It also allows access if you lose your primary key or forget your password. If Windows detects a change in the boot environment, such as newly installed hardware, it may ask for this recovery key. If you bypassed TPM, you have just two options: “Enter a Password” or “Insert a USB Flash Drive,” which are similar to the latter two TPM options.Ħ.However, your computer must support reading USB devices in the pre-boot environment the BitLocker setup will test this automatically. Require a Startup Key at Every Startup: This option requires a physical USB drive to serve as an additional key.Require a PIN at Every Startup: This option requires a four to 20-digit PIN in addition to TPM by default, you can use only numbers unless you previously enabled Enhanced PINs.BitLocker Without Additional Keys: This option boots straight from the TPM key, so no additional keys or PINs are required although convenient, this option is also less secure, because someone with physical access to your computer wouldn’t need a boot key either.If you have a 1.2+TPM, you have three options:.Choose your preferred authentication method. When the preliminaries are over you’ll arrive at a screen to select your authentication method.ĥ. A non-TPM-enabled might run a system check or shrink your C: drive to house an encryption key. For example, a TPM-enabled computer will reboot, request that you setup TPM and then open the BitLocker setup again. The selections vary depending on your setup, but it does a good job walking you through. Click Next and follow the onscreen prompts. Group Policy also lets you enable “Enhanced PINs” for TPM, which supports alphanumeric characters and symbols in the boot PIN, instead of only Function-key-entered numbers.Ĥ. Windows 8.1 gives you a workaround through Group Policy, which optionally configures BitLocker to use a USB key or password in place of TPM. If you don’t have a 1.2+ TPM, which is quite possible, don’t fret. You can also start the BitLocker setup, and it will tell you if no TPM is found. If you don’t have an appropriate chip, you will see “Compatible TPM Cannot Be Found” in the resulting window. To test if you have a useable TPM, press Win-R to open the Run dialog, type tpm.msc and press Enter. Automatic authorization seemingly defeats the purpose of full-disk encryption, but it at least prevents access to files on a cloned hard drive or when the hard drive is installed on another computer, for example to bypass Windows login using another operating system. This chip securely stores your boot key, so you could optionally boot the computer without ever entering a password. It also requires a 1.2+ Trusted Platform Module (TPM) on your motherboard, at least using the default settings. Unfortunately, this utility is only available in the Professional or Enterprise editions. For one, it does nothing to prevent an Internet hacker from breaking into a running, Internet-connected computer and accessing on-the-fly decrypted files.Įncryption also doesn’t protect your files after you’ve entered your boot key and have your system running, because access is already authorized (however, it does lock down again when entering hibernation or shutting down).įinally, files copied to an unencrypted drive are potentially accessible on that drive, even if the originals are safely locked away on the encrypted drive.Īlthough there were once several encryption solutions for Windows, BitLocker Drive Encryption is now the obvious choice for Windows 8.1 due to its ease of use and full integration in the operating system. This security does impose a small performance overhead, but with ever-quickening processors, the effect is negligible compared to the benefits. Failure to provide this key prevents access to any data, even if the hard drive is imaged or relocated to another operating system. Once encryption is enabled, however, a thief would need to provide an additional boot key before ever encountering the traditional Windows login. Without encryption, a thief could readily circumvent the meager Windows password to gain access to sensitive files. Learn how to turn on BitLocker using the default settings or use a Group Policy workaround, instead.įor the security-conscious user, full-disk encryption is a necessity of digital life, especially when using mobile laptops that are commonly stolen. Plz Be Patient to Ungergo This Process(if you find difficulties Inbox Me is available to anyone using Windows 8.1 Pro or Enterprise editions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |