Until now, Windows Vista was the most secure version of the Windows operating system. Windows 7 picks up where Vista left off, and improves on that foundation to provide an even more secure computing experience. Here’s a look at some of the more significant security enhancements in Windows 7.
Thousands of computers, particularly laptops, are lost or stolen each year. If you don’t have appropriate safeguards and security controls in place, unauthorised users who come into possession of your computer can access any sensitive data it contains. The risk of sensitive information being lost or stolen is even greater with the proliferation of tiny USB flash drives and other portable media capable of holding more and more data.
Windows 7 retains Vista’s data-protection technologies, such as EFS (Encrypting File System) and support for ADRMS (Active Directory Rights Management Services). In addition to minor updates to those technologies, Windows 7 significantly improves on Vista’s BitLocker drive encryption technology, and it adds BitLocker to Go for encrypting data on removable media.
Encrypting Drives With BitLocker
When BitLocker made its debut with Windows Vista, it was capable only of encrypting the primary operating system volume. Windows Vista SP2 (Service Pack 2) extended the functionality to encrypt other volumes, such as additional drives or partitions on the primary hard drive, but it still did not enable users to encrypt data on portable or removable disks. Windows 7 brings BitLocker to Go for protecting data on portable drives while still providing a means for sharing the data with partners, customers, or other parties.
Before you can begin using BitLocker Drive Encryption, your disk volumes have to be configured properly. Windows requires a small, unencrypted partition to contain the core system files it needs to begin the boot process and authenticate the user to access the encrypted volumes. Most people don’t consider that when they’re setting up the drive partitions initially, so Microsoft has created a tool to move things around and to repartition the drive to prepare it for BitLocker encryption. You can learn more about the BitLocker Drive Preparation Tool and download it from Microsoft’s site.
Once your drive is properly partitioned, you can encrypt it with BitLocker. Click on BitLocker Drive Encryption in the Control Panel. The BitLocker console will display all of the available drives and their current state (whether BitLocker is currently protecting them). You will notice that the display separates the drives by whether they are fixed drives to be encrypted with BitLocker or removable drives to be protected with BitLocker to Go.
Click on Turn on BitLocker next to any unencrypted drive to begin the encryption process. The utility will ask you to assign a password for unlocking the encrypted data, or to insert your smartcard if you prefer to for authentication. BitLocker then offers an opportunity for you to save the BitLocker Recovery Key, either as a text file or printed out. You must have the BitLocker Recovery Key to unlock the data if you forget the password or if the authentication fails in any way.
Once the process begins you can go about using Windows as you normally would, and the tool will encrypt the data in the background. After it encrypts the drive, you can click on Manage BitLocker and opt to unlock encrypted drives automatically when you log on to Windows.