Manage and Decrypt BitLocker Protected Disk Drive Version 1.2 or later BIOS Trusted Computing Group BIOS Physical presence interface Memory overwrite on reset Immutable CRTM or secure update USB System boot from USB 1.x and 2.x USB read/write in pre-operating system environment Hard Disk Requires at least two partitions Separate partitions for System and OSħ DEMO Configuring the Trusted Platform Module Set Ownership of the TPMīlock or Allow TPM Commands Turn Off and Clear TPMĨ DEMO Configuring BitLocker Group Policy SettingsĮnable BitLocker Encryption Without a TPM Configure BitLocker Group Policy Settingsĭisk Layout and Key Storage Operating System Volume Contains Encrypted OS Encrypted page file Encrypted temp files Encrypted data Encrypted hibernation file Where’s the Encryption Key? SRK (Storage Root Key) contained in TPM SRK encrypts the VMK (Volume Master Key) VMK encrypts FVEK (Full Volume Encryption Key) – used for the actual data encryption FVEK and VMK are stored encrypted on the Operating System Volume VMK FVEK 2 SRK 3 Operating System Volume 1 4 System Volume Contains MBR Boot Manager Boot Utilities Systemĭrive Type Removable data drives USB flash drives External hard drives Unlock Methods Passphrase Smart card Automatic unlocking Recovery Methods Recovery password Recovery key Active Directory backup of recovery password Data Recovery Agent Management Robust and consistent group policy controls Ability to mandate encryption prior to granting write access File Systems NTFS FAT FAT32 ExFATġ1 DEMO Encrypting Drives Using BitLocker and BitLocker To GoĪdd a Data Recovery Agent Encrypt FAT-Formatted Disk Drive Configure BitLocker To Goġ2 DEMO Using the Manage-BDE Command-Line ToolĮncrypt and Decrypt a Drive Using Manage-BDEġ3 Lost or forgotten authentication methodsĭata Recovery Scenarios Lost or forgotten authentication methods Upgrade to core files Broken hardware Deliberate attackĭata Recovery Methods Develop Strategy Active Directory Data Recovery Agents Windows Recovery Environmentġ5 DEMO Managing and Recovering Data Unlock FAT-Formatted Drive Improved Setup Wizard Automatic 200MB hidden boot partition New Key Protectors BitLocker To Go Support for FAT Protectors: DRA, passphrase, smart card and/or auto-unlock New GPOs to improve enterprise management Edition Availability BitLocker To Go Reader Trusted Module Management PINs Encrypt Data Volumes and Removable storage devices Recover Encrypted Data AppLocker Enforce Rules & Audit Only Mode AppLocker Management using PowerShell AppLocker Architecture AppLocker Deployment Best Practices AppLocker Vs Software Restriction PoliciesĮxtend BitLocker drive encryption to removable devices Create group policies to mandate the use of encryption and block unencrypted drives Simplify BitLocker setup and configuration of primary hard drive 1 virtual techdays Desktop Security with Windows 7 AppLocker & BitLocker to Go Aviraj Ajgekar│ Technology Evangelist │Microsoft Corporation Blog: │Ģ Agenda BitLocker enhancements and capabilities
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |