Jump to content

Bitlocker on a New Laptop

Guest Big Dog

By Guest Big Dog
in Techno Babble

 Share

Recommended Posts

Guest Big Dog

Guest Big Dog

Posted
Posted

I recently purchased a new laptop and have a copy of Vista Ultimate (from the

Server 2008 launch event).

 

Although my laptop isn't connected to a domain, I'm wondering if it's a good

idea to implement Bitlocker on a personal laptop for data protection and such.

 

Appreciate any thoughts/suggestions.

  • Replies 11
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Guest

Guest Guest

Posted
Posted

If your laptop has a TPM security chip (version 1.2 or later) do use

BitLocker. It will give you very good privacy protection for your data.

I use it, and wouldn't be without it. But then I always prefer paranoia

class security.

 

regards

the ancient mariner

 

"Big Dog" <BigDog@discussions.microsoft.com> skrev i meddelelsen

news:EA4E2E33-93BD-47C9-8A37-D6F5448F5EF1@microsoft.com...<span style="color:blue">

>I recently purchased a new laptop and have a copy of Vista Ultimate (from

>the

> Server 2008 launch event).

>

> Although my laptop isn't connected to a domain, I'm wondering if it's a

> good

> idea to implement Bitlocker on a personal laptop for data protection and

> such.

>

> Appreciate any thoughts/suggestions. </span>

Guest Big Dog

Guest Big Dog

Posted
Posted

Thanx - it doesn't have a TPM chip, but I do know about the workaround (use

a USB drive for the password).

 

Just partitioned the drive to the appropriate two volumes and am in the

process of reinstalling everything. Agree with you that preventive paranoia

is always good.

Guest VanguardLH

Guest VanguardLH

Posted
Posted

Big Dog wrote:

<span style="color:blue">

> Thanx - it doesn't have a TPM chip, but I do know about the workaround (use

> a USB drive for the password).

>

> Just partitioned the drive to the appropriate two volumes and am in the

> process of reinstalling everything. Agree with you that preventive paranoia

> is always good.</span>

 

What happens when the USB thumb drive gets lost, damaged, or

catastrophically fails (which it will if you continue writing to it

which wears it out due to oxide stress which eventually surpasses the

recovery space and error algorithms to mask out the errors)?

Guest Chris

Guest Chris

Posted
Posted

You can back up the startup key to another USB drive via:

 

Control Panel -> Security -> Bitlocker -> Manage Bitlocker keys -> Duplicate

the startup key

 

Also - when you encrypt a drive, you get a printable recovery password.

This can be used in instead of the USB key.

 

Cheers!

 

 

"VanguardLH" <V@nguard.LH> wrote in message

news:%23Jd%23vJZBJHA.4368@TK2MSFTNGP06.phx.gbl...<span style="color:blue">

> Big Dog wrote:

><span style="color:green">

>> Thanx - it doesn't have a TPM chip, but I do know about the workaround

>> (use

>> a USB drive for the password).

>>

>> Just partitioned the drive to the appropriate two volumes and am in the

>> process of reinstalling everything. Agree with you that preventive

>> paranoia

>> is always good.</span>

>

> What happens when the USB thumb drive gets lost, damaged, or

> catastrophically fails (which it will if you continue writing to it

> which wears it out due to oxide stress which eventually surpasses the

> recovery space and error algorithms to mask out the errors)? </span>

Guest VanguardLH

Guest VanguardLH

Posted
Posted

Chris wrote:

<span style="color:blue">

> "VanguardLH" wrote ...<span style="color:green">

>>

>> Big Dog wrote:

>><span style="color:darkred">

>>> Thanx - it doesn't have a TPM chip, but I do know about the

>>> workaround (use a USB drive for the password).

>>>

>>> Just partitioned the drive to the appropriate two volumes and am in

>>> the process of reinstalling everything. Agree with you that

>>> preventive paranoia is always good.</span>

>>

>> What happens when the USB thumb drive gets lost, damaged, or

>> catastrophically fails (which it will if you continue writing to it

>> which wears it out due to oxide stress which eventually surpasses

>> the recovery space and error algorithms to mask out the errors)?</span>

>

> You can back up the startup key to another USB drive via:

>

> Control Panel -> Security -> Bitlocker -> Manage Bitlocker keys -> Duplicate

> the startup key

>

> Also - when you encrypt a drive, you get a printable recovery password.

> This can be used in instead of the USB key.</span>

 

That was what I alluded to - that something ELSE should be use as a

backup to using just a USB thumb drive as an encryption dongle. I just

wanted to prod the "what if" scenario. Even with the printout, it won't

(and shouldn't) be in the bag with a laptop (and neither should the USB

dongle), and there might be no one at home you can call to get it. Even

if you create a backup USB thumb drive, it's likely you won't have it

with you when traveling (and when theft of the computer is highest).

You're screwed until you get back home.

 

Personally, and if TPM wasn't available, I'd be leery of relying on a

USB thumb drive to maintain my access to the hard disk versus, say,

instead using whole-disk encryption that only requires me to remember a

password.

 

If the OP goes the USB drive route, he should read:

 

http://support.microsoft.com/kb/923123/en-us

http://support.microsoft.com/kb/923124/en-us

Guest Flight

Guest Flight

Posted
Posted

"VanguardLH" <V@nguard.LH> schreef in bericht

news:ub3dAXaBJHA.4108@TK2MSFTNGP05.phx.gbl...<span style="color:blue">

> Chris wrote:

><span style="color:green">

>> "VanguardLH" wrote ...<span style="color:darkred">

>>>

>>> Big Dog wrote:

>>>

>>>> Thanx - it doesn't have a TPM chip, but I do know about the

>>>> workaround (use a USB drive for the password).

>>>>

>>>> Just partitioned the drive to the appropriate two volumes and am in

>>>> the process of reinstalling everything. Agree with you that

>>>> preventive paranoia is always good.

>>>

>>> What happens when the USB thumb drive gets lost, damaged, or

>>> catastrophically fails (which it will if you continue writing to it

>>> which wears it out due to oxide stress which eventually surpasses

>>> the recovery space and error algorithms to mask out the errors)?</span>

>>

>> You can back up the startup key to another USB drive via:

>>

>> Control Panel -> Security -> Bitlocker -> Manage Bitlocker keys ->

>> Duplicate

>> the startup key

>>

>> Also - when you encrypt a drive, you get a printable recovery password.

>> This can be used in instead of the USB key.</span>

>

> That was what I alluded to - that something ELSE should be use as a

> backup to using just a USB thumb drive as an encryption dongle. I just

> wanted to prod the "what if" scenario. Even with the printout, it won't

> (and shouldn't) be in the bag with a laptop (and neither should the USB

> dongle), and there might be no one at home you can call to get it. Even

> if you create a backup USB thumb drive, it's likely you won't have it

> with you when traveling (and when theft of the computer is highest).

> You're screwed until you get back home.

>

> Personally, and if TPM wasn't available, I'd be leery of relying on a

> USB thumb drive to maintain my access to the hard disk versus, say,

> instead using whole-disk encryption that only requires me to remember a

> password.

>

> If the OP goes the USB drive route, he should read:

>

> http://support.microsoft.com/kb/923123/en-us

> http://support.microsoft.com/kb/923124/en-us</span>

 

Ever seen Myth Busters? They showed how simple it is to copy a fingerprint

or to cheat it. Don't rely on it.

Guest Paul Montgomery

Guest Paul Montgomery

Posted
Posted

On Sun, 24 Aug 2008 13:23:47 +0200, "Flight"

<jPUNTvoorbeeld@gmailPUNTcom> wrote:

<span style="color:blue">

>Ever seen Myth Busters? They showed how simple it is to copy a fingerprint

>or to cheat it. Don't rely on it. </span>

 

Yep, you're definitely an idiot.

Guest Flight

Guest Flight

Posted
Posted

"Paul Montgomery" <i.m.nonnymous@NOSPAMgmail.com> schreef in bericht

news:4oh2b4pf8i4fptvmp60uotkh3ueu7svj6g@4ax.com...<span style="color:blue">

> On Sun, 24 Aug 2008 13:23:47 +0200, "Flight"

> <jPUNTvoorbeeld@gmailPUNTcom> wrote:

><span style="color:green">

>>Ever seen Myth Busters? They showed how simple it is to copy a fingerprint

>>or to cheat it. Don't rely on it.</span>

>

> Yep, you're definitely an idiot.</span>

 

And why, you moron? Or was this another hickup from a very sick old man?

Guest Steve Riley [MSFT]

Guest Steve Riley [MSFT]

Posted
Posted

That's why our preferred recommendation is to use both a TPM and a PIN --

essentially storing part of the SRK (storage root key) in the TPM and part

of the SRK in your brain. If you don't have a TPM, then I'd suggest a PIN

rather than a USB drive, simply because it means that you don't have to

worry about keeping track of the drive. It's unlikely that you'd forget the

PIN since you'd have to enter it every time you booted on your PC;

nevertheless, remember that you can also create a recovery password. Store

the recovery password on a piece of paper (that is, print it out) and

protect this piece of paper. Ideal candidates for protecting it include

wallets and purses. And please don't label it "My BitLocker recovery

password"! style_emoticons/

 

--

Steve Riley

steve.riley@microsoft.com

http://blogs.technet.com/steriley

http://www.protectyourwindowsnetwork.com

 

 

 

"VanguardLH" <V@nguard.LH> wrote in message

news:#Jd#vJZBJHA.4368@TK2MSFTNGP06.phx.gbl...<span style="color:blue">

> Big Dog wrote:

><span style="color:green">

>> Thanx - it doesn't have a TPM chip, but I do know about the workaround

>> (use

>> a USB drive for the password).

>>

>> Just partitioned the drive to the appropriate two volumes and am in the

>> process of reinstalling everything. Agree with you that preventive

>> paranoia

>> is always good.</span>

>

> What happens when the USB thumb drive gets lost, damaged, or

> catastrophically fails (which it will if you continue writing to it

> which wears it out due to oxide stress which eventually surpasses the

> recovery space and error algorithms to mask out the errors)? </span>

Guest VanguardLH

Guest VanguardLH

Posted
Posted

VanguardLH wrote:

<span style="color:blue">

> (and when theft of the computer is highest).</span>

 

Geez, I need to focus on the post instead of the other article I was

reading.

 

Oops, should've been "and when the dongle might break"

Guest VanguardLH

Guest VanguardLH

Posted
Posted

Steve Riley [MSFT] wrote:

<span style="color:blue">

> And please don't label it "My BitLocker recovery password"! style_emoticons/</span>

 

And tape it to your spare house key, and where they can use your

driver's license to find out where is your house. Of course, if you are

the gender or type that carries a purse, the wallet, key ring, and USB

thumb drive are all together to capture in one swoop.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...