Hardware

Secure your USB drives with BitLocker To Go for Windows 7

Greg Shultz explores the Windows 7 version of BitLocker To Go and shows you how it works on a USB thumb flash drive.

This blog post was originally published in May 2009. Greg Shultz thought we should revisit the topic because encryption is generally underutilized.

When Microsoft introduced Windows Vista, one of the big security features in that operating system was BitLocker, a hard drive encryption scheme designed to protect sensitive data from being accessed on lost or stolen computers — mainly laptops.

With the huge increase in the use of very small, large capacity, USB drives, the potential for sensitive data to be lost or stolen has really become more of a problem because it is much easier to lose or steal a device no bigger than a package of chewing gum. To protect sensitive data stored on USB drives, Microsoft Windows 7 features the encryption scheme called BitLocker To Go.

In this edition of the Windows Vista and Windows 7 Report, I'll introduce you to BitLocker To Go and show you how it works on a 1GB USB thumb drive.

This blog post is also available in PDF format as a free TechRepublic download and as a TechRepublic Photo Gallery.

How it works

Basically, BitLocker To Go allows you to encrypt a USB drive and restrict access with a password. Without the password, the USB drive is worthless. When you connect the USB drive to a Windows 7 computer, you are prompted for the password, and upon entering it you can read and write to the drive as you normally would.

During the encryption process, Windows 7 installs a special reader on the USB drive. When you connect the USB drive to a computer running XP or Vista, the BitLocker To Go Reader takes control, prompts for the password, and then basically makes the USB drive a read-only device.

BitLocker To Go can be used by both home and business users. In a Domain system, IT administrators can configure a policy that requires users to apply BitLocker protection to removable drives before being able to write to them. Furthermore, the policy can specify password length as well as complexity.

For a comparison, check out "Product Spotlight: IronKey Encrypted Flash Drive."

Setting up a USB drive

Setting up BitLocker To Go on a USB drive is a simple procedure. Once you insert a USB drive, right-click on it and select the Turn on BitLocker command from the menu, as shown in Figure A.

Figure A

When you right-click on a USB drive in Windows 7, you'll see the Turn on BitLocker command.
As soon as you do, BitLocker To Go will begin initializing your USB drive, as shown in Figure B. The process is nondestructive, so you don't have to worry about any data that is already on the drive.

Figure B

When BitLocker To Go initializes your USB drive, you don't have to worry about any data that is already on the drive.
Once the initialization process is complete, BitLocker To Go will prompt you to set up a password that you will use to unlock the drive, as shown in Figure C. If you have a smart card, you can use its PIN to unlock the drive.

Figure C

You can use a password or a smart card to unlock a BitLocker To Go protected drive.
After you set up a password or use a smart card, BitLocker To Go will prompt you to store a recovery key, as shown in Figure D. You can use the recovery key to unlock your drive in the event that you forget the password or lose your smart card.

Figure D

To ensure that you don't lock yourself out of your drive, BitLocker To Go will create a recovery key.
When you create the password and save your recovery key, you'll be prompted to begin the encryption process, as shown in Figure E.

Figure E

You'll be prompted to begin the encryption process once you save the recovery key.
During the encryption process, you'll see a standard progress monitor that will keep you apprised of the operation, as shown in Figure F. The amount of time that it will take to complete the process will depend on how large the drive is. As you can see, there is a Pause button that will allow you to temporarily halt the process should you need to perform another task.

Figure F

A Progress monitor will keep you apprised of the encryption process.
Of course, once the encryption is complete, BitLocker To Go displays a confirmation dialog box and changes the icon associated with the encrypted drive, as shown in Figure G.

Figure G

When the encryption is complete, you'll notice that the drive icon shows a lock on the drive.

Using a BitLocker To Go encrypted drive in Windows 7

When you later insert the BitLocker To Go encrypted drive in the Windows 7 system, you will immediately be prompted to enter the password, as shown in Figure H. If you wish, you can select the Show Password Characters as I Type Them check box, so that you can see the letters; otherwise, you'll see asterisks. After you type the password, you can select the Automatically Unlock on This Computer from Now On check box to store the password in Windows 7's password cache.

Figure H

When you insert the BitLocker To Go encrypted drive in Windows 7 system, you will immediately be prompted for a password.
Once you click Unlock, you'll see an AutoPlay dialog box that prompts you to view the files or use ReadyBoost, as shown in Figure I. When you click the Open Folder to View Files button, you will be able to access the drive and its contents as you normally would.

Figure I

When the AutoPlay dialog box appears, click the Open Folder to View Files button.

Using a BitLocker To Go encrypted drive in Windows XP/Vista

When you insert the BitLocker To Go encrypted drive in a Windows XP or Vista system, you will see an AutoPlay dialog box that prompts you to install the BitLocker To Go Reader, as shown in Figure J. When you click this button, it will take just a moment to install and run the Reader.

Figure J

When you insert the BitLocker To Go encrypted drive in a Windows XP or Vista system, you will be prompted to install the BitLocker To Go Reader.
You'll then see the BitLocker To Go Reader dialog box, which will prompt you to enter your password, as shown in Figure K. Notice that the Automatically Unlock on This Computer from Now On check box is missing from this dialog box. However, the Show Password Characters check box is still available.

Figure K

BitLocker To Go Reader will prompt you to enter your password.
After you type the password and click the Unlock button, you'll see the BitLocker To Go Reader window, which essentially looks like Windows Explorer, as shown in Figure L. However, it doesn't work like Windows Explorer.

Figure L

The BitLocker To Go Reader window allows you to access files on an encrypted drive on a Windows XP or Vista system.
If you attempt to open any file by double-clicking it in the BitLocker To Go Reader window, you'll immediately be prompted to copy the file to the desktop, as shown in Figure M — you won't be able to open the file on the USB drive.

Figure M

You cannot open files on an encrypted drive from the BitLocker To Go Reader.
If you attempt to copy a file from the computer to the BitLocker To Go Reader window, you'll immediately see the error message shown in Figure N.

Figure N

You cannot copy files to an encrypted drive from the BitLocker To Go Reader.

What's your take?

What do you think about BitLocker To Go? Will you use it when you get Windows 7? Are you using it already? As always, if you have comments or information to share about this topic, please take a moment to drop by the TechRepublic Community Forums and let us hear from you.

TechRepublic's Windows Vista and Windows 7 Report newsletter, delivered every Friday, offers tips, news, and scuttlebutt on Vista and Windows 7, including a look at new features in the latest version of the Windows OS. Automatically sign up today!

About

Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.

Editor's Picks