Hi there,
I trust you are now rolling with Windows 7 RC (Release Candidate).
Clinton here with some more juicy, very juicy thoughts in around the Windows 7 RC (Release Candidate). I was wondering what the buzz was all about regarding this new technology used to lock USB sticks. So I thought I would have a go at this new feature called BitLocker To Go! And this is what I came up with.
History Lesson 101
Once upon time, in the land of smoke and mirrors, when Microsoft Windows was still in NT nappies. There was a special encryption technology available to those users who knew about it and that decided not to use it in case things went bad and only was available for folders.
This technology was called EFS (Encrypting File System).
Over a short epoch, the knights of the Windows NT table got more robust and so Windows Vista become king – for a year or so…
Its reign, although short-lived, has produced some fruit in the form of a Full-Disk Encryption Technology.
It was called BitLocker. The name, although undecided for awhile, was actually called Full Volume / Drive Encryption (Gripping!); however, the name, B.I.T.L.O.C.K.E.R, was far more gritty and noble.
Now, in Windows 7 RC, its soon be crowned successor, things have moved up a belt notch. Now, not only can this technology lock down a full drive partition but removable storage devices too.
These include:
· USB-based hard drives
· Flash devices
· Other media…
This newly appointed feature is called BitLocker To Go.
Formally called BitLocker To Go …indeed!
Finally, the story ends with a happy ever after…! No seriously, this technology is built for enterprises. Windows 7 extends this BitLocker technology and support to removable storage devices. It has started and will become a very important sentry in securing your company perimeters.
NOTE:
Windows 7 Enterprise and Ultimate editions only!
If you are still using XP or Vista, the encrypted device can still be used but in read-only mode.
What is BitLocker To Go?
BitLocker has came along and brought full disk encryption support to removable disks such as USB drives in the form of BitLocker To Go. These devices can now be protected with a passphrase and a recovery key. It is also compatible with all FAT file systems in addition to NTFS, making it compatible with existing devices.
Why I would use BitLocker To Go
It has been estimated that at least 50,000 laptops are stolen each year in Australia – that is one every 10 minutes. Therefore, you should take extreme care in hotels, airport lounges and conference venues – thieves target places such as these.
However, you may have USB flash sticks in your laptop bag or in your luggage at any one time. So with that in mind, BitLocker To Go is designed primarily for enterprises and for users on the move.
It also provides protection to the company when there is a risk of a guest or outside user bringing an unprotected storage device into the corporate environment – copying important corporate information with intention or not.
With BitLocker To Go enabled on the device, one can help protect sensitive corporate data in the event of loss or theft.
I must mention too that BitLocker To Go is a younger brother to BitLocker. It works independently. So you do not need to enable BitLocker on the PC, or utilize any TPM hardware, in order to use BitLocker To Go.
Group Policies used to block USB devices in an enterprise, are now superseded by using BitLocker To Go. This can take a load off the administrators.
With Windows 7 and BitLocker To Go, you can still use GPO’s to fully manage enterprise USB storage devices, but now with more control and clarity.
So isolating certain potential users, laptops or systems that are exposed to the listed risks.
Installing and using BitLocker To Go
Follow my lead >>>
1. Simply connected the removable storage device > open Computer > right-click the device > select Turn on BitLocker from the pop-up menu.
OR,
2. Manually run the BitLocker Drive Encryption control panel to view the status of BitLocker and BitLocker To Go on all listed attached drives.
a) Open the Start Menu.
b) Type BitLocker into search programs and files field to find and start BitLocker Drive Encryption.
c) Click the Turn on BitLocker link next to the drive. The wizard opens.
Finally, I must say Windows 7 is going to work hard for your business. Supporting those smaller yet significant details in your business that you face day in and day out.
And if you haven’t got Windows 7 installed, what are you waiting for? GO NOW and download the 32bit or 64bit version (for Dual Core CPU’s).
Go to: http://www.microsoft.com/windows/windows-7/download.aspx
Have a great day! J
Clinton Garbutt – Desktop Productivity Specialist
MCP, MCDST, MCTS, MCITP
DATA#3
Australia’s Integrator of the Year
User Account Control and Windows 7
Hi there,
Clinton here, with some more spurring thoughts on the forth coming OS, Windows 7.
I have asked this question before, in a previous post, but the impact of the question cover a vast land of thought.
Question: Why should I upgrade my business to Windows 7 rather than stay with Windows XP or Vista?
Ok, so here’s a reality check, if a good portion of your current desktop users are still running XP, then you should seriously look at moving up to Windows 7, because, Microsoft ended mainstream support for XP on April 14 2008. No ways? – Yeah seriously!
Critical security updates ONLY will be provided at no cost for XP licensed users up to the year 2014. Furthermore, if you need additional / extended support for XP because moving is not an option just yet for you, then you will need to pay for that as a paid contract customer with Microsoft.
Ok but hear me out, the most important reason why you SHOULD consider moving forward with Windows 7 from XP is security. There is more internet crime, hacking and brute force attacks on networks than ever before.
Both Vista and Windows 7 provide way better security than XP. A feature that springs to mind right away is the User Account Control (UAC). User Account Control (UAC) is a technology and security infrastructure introduced with Vista.
How does it work?
It works by improving the levels of security a user can have when working on a workstation, and it limits the application software to standard user privilege levels until your friendly system administrator gives the authorization to increase those privilege levels for the specific application.
So now, only applications that the user can trust get higher privileges. The ripple effect rolls from here into the Malware arena.
Malware is an application. So it doesn’t get privileges to run in order to compromise your Vista/WIN7 operating system, because the UAC controls the access.
In other words, a user account may have administrator privileges assigned to it, but applications that the user activates does not. So privileges for applications, unless approved beforehand will not run.
And here is the Cherry on the Cake – To reduce the possibility of lower-privilege applications communicating with higher-privilege ones, Windows 7 includes another technology called , User Interface Privilege Isolation… ooh!
This is used in together with UAC to divide these processes from each other so that more control is achieved over applications.
What are some of the items triggering a UAC prompt?
Tasks that require administrator privileges will trigger a UAC prompt (if UAC is enabled) are marked by a 4-color security shield symbol.
Here are tasks that will prompt for administrator authorisation:
So what are you waiting for? Don’t let your guard down across the enterprise network! Boost your security and stay on top by installing Windows 7. See how it runs…! There is MORE coming up…but for now I’m playing in Windows 7 land!
So what are you waiting for? GO and download the 32 bit or 64 bit version (for Dual Core CPU’s) of Windows 7 TODAY.
Go to: http://www.microsoft.com/windows/windows-7/download.aspx
Have a great day!
Clinton Garbutt – Desktop Productivity Specialist
MCP, MCDST, MCTS, MCITP
DATA#3
Australia’s Integrator of the Year