• INTERNET ACCESS
  • Overview
  • Ethernet
  • Wireless
  • Using 802.1x
  • VPN
  • Handheld devices
  • Modem
  • Peer-to-Peer and Copyright
  • International student guide
  • Hubs on ResNet
  • Campus labs
  • Outside ISP
  • Medical Campus
• VIRUSES
  • Overview
  • Virus protection
  • Spyware detection
  • Firewalls
  • AutoUpdate
  • Virus removal
  • McAfee VirusScan help
  • Norton Security help
  • Alerts
• E-MAIL
  • Get started
  • General e-mail topics
  • Away from BU?
  • After graduation
• OS & SOFTWARE
  • Overview
  • Windows help
  • Mac OS help
  • Microsoft Office
  • FileMaker Pro
  • Adobe Acrobat
  • Web browsers
  • Active Directory
  • Supported software
  • Distributed software
  • Math/Science software
  • Faculty resources
  • Data Recovery
• UNIX
  • Overview
  • PC SSH and Telnet
  • Mac SSH and Telnet
  • X Windows
  • Using FTP
  • UNIX Help Desk
  • BU Linux
• PURCHASING
  • Overview
  • University Computers
  • Research a purchase
  • Register notebooks
  • Donate or recycle
• TUTORIALS
  • Overview
  • Course descriptions
  • Dates & registration
  • Tutorial handouts
  • Self-paced tutorials
  • Element K tutorials
  • Other resources

What is BitLocker, and who should use it?

BitLocker, available only in Vista Enterprise and Vista Ultimate editions, can provide valuable protection for the information stored on your computer if your computer is stolen. It allows you to encrypt the entire C: drive (or other disk containing your OS, but not additional disks) on your notebook or desktop computer. A key is required each time you boot the computer or bring it out of Hibernation. (Resuming the computer from Suspend does not require the key.) On some very recent notebook computers, the key can be stored on a special TPM (Trusted Platform Module) chip built into the computer. Access to the key on the TPM chip can be protected by a PIN. If your computer does not have a suitable TPM chip, you can store the key on a USB thumb drive. A key stored on a USB thumb drive cannot be protected by a PIN, so you should not store the thumb drive with your computer. Anyone having access to both your computer and the USB key will be able to boot the computer successfully. If the key is not available at boot time (or when coming out of hibernation), the disk containing your OS will remain encrypted and the contents cannot be read, even if the disk is inserted into another computer. You can make multiple copies of the key, and a recovery key is also provided, but if all of these are lost or become corrupted, the data on the disk cannot be recovered.

You should consider using BitLocker if all of the following are true:

• You have or are upgrading to Vista Enterprise or Vista Ultimate.
• You store information on your computer that you would not want compromised and available to others if your computer were stolen or otherwise physically accessible to someone else.
• You are willing to take a few steps to create a second partition on the disk where your operating system is installed. If you are installing Vista fresh, you should take these steps just before you install Vista. If your computer already has Vista Enterprise or Ultimate installed, you can still create the required partition, following slightly different steps.
• Your computer has a very recent TPM chip which can be used to store the BitLocker encryption key, OR you plan to store the encryption key on a USB thumb drive and keep that thumb drive separate from your computer except when you need to boot the computer. Storing the thumb drive in your computer bag along with your computer will provide no protection at all. Keeping the thumb drive on your key chain makes it much less likely that both the computer and the thumb drive will be lost at the same time. Only fairly recent computers support the use of BitLocker; you should check with your vendor to see if your computer is supported. Information on IBM/Lenovo ThinkPads is located here.

BitLocker is clearly applicable to notebook computers. While its use on desktop computers may be less obvious, it can provide the same protection in cases where the computer is stolen or someone gains physical access to the computer with the intent of breaking into it.

Instructions for partitioning your disk and activating BitLocker

• Microsoft's Windows BitLocker Drive Encryption Step-by-Step Guide for fresh installations (follow these instructions if you are going to install Vista Enterprise or Ultimate onto a blank disk) www.microsoft.com/technet/windowsvista/library/c61f2a12-8ae6-4957-b031-97b4d762cf31.mspx#BKMK_S1
• Existing installation (follow these instructions if Vista Enterprise or Ultimate is already installed on your disk) msinfluentials.com/blogs/jesper/archive/2006/09/27/So_2C00_-you-want-to-BitLocker-an-existing-computer_3F00_.aspx

Resources

• Microsoft's BitLocker FAQs www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerFAQ.mspx
• Links to more information on BitLocker drive encryption and other Vista security features technet.microsoft.com/en-us/windowsvista/aa905062.aspx
• Lenovo's information on ThinkPad models that support BitLocker www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67210

 

PCSC  BU 

• © Boston University