Encrypting the data in the Vista system disk partition with Flash memory

BitLocker is the Vista disk partition encryption tool. It is a strong data protection feature available in Vista Enterprise and flagship editions. BitLocker prevents hackers from destroying Vista files and system defenses or offline viewing files stored on a protected drive by booting another operating system or running software hacker tools. This protection is implemented by encrypting the entire Windows volume, and using BitLocker, all user and system files are encrypted, including swapping and hibernation files. So let's talk about how to combine flash memory to use Vista BitLocker to encrypt system partitions.

Master Dong teaches you: Vista encrypted disk partitions are available in two ways

There are two ways to use BitLocker for Vista encryption, with different conditions.

1.TPM Encryption mode: Requires the computer's motherboard with a 1.2 version of the TPM chip, the system will unlock the disk required to store the root key in the TPM chip.

2. Flash encryption mode: The motherboard does not need to contain the TPM chip, but the use of flash encryption. The condition is that the motherboard supports USB boot, and the current computer basically supports USB boot.

Activate Flash encryption mode

For Vista BitLocker encryption, we can only encrypt the system partition. Because the TPM mode application is not wide enough, this article chooses the Flash encryption mode. The first thing to do is to open the appropriate settings in Group Policy, because Vista does not support BitLocker encryption with USB Flash mode by default.

The first step: click "Start → run" (no "run" Display, right click "taskbar → properties → Start menu → custom", check "Run command" can be.) , enter "Gpedit.msc" to open the Group Policy Object Editor. This article is from http://bianceng.cn (learn computer)

Step Two: Locate the "Computer Configuration → Administrative Templates →windows component →bitlocker Drive Encryption" item on the left. On the right, double-click Control Panel Settings: Enable advanced startup options, and on the Open dialog box, make sure the Enabled radio buttons is selected. And make sure that BitLocker is allowed (requires a startup key on a USB flash drive) When "No compatible TPM is checked", as shown in Figure 1.

Figure 1 putting the encryption key into the flash

First step: In the Start menu, in the Start search box, enter "BitLocker" and Return, click "BitLocker Drive Encryption" in the search results to start the Control Panel component. Now open Control Panel → security, and you can see the "BitLocker Drive Encryption" option.

Step Two: Click the "Enable bitlocker→ USB key to start every time" button (Figure 2).

Figure 2

Step three: Insert any volume of flash memory, select the flash drive, click the "Save" button and save the startup key in Flash memory. Now note that if you do not have this flash "key", you will not be able to boot, so it is recommended to carry the flash memory.

Fourth: The next step is to back up your password, mainly for emergency recovery, such as forgetting to bring the boot flash. Here you need to specify that you want to save a 48-digit recovery password and recommend that you use the 3 options available: Keep flash memory, save in folder, print. Note: The backup password should not be kept in the same flash as the startup key.

Fifth step: Recover Password Save a dialog box appears asking if you want to perform system detection to confirm that you can read the startup key or recover the password at power-on, and check the "Run BitLocker system Check" checkbox.

Sixth step: Click the "Continue" button, the system will be prompted to reboot, after the reboot will be automatically detected to ensure that BitLocker is working properly, after the boot, you can start waiting for encrypted windows partition (time is 1-2 hours). Finally, the system needs to reboot, at which point you need to insert the boot flash that you just made into the computer. The reboot system is under BitLocker protection.

Emergency recovery of encrypted systems

If the USB key is corrupted, the boot computer will be locked and automatically enter the text interface of Figure 3, then insert the flash memory with the recovery password and press the "ESC" key to restart the computer and enter the encrypted disk partition.

Figure 3

If you do not save the recovery password in flash memory, you can press ENTER when displaying the interface shown in Figure 4, and then enter the next interface

Figure 4

Here you can manually enter a 48-digit recovery password, if you cannot press the number key input number, you can press f1~f9 key instead of 1~9, press the F10 key instead of 0. If you enter the correct recovery password, the computer automatically starts.

Master Dong tips: If you move an encrypted hard disk to a new computer, we can also restore the key in the same way, and then transfer the data.