Up and Coming

  • Migration of my QA blogs

Thursday, 20 March 2008

Vista Bitlocker and SP1

I felt it was important to clear up a misconception with Vista and Bitlocker. Most people are under the impression that Bitlocker in Vista RTM only allowed encryption of 1 partition and one of the new features of SP1 was the Bitlocker was going to allow encryption of multiple partitions.

This statement is not actually accurate....

Bitlocker in Vista RTM does support encryption of multiple volumes including removable drives (USB Hardisks but not flash drives). But the GUI only supports enabling BitLocker on the one drive. To encrypt multiple drives it has to be done from the command line using 'cscript c:\windows\system32\manage-bde.wsf' (BDE=Bitlocker Drive Encryption). What SP1 introduces is the ability to do this in the GUI. To use this command line tool you do need to run it within an Administrative command prompt.

With the cscript c:\windows\system32\manage-bde.wsf -on parameter you can encrypt any drive, specify keys and encryption level. This only works with Vista Enterprise and Ultimate.


No comments: