Online resources for whole disk and full volume encryption
Microsoft System Integrity Team blog: Protecting BitLocker from cold boot and direct memory access attacks
Ed Felten’s research team uncovered the cold boot attack, which can be used to recover encrypted information from RAM in the clear. This is Microsoft’s explanation of how to protect BitLocker users from the threat as an administrator, by enforcing PINs or USB tokens.
Configuring AD to backup BitLocker recovery keys
BitLocker keys should be backed up so that they can be recovered in the event of a lost key or damaged storage media. This article explains how it’s done.
Recovering BitLocker keys from AD
In the event that a BitLocker user needs to recover their password, an administrator can retrieve it from Active Directory, (as long as you’ve set the system up to store it there – see above). This article is a guide to using the BitLocker Recovery Password Viewer for retrieving passwords more easily.
Recovery with the BitLocker Repair Tool
Should a user’s hard drive become damaged, it may be necessary to use the BitLocker Repair Tool to help recover the encrypted data. This article explains how, step by step.
Using Bitlocker with a USB key
BitLocker is designed to work with a Trusted Platform Module (TPM) and that gives you the best security (combined with a secondary PIN or USB token). If you have users with Vista and an older system that can doesn’t have a TPM, they can still take advantage of the Vista feature, by using a USB key alone. This is a clear step-by-step to the slightly obscure settings you need to enable to set this up.
BitLocker Drive Preparation Tool
The BitLocker Drive Preparation tool simplifies getting a hard drive ready for encryption. This article describes how to access and use the tool, and outlines basic system requirements.
SANS Institute webcast on full disk encryption
The SANS Institute provides education and training in various security fields. In this webcast its experts used to explain the basic concepts behind full disk encryption, so it’s a good primer for getting up to speed on the subject.
Configuring BitLocker on Windows Server 2008
BitLocker isn’t just for client PCs; in Windows Server 2008 you can protect servers too, which is particularly useful for small offices that are hard to secure physically. This walkthrough takes you through enabling and deploying BitLocker, step by step.
Manage BitLocker with the CLI
Managing BitLocker via the command line interface opens up the possibility of customised, scripted tasks. This article explains basic BitLocker commands for those that prefer CLI management.
BitLocker drive encryption design and deployment guides
These official Microsoft guides to BitLocker are broken down into two documents – designing a BitLocker configuration to suit your infrastructure, and then deploying it.
Building a dual boot system with Windows Vista BitLocker protection with TPM support
Even though it encrypts a whole volume, BitLocker doesn’t stop users from dual-booting between Vista and other operating systems. This article explains how to configure a BitLocker-protected system for that purpose.
BitLocker Drive Encryption Technical Overview
This online guide to BitLocker goes into intricate detail on its workings and architecture.
Microsoft Encrypting File System Assistant
If your users haven’t moved to Vista, Microsoft’s Encrypting File System lets them f3d2d1encrypt their information at a file system level, but it can be difficult to administer centrally. The EFS Assistant is a tool to make that management easier, and this document covers how to deploy it.
Best practices for the Encrypting File System
This article provides some tips for easing the adoption of EFS in an organisation, alongside some practical steps for deployment.
PGP Whole Disk Encryption quick start guide
This PDF document explains how to set up and configure PGP Corp’s disk encryption system.