Configure Bitlocker in Windows 7 on a TPM enabled machine.

Introduction:

This guide is an update to my earlier post on Bitlocker in Windows Vista.

BitLocker Drive Encryption is an integral security feature in the Windows Vista and Windows 7 operating systems that provides considerable protection for the operating system on your computer and data stored on the operating system volume. BitLocker ensures that data stored on a computer running Windows Vista remains encrypted even if the computer is tampered with when the operating system is not running. This helps protect against “offline attacks,” attacks made by disabling or circumventing the installed operating system, or made by physically removing the hard drive to attack the data separately.

This guide demonstrates how to configure a basic installation of Bitlocker with a TPM Enabled machine and assumes you are performing a clean build on a new machine using a network based WDS build.

Important things to remember before you begin

  • Bitlocker is particularly recommended to users of Laptops within the University.
  • Backups are more important than ever on encrypted disks as recovery will be all but impossible if the disks hardware fails.
  • Changing a systems hardware will cause the TPM to react and have the system lock down. This can easily be fixed by using the Bitlocker recovery key but only if you still have it!

Prerequisites

A Machine with a TPM chip
Windows 7 Installation media (DVD or WDS install)

1. Build the machine as normal. Unlike Windows Vista, Windows 7 automatically creates (and hides) the tiny system parition required for drives encrypted with Bitlocker to boot.

2. Once the machine has finished building restart and enable your TPM in the BIOS if it is not already. There does not seem to be any convention on how the TPM is referred to but with HP machines it is so as the ‘Embedded Security Device’

3. Logon to Windows and navigate to Control Panel\All Control Panel Items\BitLocker Drive Encryption.

Bitlocker

4. Select the drive you want to Encrypt.

Bitlocker

5. Choose a method of saving your recovery key.

6. Check the ‘Run BitLocker system check’ option.

Bitlocker

7. Finally restart the machine. After logon you will see a notification that the drive is being Encrypted.

Bitlocker

More Microsoft blogs than your body can handle!

Yesterday BlogMS posted an up to date list of all the official Microsoft team blogs. There’s something for everyone there, with 252 in total!

Since we’re in Higher Education, I’m going to highlight the UK HE blog as one that should be interesting to many of the readers of this blog. You can check out the rest of the list for yourself to see what interests you:

http://blogs.technet.com/blogms/pages/directory-of-microsoft-team-blogs.aspx

Office 2010 reaches Technical Preview

Yesterday, at their Worldwide Partner Conference, Microsoft announced that the next release of Office has reached the Technical Preview milestone. The announcement included demos of some features, and there are more on their site Introducing Microsoft Office 2010 Technical Preview (unfortunately the site appeared to be struggling under the load, but Long Zheng contacted me to say he had reliable mirrors of the videos on his fantastic blog).

Office 2010 isn’t the revolutionary product that Office 2007 was, where Microsoft introduced it’s new Ribbon interface, but the Ribbon has evolved (and spread to the places where it wasn’t last time round, like Outlook), and they appear to have added some handy new features. You should check the videos out to see what may be most appealing to you, but there are some things that I think will give productivity gains to most users (albeit small ones, but they all add up over the lifetime of a version of version of Office).

I particularly like the new printing UI in Word which incorporates the printing dialogue options along with the print preview – it removes at least one step (checking the preview before going to the print the document), but it could potentially remove several iterations of checking the preview, altering the print options, checking the preview again, etc. This feature is actually part of what Microsoft call Backstage, which should be consistent across the whole Office suite. Also in Word, the Navigation Pane looks like a handy way to search and manage the order of sections in a large document.

In Outlook, if you’re going to send a message to someone on your Exchange infrastructure who has an out of office auto-reply setup, the new MailTips will tell you that when you add them to the recipient list, rather than you composing the message and sending it before you find out that the person isn’t there to read it. Something else in Outlook that got a lot of positive feedback on Twitter from the people watching the streaming video of the WPC keynote was the option to ignore a mail conversation, which would throw out all the past and future messages in a conversation (the conversation view of your inbox has been promoted to be the default in Outlook 2010).

For the first time, Office has an online version – Office Web Apps provide trimmed down versions of the desktop applications in the browser (IE/FF/Safari). This won’t be part of the Technical Preview, instead debuting later in the year. I don’t know if this has been announced before, but when you look at Google Docs it’s probably an obvious step – Office Web Apps will be free to consumers with a Windows Live ID. In addition, Microsoft will provide a hosted version for businesses (like Google do), but they also allow companies to host them locally, in case you don’t want to give your data to Microsoft (not an option with Google Docs).

Although I’m not a heavy user of Office (other than Outlook), I’m a bit of an Office junkie, so I expect I’ll post more about it up to the release, but in the meantime you can go and check out those vids and you might want to check out Paul Thurrott’s write-up of the Technical Preview on his SuperSite for Windows. If that makes you desperate to get your hands on the Technical Preview, you can add yourself to the Waitlist.

TechNet Conference goes virtual (19 June 2009)

From Microsoft:

We’re pleased to announce the launch of the very first TechNet Virtual Conference taking place on 19 June 2009.

You told us that time and budget pressures make attending in person events difficult – so to help both you and the environment we decided to take the TechNet Conference virtual. Now you and your colleagues can join us to get a flavour of some key Microsoft technologies from the comfort of your own desks.

  • Windows 7 – Deployment and Management
  • Windows Server 2008 R2 – 10 things to make life easier for IT Pros
  • An overview of Office Communications Server R2 and voice capabilities
  • The trials and tribulations of SharePoint implementation

We are also really pleased to announce an exclusive Keynote featuring Mark Russinovich, Microsoft Technical Fellow specialising in the Windows platform.

And that’s not the only difference this year. In addition to Microsoft technology news and product overviews from the experts, the TechNet Virtual Conference will also feature a second auditorium focused on IT Management, including:

  • How IT will change over the next 10 years and why you should care – an exclusive session delivered at TechEd EMEA
  • Growing the Business and Managing Costs at Microsoft – An Insider’s View, presented by Asif Jinnah, IT Manager, Microsoft UK

Click here to see the full agenda.

http://technet.microsoft.com/en-gb/dd819085.aspx