As the world becomes overrun by USB keys and more and more people leave their data behind in black cabs, we need ways to protect this data. Windows Vista introduced BitLocker drive encryption and with Windows 7, we’ve got BitLocker to Go, the ability to take drive encryption and encrypt our portable/USB devices. Here’s how it works – and a few things to look out for along the way (if you’re comfortable as to how to encrypt devices with BitLocker to go, you can continue to the “what to look out for” area further down in the document)
- Insert your USB key and let it be recognised by Windows.
- Open explorer (either by going Start –> Computer or by pressing the windows key and E)
- Right click on the drive you’d like to encrypt and choose Turn on BitLocker…
- Choose how you’d like the drive encrypted:
- Save the recovery key somewhere other than the USB drive
- Begin the encryption process
- Sit back and wait patiently as it encrypts the drive
- When it’s all encrypted, you’ll now see a logo that shows it’s encrypted:
Q. Can I use BitLocker To Go to encrypt USB keys on all versions of Windows 7?
A. No, the full functionality of BitLocker To Go is only part of the Enterprise and Ultimate SKU’s. You can read BitLocker To Go encrypted drives on Windows 7 Home Basic, Home Premium and Professional, but you cannot write to them.
Q. Once I’ve set up BitLocker To Go on a device, can I disable it?
A. Yes you can. Click on Start and type “BitLocker Drive Encryption”. Inside this control panel applet you can remove drive encryption.
Q. Can BitLocker To Go enabled devices be read on Windows XP and Vista (automatically)?
A. They can, but ONLY if the drive is formatted as FAT. If it isn’t formatted FAT, the utility that allows the removable storage to be read will not be seen.
Q. Can I write to my BitLocker to Go enabled device on Windows XP and Vista?
A. No, you’re device, provided you can gain access to it, is Read-Only on XP and Vista.
Q. Can I download a utility in lieu of using the BitLocker to Go partition (again, provided my data is FAT)?
A. Yes, there is a utility you can download which will enable the partition to be read – again – providing it is formatted FAT:
Q. Windows 7 and Server 2008 R2 use the same codebase so can I use a BitLocker To Go encrypted device on Server 2008 R2?
A. Yes, you can, however, you MUST first install the BitLocker feature on Server 2008 R2 you’re wishing to read the BitLocker To Go encrypted device on
If you’re aware of any other “gotcha’s” with BitLocker To Go that aren’t listed above, please let me know and I’ll be happy to add them.
Thanks to @xpworld for his inclusion on versions.