What is BitLocker? What does it do? What does it not do?

What is BitLocker?

BitLocker lets you encrypt the hard drive(s) on your Windows 7 and Vista Enterprise, Windows 7 and Vista Ultimate or Windows Server 2008 and R2.  BitLocker will not encrypt hard drives for Windows XP, Windows 2000 or Windows 2003.  Only Windows 7, Vista and Server 2008 include BitLocker.  BitLocker drives can be encrypted with 128 bit or 256 bit encryption, this is plenty strong to protect your data in the event the computer is lost or stolen.  BitLocker protects your hard drive from offline attack.  This is the type of attack where a malicious user will take the hard drive from your mobile machine and connect it to another machine so they can harvest your data.  BitLocker also protects your data if a malicious user boots from an alternate Operating System.  With either attack method, BitLocker encrypts the hard drive so that when someone has physical access to the drive, the drive is unreadable.  Now if you are a network admin and you need to harvest data from a hard drive when a machine fails, our tools include the functionality to prompt the admin for the recovery key so the hard drive can be accessed.  We’ve done a good job at ensuring the data does not end up in the wrong hands, while making it easy for authorized users to access the data in the event of a failure.

What does BitLocker do?

Again, BitLocker encrypts the hard drive(s) to protect the Operating System from offline attacks.  Server 2008, 2008 R2, Windows 7 Enterprise, Windows 7 Ultimate, Windows Vista Enterprise, and Windows Vista Ultimate all include BitLocker functionality.  Windows 7 Professional and Windows Vista Business Edition and the Home Editions do not include BitLocker.  The RTM versions of Vista only allow BitLocker encryption of the C: drive.  SP1 for Vista, and Windows 7 include the ability to encrypt all of the hard drives belonging to the Vista and Windows 7 machine.  Server 2008 (and R2) include the ability to encrypt all of its attached hard drives as well.  BitLocker on a Server 2008 (and R2) server might not make sense for your servers in the Data Center, but using BitLocker on servers in remote offices makes a lot of sense.  How many remote offices have their servers in secure Data Centers?  They don’t!  If you’re lucky, your server sits in a locked closet.  If you’re unlucky, it sits under someone’s desk.  Deploying BitLocker to these machines makes perfect sense because if those machines are stolen, their data is encrypted and protected from the types of attacks that they would be exposed to.  Another piece to protect these remote servers is the Read Only Domain Controller functionality.  I won’t go into it here, but it gives you the ability to provide fast logon experiences for your remote users while ensuring that all of the domain credentials are not stored on these remote office servers. 

Windows 7 extends BitLocker functionality to removable drives, we call that functionality BitLocker to GoBitLocker to Go gives you the ability to encrypt your thumb drives and even USB hard drives.  You even have the ability to enforce BitLocker to Go via Group Policy, this Group Policy can ensure that users can only store corporate data on encrypted drives. 

What does BitLocker not do?

BitLocker does not protect the computers contents while Windows is running.  Again, BitLocker is built for offline attacks, once the operating system is up and running.  Windows 7 and Vista will protect your data from unauthorized access.  When 7 (and Vista) is up and running, unauthorized access can come in the form of:

  1. A malicious user trying to log onto the local computer.  Windows 7 (and Vista) can protect itself by enforcing strict password policy and complexity.  Please ensure that if your data is important enough to encrypt, that you also require complex passwords and/or two factor authentication.  Two factor authentication takes the simple passwords or easy to guess passwords out of the equation so that they are no longer a risk. 
  2. A malicious user connecting to the computer over the network to harvest data from the local computer.  If the user has access to your physical network, the malicious user can try to connect to your machine over the network.  Again, strict user permissions on the local machine and on your network as a whole, will prevent malicious users from accessing your network. 

Other ways to protect your data:

RMS, EFS, IPSec.  I’ll give you more detail in my next post.

Until next time!


del.icio.us Tags: ,


Technorati Tags: ,
Comments (64)

  1. ashish says:

    That's very good and explained properly. Contents are easy to understand.

    Thank you!!

  2. abdul says:

    valuable informations, PACKED. thankyou

  3. sharif says:

    Excellent, that is what we need to know. thanks Major.

  4. shahul says:

    i have this but very bad i dont know that so i said like tha

  5. shipra says:

    ya! Its good but difficult to understand.  

  6. kevin says:

    Hello,my brother plugged out my  external hard drive while i was taking off  the bit lock. the drive is currently saying its empty but when u open it your seeing the folders n documents. but nothing is opening with non of the programs on my pc.need help asap.

  7. SANTOSH says:

    I dont understand anything,can you show it with picture?

  8. mukund says:

    very usefull information,thank you very much…

  9. Anurag says:

    It has given me a best knowledge to learn thank u

  10. Pradeep Gowda says:

    Yes, Excellent and it is very usefull information gathered…

  11. Botox says:

    Thank you so much for sharing such a informative post with us

  12. Rothana says:

    Good explain and easy to understand , thanks for sharing !

