1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bitlocker question

Discussion in 'Windows 7' started by Cameo, Jun 21, 2010.

  1. Cameo

    Cameo Flightless Bird

    I am ready to upgrade my 64-bit Home Premium installation to Pro and
    wondering if it's worth to spend the extra bucs to upgrade to Ultimate
    instead, just so I also get the Bitlocker encryption. Or ... I could
    spend the extra bucs later for a 3rd party encryption software that also
    integrates transparently with Win7. When I worked at my previous
    employer, we used to have such a 3rd party encryption software on our
    company laptops that once installed, were virtually transparent to use;
    once you logged into your Windows account, that username & password was
    automatically used by the encryption software as well. You could
    designate individual folders for encryption (such as "MyDocuments",) not
    just the entire HD. I wish I remembered what the software's name was,
    though it may not have been available for retail customers.

    I wonder if Bitlocker is also as easy to use and if it has a folder-only
    encryption option. I tried TrueCrypt ones, but I did find it very
    convenient to use and I could not figure out how to encrypt existing
    folders with it.
     
  2. Seth

    Seth Flightless Bird

    "Cameo" <cameo@invalid.invalid> wrote in message
    news:hvp6e3$gva$1@news.eternal-september.org...
    > I am ready to upgrade my 64-bit Home Premium installation to Pro and
    > wondering if it's worth to spend the extra bucs to upgrade to Ultimate
    > instead, just so I also get the Bitlocker encryption. Or ... I could spend
    > the extra bucs later for a 3rd party encryption software that also
    > integrates transparently with Win7. When I worked at my previous employer,
    > we used to have such a 3rd party encryption software on our company
    > laptops that once installed, were virtually transparent to use; once you
    > logged into your Windows account, that username & password was
    > automatically used by the encryption software as well. You could designate
    > individual folders for encryption (such as "MyDocuments",) not just the
    > entire HD. I wish I remembered what the software's name was, though it may
    > not have been available for retail customers.
    >
    > I wonder if Bitlocker is also as easy to use and if it has a folder-only
    > encryption option. I tried TrueCrypt ones, but I did find it very
    > convenient to use and I could not figure out how to encrypt existing
    > folders with it.


    BitLocker is whole disk. On a modern machine with a TPM chip, it integrates
    completely into Windows and ties the hard drive to the machine it is in. A
    person couldn't just simply take your drive, pop it into a USB adapter and
    read the files, any files.

    On machines without TPM, it's implementation is slightly different and will
    differ by choices made at installation time, but still remains "whole disk".
     
  3. Cameo

    Cameo Flightless Bird

    "Seth" <sethNOSPAM@NOSPAMclcpro.com> wrote:
    > BitLocker is whole disk. On a modern machine with a TPM chip, it
    > integrates completely into Windows and ties the hard drive to the
    > machine it is in. A person couldn't just simply take your drive, pop
    > it into a USB adapter and read the files, any files.
    >
    > On machines without TPM, it's implementation is slightly different and
    > will differ by choices made at installation time, but still remains
    > "whole disk".


    How do I know if my laptop has that chip?
     
  4. Cameo

    Cameo Flightless Bird

    "Seth" <sethNOSPAM@NOSPAMclcpro.com> wrote in message
    news:hvp7bl$i06$1@news.eternal-september.org...
    > BitLocker is whole disk. On a modern machine with a TPM chip, it
    > integrates completely into Windows and ties the hard drive to the
    > machine it is in. A person couldn't just simply take your drive, pop
    > it into a USB adapter and read the files, any files.


    One more thing ... What about image backups one makes -- say with
    Acronis -- and would want to restore such a backup to a new HD in case
    the old gets damaged? Would it be possible with BitLocker installed?
    Also, besides the Win7 partition I still keep the original Vista on a
    separate, smaller partition (Dual Boot) on the same HD. If Bitlocker
    encodes that partition, too, I could no longer boot up into Vista, would
    I?
     
