---

---

Home

 

EFS--Encrypted File System

Right click a folder -- property

 

Problem:

The encryption key is saved inside the user's profile. When somebody gets your physical computer, he can reset the user's password by a utility and log onto the system to steal your data.

---

BITLOCKER

 

Windows 7 Enterprise

 

Partition S has minimum 1.5 GB and ACTIVE.

Partition  C will have the OS installed.

Diskpart

Select disk 0

Clean

Create partition primary size=3000

Select partition 1

Active

Assign letter=S

Format fs=ntfs quick

Create partition primary size=30000

Select partition 2

Assign letter=C

Format fs=ntfs quick

Exit

 

Install Windows 7 enterprise onto C drive.

 

 

Turn On BitLocker on F: drive

 

 

Why is the “BitLocker Drive Encryption” more secure than EFS?

 

Reboot the computer with Vista ERD (Emergency Repair Disk) ;

Run LockSmith to change the Administrator password;

 

Boot the computer into Windows 7 and logon as Administrator with the new password;

 

When you try to open F: drive, a popup window shows.

If you know the password, you can unlock it.

 

If you click the link “I forgot my password”, the following window pops up.

 

 

You must click “Manage BitLocker” to permanently change the unlock password.

 

 

TPM – Trusted Platform Modules –BIOS

 

Because my system does not have a TPM on the mainboard, I cannot turn on BitLocker on the Operating system drive (C:).

 

 

 

 

 

“Automatically unlock this drive on this computer” option does not work without the OS drive protected. When you encrypt fixed data drives, you can choose to have the drive automatically unlock when you log on to Windows.

 

For removable drive (e.g. USB Stick), “automatically unlock this drive on this computer” can be turned on or off.

 

When “automatically unlock this drive on this computer” is turned on, next time the USB stick will automatically unlock upon you insert it to this computer. You don’t need to type the password.