  13. Martin says:

    so what if i wanna re-format my OS-hard drive?

    will all the data be lost on the encrypted one?

  14. bhupindeer singh says:

    bit locker is very usefull infor……….

  15. Himee says:

    this is very interesting definition thanks for you.

  16. sergio says:

    and how am i able to open this damn encrypted usb stick in my mac? I guess I can't…it's quite a shame to be so focus on one environment….

  17. dave says:

    Doesn't explain how unlocking works. Is there a password before bootup?

  18. sreedhar says:

    it's nice easy to understand………..

  19. BaRoN30s says:

    Nice bit of info.. for the past few years ive been using TrueCrypt to make my drives secure but have now moved over to windows 8 where bitlocker is built in..  so my question is which is best.? TrueCrypt or bitlocker

    if I format & reinstall windows will I still then be able to access a encrypted bitlocker drive.?


  20. palygr says:

    How do i decrypt one encrypted folder on my external disk?

  21. Leon G. says:

    Why can't bitlocker protect current running operations.

    Why must it wait until offline status???

  22. Fazla-e-Majid says:

    Nice utility and very well explained. thanks

  23. Ayman Shazly says:

    very good one ..

  24. snsharma says:

    Very-2 useful in4mation. Thanks a lot.

  25. Emmanuel says:

    thank for the article,

    very helpful.

  26. madesh suji says:

    good one,very use full for os or data

  27. sumit pandya says:

    good explained nd thanx for help me….

  28. Darryl says:

    I have an external drive thats has bitlocker encryption on it from the laptop I was working with. I don't have the laptop that I had it encrypted on to decrypt my external drive anymore. Could I just buy the bit locker software, install on another laptop and decrypt my external drive that way?

  29. Dipak says:

    Very Useful information

    thanks for the help

  30. Sunny says:

    How does bitlocker-to-go work ? Once installed on a USB stick the files became read only. How to add files to it.

  31. fateh ali says:

    my mobile card is not working after installing the bitlocker so pls anyone tell me how this is working again …. ?


  32. ham_lord@yahoo.com says:

    I have a problem. I forgot my password on bit locker. How can I recovery my drive?

  33. Manoj Patil says:

    Very Nice!!!!!!!!!  Explanation is indeed.

  34. Binaykumar says:

    Good explain , thanks for information

  35. Anonymous says:


  36. Anonymous says:

    i have bought a memory of 4 GB and when i start bitLocker it ishis taking more then i thought. Does it work slowly?

  37. avyanez1@gmail.com says:

    My company computer will not open due to a bit locker being enabled. I do not know how that was started. What can I do to get back on my computer?

  38. Prem says:

    BitLocker is a useful data protective tool…………………..Thanks

  39. technodhoom.com says:

    Bitlocker is very useful feature of windows 7 & it protects our data in off line malicious attack

  40. Praveen Prakash says:

    Thank You. It is informative.

  41. Rishikesh says:

    i think i can buy this product now..:-) thanks a lot Rob

  42. Sanjeev Kumar says:

    thank you so much to give information about bitlocker for drive lock

  43. shiva says:

    its excellent ,,But exactly how its works

  44. Albert says:

    Ooooops i have just applied it to my flash drive and guess what, u cannot open it.

  45. Mahesh says:

    Thanks for the info guys…Cheers!!

  46. NSA says:

    Is it possible that bitlocker includes backdoors – anyone?

  47. ramesh says:

    bit locker is very useful information…………………

  48. hamidah says:


  49. sanjay says:

    Really Very Helpful

  50. Lava says:

    Thanks, very helpful information, and good to know.

  51. rahul says:

    best information to guide anyone

  52. pradeep says:

    thanks 4 ur regard

  53. AAugusto says:

    Very well explained. Many Tks..

  54. Jason wid says:

    thank you for clearly explaining this to us,we really needed this…..Jwid

  55. Ed Mit says:

    I have Bitlocker on an external drive. I have the recovery code and it just sits there and spins. Is it trying to unlock or am I wasting my time? Also, can the disks from this external drive be "forensically" recovered if the recovery code does not work?

  56. Aamir says:

    Useful information……..

  57. OK says:

    Now im going to learn how to hack it, please if i succeed it means the programmer of this product has to back back and close the open holes. I don’t trust easily

  58. muhammad rasoul kabul says:

    very good definition easily understood.

  59. Mr Gwee says:

    Is well understood.

  60. Mr. Mo says:

    this is very gud and i think we shud all apply it on our PCs and laptops

  61. Nicole says:

    Explained very well

  62. muhammad rasoul says:

    very helpful inf thanks!

  63. DEnisha says:

    What will happen if I put the drive in a mac machine, doies the originals file that were on the drive still work? Can this be taken off the drive and how?