  5. Seth

    Seth Flightless Bird

    "Cameo" <cameo@invalid.invalid> wrote in message
    news:hvpjev$sg5$1@news.eternal-september.org...
    > "Seth" <sethNOSPAM@NOSPAMclcpro.com> wrote:
    >> BitLocker is whole disk. On a modern machine with a TPM chip, it
    >> integrates completely into Windows and ties the hard drive to the machine
    >> it is in. A person couldn't just simply take your drive, pop it into a
    >> USB adapter and read the files, any files.
    >>
    >> On machines without TPM, it's implementation is slightly different and
    >> will differ by choices made at installation time, but still remains
    >> "whole disk".

    >
    > How do I know if my laptop has that chip?


    Check in your BIOS or at the laptop makers website. it would be listed in
    the specs.
     
  6. Seth

    Seth Flightless Bird

    "Cameo" <cameo@invalid.invalid> wrote in message
    news:hvpqr2$kks$1@news.eternal-september.org...
    > "Seth" <sethNOSPAM@NOSPAMclcpro.com> wrote in message
    > news:hvp7bl$i06$1@news.eternal-september.org...
    >> BitLocker is whole disk. On a modern machine with a TPM chip, it
    >> integrates completely into Windows and ties the hard drive to the machine
    >> it is in. A person couldn't just simply take your drive, pop it into a
    >> USB adapter and read the files, any files.

    >
    > One more thing ... What about image backups one makes -- say with
    > Acronis -- and would want to restore such a backup to a new HD in case the
    > old gets damaged? Would it be possible with BitLocker installed?
    > Also, besides the Win7 partition I still keep the original Vista on a
    > separate, smaller partition (Dual Boot) on the same HD. If Bitlocker
    > encodes that partition, too, I could no longer boot up into Vista, would
    > I?


    Should work with Vista, but I never tried it in a dual boot scenario. Would
    work with Acronis if imaged while in Windows as the data is decrypted as it
    is read. Don't think it would work form an Acronis boot disk though.
     
  7. Cameo

    Cameo Flightless Bird

    "Seth" <sethNOSPAM@NOSPAMclcpro.com> wrote in message
    news:hvq3vf$jgf$1@news.eternal-september.org...
    >>> On machines without TPM, it's implementation is slightly different
    >>> and will differ by choices made at installation time, but still
    >>> remains "whole disk".

    >>
    >> How do I know if my laptop has that chip?

    >
    > Check in your BIOS or at the laptop makers website. it would be listed
    > in the specs.


    Well, I checked both the BIOS and the specs of this HP tx1410us notebook
    and could not find any reference to TPM in it even though I bought it
    new in Feb. 2008. So, I guess Bitlocker would not work for me then,
    right?
     
  8. Gene E. Bloch

    Gene E. Bloch Flightless Bird

    On Wed, 23 Jun 2010 10:20:24 -0700, Cameo wrote:

    > "Seth" <sethNOSPAM@NOSPAMclcpro.com> wrote in message
    > news:hvq3vf$jgf$1@news.eternal-september.org...
    >>>> On machines without TPM, it's implementation is slightly different
    >>>> and will differ by choices made at installation time, but still
    >>>> remains "whole disk".
    >>>
    >>> How do I know if my laptop has that chip?

    >>
    >> Check in your BIOS or at the laptop makers website. it would be listed
    >> in the specs.

    >
    > Well, I checked both the BIOS and the specs of this HP tx1410us notebook
    > and could not find any reference to TPM in it even though I bought it
    > new in Feb. 2008. So, I guess Bitlocker would not work for me then,
    > right?


    I have no personal idea (TrueCrypt satisfies my limited needs), but this is
    found in the quotes in the thread you're replying to:

    "On machines without TPM, it's implementation is slightly different and
    will differ by choices made at installation time, but still remains 'whole
    disk'."

    It's the first text in the quoted part or your reply; it seems to say that
    it doesn't need TPM to work.

    --
    Gene E. Bloch (Stumbling Bloch)
     
  9. Cameo

    Cameo Flightless Bird

    "Gene E. Bloch" <not-me@other.invalid> wrote:
    > I have no personal idea (TrueCrypt satisfies my limited needs), but
    > this is
    > found in the quotes in the thread you're replying to:
    >
    > "On machines without TPM, it's implementation is slightly different
    > and
    > will differ by choices made at installation time, but still remains
    > 'whole
    > disk'."
    >
    > It's the first text in the quoted part or your reply; it seems to say
    > that
    > it doesn't need TPM to work.


