Before you start
Objectives: Learn how to configure BitLocker to Go on USB flash drive on Windows 7.
Prerequisites: you have to know what BitLocker is.
Key terms: BitLocker To Go, BitLocker, configuration, Windows 7, USB flash drive.
Before we start using BitLocker, we will format our USB flash drive using FAT32 file system and the default allocation unit size. Also, before we start using BitLocker, we should have our Data Recovery Agents (DRAs) configured. Next, we will open Local Group Policy Editor by entering gpedit.msc in search. Here we will configure some local policies related to BitLocker To Go. We will navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption. Here, the first thing we can do is set up unique identifiers for our organization. This setting will allow us to specify unique string that will be written on BitLocker devices.
Unique Identification Policy
In our case we have simply entered UtilizeWindows as our identifier. This will allow us to restrict people from being able to access or DRAs from being able to recover devices and drives that don’t have this unique ID on it. We can enter multiple IDs. After that we will go to the Removable Data Drives section. Here we will enable the Allow access to BitLocker-protected removable data drives from earlier versions of Windows.
Allowed Access on Earlier Versions of Windows
By doing this, users can take the USB drive and plug it in to Windows XP or Vista machine and be able to access it. Next thing we can do is to enable Deny access to removable drives not protected by BitLocker. We can also choose to deny write access to devices configured in another organizations.
Deny Write Access
With this we are restricting our computers to have write access to a USB flash drive that has not been encrypted with BitLocker with our own organization ID. That means that we can’t bring someone BitLocker enabled drive from someone else and use it. The next thing we will do is enable the Configure use of passwords for removable data drives policy. We will select the Require password for removable data drive option.
Now that we have some basic policies set, we can go to Control Panel and turn on BitLocker for our USB drive. In our case, our USB flash drive is ROKI (E:).
Next, we will be able to choose the way to unlock the USB flash drive. In our case we have the password option set (because of policy settings), so we will enter our password.
On the next screen we will have the option to save and print our recovery key. This step is very important for recovery purposes.
On the next screen we will start the encryption process. Once our USB flash drive is encrypted, we can start using our drive. When we plug it out and than back in, in Control Panel we will see that the USB drive is locked.
When we try to open our USB drive from the Explorer, we will see a window in which we can enter the password to unlock the drive.
Note that we can save our password so that our USB drive is automatically unlocked when we plug it in. Once we click Unlock, we will have full access to our USB drive. We can manage BitLocker settings on our USB drive now in Control Panel. We can change the password used to unlock the drive, save the recovery key again, etc.