Pin Me

BitLocker To Go - Setup & Tips for Windows 7 USB Drive Encryption

written by: Mark Muller•edited by: Bill Bunter•updated: 11/17/2010

BitLocker To Go complements BitLocker Drive Encryption so that Windows 7 can now protect both fixed as well as removable drives including USB sticks which often get misplaced or lost. Here’s how to set up BitLocker To Go, including tips for the encryption process and your USB stick protection.

  • slide 1 of 14

    The Purpose of this Tool

    BitLocker To Go for Windows 7 is a great new feature of Microsoft’s latest operating which can now be used to encrypt data and information on removable hard disks and USB sticks - which sometimes get lost, forgotten or stolen.

    BitLocker To Go is made available in the flagship versions of Windows 7, Ultimate for individual use as well as Enterprise edition, which can be used to safeguard company documents by restricting writing to UBS sticks to BitLocker To Go-protected memory sticks for example.

    BitLocker To Go for Windows 7 is an easy-to-configure feature which places a small piece of reader software on encrypted drives so that they can be decrypted and opened by all recent Microsoft Windows operating system including Windows XP and Vista. BitLocker To Go complements BitLocker Drive Encryption which is helpful for securing fixed drives.

  • slide 2 of 14
  • slide 3 of 14

    Encryption

    You can start the encryption process by right-clicking a removable drive in Windows Explorer and selecting Turn On Bit Locker, or, alternatively, by navigating to Control Panel, System and Security, BitLocker Drive Encryption. There, under Bit Locker Drive Encryption – BitLocker To Go you will find all USB sticks and external hard disk which can be secured. Click Turn On Bit Locker to proceed.

  • slide 4 of 14
  • slide 5 of 14

    When you see the first screen BitLocker To Go initializes the drive, and you shall not remove it during setup. Then, either enter a password with a minimal length of 8 characters to unlock the encrypted drive, or specify a smartcard. On the next screen you are being asked to store or print your recovery key, a fallback method should you forget the password of the encrypted drive. The wizard then leads over to the Are you ready to encrypt this drive screen which makes the point that BitLocker To Go is rather a time-consuming process even for small USB sticks.

    The next step starts the encryption process. The BitLocker To Go wizard mentions that you should “pause encryption before removing the drive or files on the drive could be damaged “, but let me add that you ought to make sure that the energy supply won’t be interrupted either as this would likely lead to data corruption. The encryption may take hours to complete depending on hard disk capacity and computer speed, yet BitLocker To Go decrypts instantly.

  • slide 6 of 14
  • slide 7 of 14

    Decryption & Management

    On Windows 7 insert the memory stick or attach the removable hard disk, and then type your password or insert your smart card to make use of the encrypted device.

  • slide 8 of 14
  • slide 9 of 14

    You can configure Windows 7 to automatically unlock a drive trough Manage BitLocker in the drive’s context menu or in Control Panel; yet I think this only make sense for one’s private computers. Elsewhere it would impose a risk as BitLocker To Go needs to save your recovery key on every computer for automatic decryption. Thus, it is generally safer to enter your password or smart card PIN upon inserting a USB stick for example.

    Manage BitLocker additionally permits you to remove or change a password, save or change your recovery key as well as configuring a smart card for BitLocker To Go authentication.

  • slide 10 of 14
  • slide 11 of 14

    At the time you encrypted your removable device Windows 7 placed a small utility on it so that you can access its protected data on Windows XP and Windows Vista as well. The BitLocker To Go Reader decrypts all content on the fly, but its restricted functionality only permits to drag and drop files from the protected media to, for instance, your desktop where files and folders will no longer be encrypted and protected.

  • slide 12 of 14
  • slide 13 of 14

    You will not be able to copy objects back onto BitLocker To Go encrypted drives unless the computer runs the Ultimate or Enterprise edition of Windows 7. Moreover, as Microsoft BitLocker technology always applies to the entire drive or USB stick you won’t be able to store new or unencrypted objects either if your computer has a different edition of Windows 7, Windows XP or Vista installed.

  • slide 14 of 14

    The Bottom Line

    BitLocker To Go complements BitLocker Drive Encryption for fixed drives, and is really useful to protect removable drives including USB sticks which often get lost or misplaced. Despite Windows 7 currently being at the Release Candidate stage it is strongly recommend to protect your BitLocker To Go-enabled USB stick by installing an anti-virus program on your machine such as found in Bright Hub’s Top Antivirus Software for Windows 7.

References

  • Screenshots by the writer
  • Author's experience