    Oops, that's embarrassing! It slipped my mind.
     
  10. Gene E. Bloch

    Gene E. Bloch Flightless Bird

    On Wed, 23 Jun 2010 16:58:24 -0700, Cameo wrote:

    > "Gene E. Bloch" <not-me@other.invalid> wrote:
    >> I have no personal idea (TrueCrypt satisfies my limited needs), but
    >> this is
    >> found in the quotes in the thread you're replying to:
    >>
    >> "On machines without TPM, it's implementation is slightly different
    >> and
    >> will differ by choices made at installation time, but still remains
    >> 'whole
    >> disk'."
    >>
    >> It's the first text in the quoted part or your reply; it seems to say
    >> that
    >> it doesn't need TPM to work.

    >
    > Oops, that's embarrassing! It slipped my mind.


    Well, then, do I get points for tripping you up? :)

    Probably I should instead just get demerits for being a nag...

    --
    Gene E. Bloch (Stumbling Bloch)
     
  11. Seth

    Seth Flightless Bird

    "Cameo" <cameo@invalid.invalid> wrote in message
    news:hvtfn5$t2a$1@news.eternal-september.org...
    > "Seth" <sethNOSPAM@NOSPAMclcpro.com> wrote in message
    > news:hvq3vf$jgf$1@news.eternal-september.org...
    >>>> On machines without TPM, it's implementation is slightly different and
    >>>> will differ by choices made at installation time, but still remains
    >>>> "whole disk".
    >>>
    >>> How do I know if my laptop has that chip?

    >>
    >> Check in your BIOS or at the laptop makers website. it would be listed in
    >> the specs.

    >
    > Well, I checked both the BIOS and the specs of this HP tx1410us notebook
    > and could not find any reference to TPM in it even though I bought it new
    > in Feb. 2008. So, I guess Bitlocker would not work for me then, right?


    It can still be used, it just won't be as transparent.
     
  12. Cameo

    Cameo Flightless Bird

    "Seth" <sethNOSPAM@NOSPAMclcpro.com> wrote:
    >> Well, I checked both the BIOS and the specs of this HP tx1410us
    >> notebook and could not find any reference to TPM in it even though I
    >> bought it new in Feb. 2008. So, I guess Bitlocker would not work for
    >> me then, right?

    >
    > It can still be used, it just won't be as transparent.


    OK, so does that mean that the encryption without hardware TPM will
    mean a big performance hit on the CPU? I also wonder how I could still
    boot into my Vista partition on the same HD even though I implement the
    TPM in the Win7 partition. In my mind Vista would not "know" about the
    TPM and thus could not be able to decrypt the HD to use it or even boot
    up. What is it I am missing here?
     
  13. Seth

    Seth Flightless Bird

    "Cameo" <cameo@invalid.invalid> wrote in message
    news:i05vpo$749$1@news.eternal-september.org...
    > "Seth" <sethNOSPAM@NOSPAMclcpro.com> wrote:
    >>> Well, I checked both the BIOS and the specs of this HP tx1410us notebook
    >>> and could not find any reference to TPM in it even though I bought it
    >>> new in Feb. 2008. So, I guess Bitlocker would not work for me then,
    >>> right?

    >>
    >> It can still be used, it just won't be as transparent.

    >
    > OK, so does that mean that the encryption without hardware TPM will
    > mean a big performance hit on the CPU? I also wonder how I could still
    > boot into my Vista partition on the same HD even though I implement the
    > TPM in the Win7 partition. In my mind Vista would not "know" about the TPM
    > and thus could not be able to decrypt the HD to use it or even boot up.
    > What is it I am missing here?


    No performance difference as the TPM isn't an encryption accelerator (at
    least no performance hit vs. a TPM equipped machine, any encryption will hit
    performance vs. non-encrypted).

    Can't answer the question regarding dual-boot as non of my machines use dual
    boot nor do I support it in my environment.

    I do have to question what is the point in dual-booting with Vista and
    Windows 7 though. What does one need with Vista when you have Windows 7? Is
    there something you have that won't work in Windows 7 that does work in
    Vista?
     

Share This Page