19 Dec 2009

BitLocker without TPM Module in Windows7

Windows BitLocker can store "password to disk" on USB stick, not only in TPM hardware module. To make it happen you have to activate some advanced settings (why there are no dialog like: "save my key on usb disk"?)

How to save Windows7 BitLocker key on USB stick?

  • Click: Start | Search, type gpedit.msc and hit enter
  • Navigate to:
    • Local Computer Policy
    • + Computer Configuration
    • ++ Administrative Templates
    • +++ Windows Components
    • ++++ Operating Systems Drives
    • +++++ BitLocker Drive Encryption -> Require Additional Authentication at Startup
  • Change those two keys to true
  • Rerun the BitLocker Wizard

Once you have allowed BitLocker without TPM, the wizard in the BitLocker Drive Preparation will let you store the Startup Key on a USB flash drive. It also allows you to save a Recovery Key, which you will need if you have lost your USB stick.

You will then be asked whether you want to run a BitLocker System Check. If you agree, your computer will be restarted to check whether the USB device is available during the boot-up process (that is nice idea).

This super mini howto was based on: Windows7 BitLocker Review, and it is posted mostly for me (I don't remember the path in gpedit.msc :().

Notes

There are also other cross platform ways to secure your data, one of them is TrueCrypt, which can be compared with BitLocker, if you're interested how it really work you can read article: How does TrueCrypt work - explained.

Additional links

Links below are not connected with BitLocker but I think it may be useful for me someday:

No comments:

Post a Comment