of either saving this key, or printing it. I would recommend doing both just in case.
Configuring BitLocker To Go
While there isn’t much in the front end in terms of configuring BitLocker To Go, there are some great functions when editing Local Group Policies that can help enterprise management and security. Here is an overview of the settings which you can configure from within the Local Group Policy Editor.
First, navigate to the following from within the Local Group Policy Editor:
Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Removable Data Drives
- Control use of BitLocker on removable drives — Choose to allow users the ability to apply or suspend protection on BitLocker drives.
- Configure use of smart cards on removable data drives — Choose to make the use of smart cards a requirement.
- Deny write access to removable drives not protected by BitLocker — This is a great security measure. For example, if someone tried to copy over contents to their own personal unencrypted drive.
- Allow access to BitLocker-protected removable data drives from earlier versions of Windows.
- Configure use of passwords for removable data drives — this configuration is also very useful. You can add an extra layer of security by configuring the complexity and minimum password length for BitLocker To Go drives being set up.
- Choose how BitLocker-protected removable drives can be protected — This allows you to choose how a user will be allowed to recover locked drives if they forget their passwords. Disabling these may lock users out of their drives, but adds a powerful layer of security.
Turning Off BitLocker To Go
You can turn off or temporarily suspend BitLocker To Go as quickly as setting it up.
To temporarily suspend BitLocker To Go, visit your Control Panel, search for and go to the BitLocker Drive Encryption page and click Suspend protection and then choose Yes. Your drive will be temporarily open for all usage, unprotected until you follow the same steps to unsuspend it.
To turn off BitLocker To Go completely, visit the BitLocker Drive Encryption page in your Control Panel and choose Turn Off Bitlocker. You will be prompted to decrypt your drive, continue and your drive will be completely unencrypted and open. To secure your drive again, just track back and follow the steps outlined above.
The Downside of BitLocker To Go
The main problem with BitLocker To Go, is while it is a great encryption solution for Windows 7, older generations of Windows like Vista and XP can only view files using the BitLocker To Go Viewer, and cannot add or edit files on the encrypted drive. You must use the BitLocker To Go Viewer to copy files to your desktop before being allowed to edit them.
I don’t completely understand why BitLocker To Go, a native Microsoft program, does not work with older generations of Windows. Other solutions such as the encryption applications that come with some thumb drives work across all versions of Windows. I can only hope that in the future, Microsoft provides more support for older versions of Windows, especially in BitLocker To Go, considering thumb drives are made to be moved between many different computer systems.
I feel that this feature should have come standard with BitLocker To Go. While this is definitely a downside for standard use across multiple systems that include older generations of Windows, those who are using Windows 7 exclusively will find BitLocker To Go a valuable asset to their system and drives data security.
Is BitLocker To Go Right For You?
BitLocker To Go is an awesome choice for encrypting your mobile drives, but not in all circumstances. Its ease of use and powerful protection makes this a great choice for enterprise users running the Windows 7 operating system on all drives they plan to use the drive on.
However, for those who are looking to use their drive on computers with varying operating systems including older generations of Windows, BitLocker To Go may not be right for you.