Use flash to encrypt data in Disk Partitions of Windows Vista

BitLocker is the disk partition encryption tool of Vista. It is a powerful data protection function provided by Vista Enterprise Edition and its flagship edition. BitLocker prevents hackers from damaging Vista files and system protection by guiding another operating system or running software hacking tools or viewing files stored on protected drives offline. This protection is implemented by encrypting the entire Windows volume. With BitLocker, all users and system files can be encrypted, including swap and sleep files. Next, let's talk about how to combine flash memory with Vista's BitLocker to encrypt system partitions.
BitLocker can be used to encrypt Vista in two ways, with different conditions.

1. TPM encryption mode: The computer's motherboard must have a tpm chip of version 1.2. The system will store the root key required to unlock the disk in the TPM chip.

2. Flash encryption mode: Flash encryption is used instead of the motherboard containing TPM chip. The condition is that the motherboard supports USB boot, and the current computer basically supports USB boot.

Enable Flash Encryption

For BitLocker encryption of Vista, we can only Encrypt System partitions. Because TPM mode is not widely used, this article chooses flash encryption mode. The first thing to do is to enable the corresponding settings in the Group Policy, because Vista does not support BitLocker encryption in USB flash memory by default.

Step 1: click "Start> Run" (if "run" is not displayed, right-click "Taskbar> Properties> Start Menu> Custom" and select "Run Command .), Enter "gpedit. msc" to open the "Group Policy object Editor ".

Step 2: Find the "Computer Configuration> management template> Windows Components> BitLocker drive encryption" item on the left. Double-click "Control Panel settings: enable advanced startup options" on the right. In the displayed dialog box, make sure that the "enabled" radio button is selected. Make sure that "enable BitLocker when no compatible TPM is selected (you need to enable the key on the USB flash drive)" is selected, as shown in 1.

Figure 1 Add the encryption key to the flash memory

Step 1: Enter "BitLocker" in the "Start search" box in the "START" menu and press Enter. Click "BitLocker drive encryption" in the search results to start the control panel component. Open "Control Panel> Security" and you will see the option "BitLocker drive encryption.

Step 2: click "enable BitLocker → Enable USB key upon each startup" (figure 2 ).

Step 3: Insert a flash memory of any capacity, select the flash drive letter, and click "save" to save the startup key in the flash memory. Now, you must note that if you do not have this flash key, you will not be able to start the system. Therefore, we recommend that you carry it with you.

Step 4: Back up your password and use it for emergency recovery, such as forgetting to bring the flash drive you just started. Here, you need to specify a 48-digit recovery password. We recommend that you use the three options: Save in flash, save in folder, and print. Note: Do not save the backup password and the startup key in the same flash.

Step 5: After the password is restored, a dialog box appears asking if you want to perform a system check to confirm that you can read the START key or resume the password and run it at startup, check the "run BitLocker system check" check box.

Step 6: click "continue" and the system will prompt you to restart the instance. After the instance is restarted, the system will automatically detect the instance to ensure that BitLocker works properly. After the instance is started, you can start to wait for the Windows partition to be encrypted (the time is 1 ~ 2 hours ). Finally, the system needs to be restarted. In this case, you need to insert the started flash memory into your computer. After the restart, the system is under the protection of BitLocker.

　　Urgently restore the encrypted system

If the USB key is damaged, the computer will be locked and automatically enters the text interface shown in Figure 3. Then, insert the flash memory with the password restored and press the "Esc" key, you can restart the computer and enter the encrypted disk partition.

Figure 3

If the recovery password is not saved in the flash memory, press enter on the page displayed in Step 4 to enter the next page.

Figure 4

Here, you can manually enter a 48-digit password. If you cannot press the number key to enter a number, you can press F1 ~ Replace 1 ~ with the F9 key ~ 9. Press F10 to replace 0. If the entered recovery password is correct, the computer will start smoothly.

If you move an encrypted hard disk to a new computer, you can restore the key in the same way, and then perform data transfer.