In Windows Server 2008 and prior operating systems primarily used BitLocker Drive Encryption (BitLocker) to protect the operating system volume. Information stored on other volumes, including removable media, was encrypted by using Encrypted File System (EFS).
In Windows 7, you can use BitLocker to encrypt removable drives, such as eSATA hard disks, USB hard disks, USB thumb drives, or CompactFlash drives. This allows you to protect information stored on removable media with the same level of protection as the operating system volume.
BitLocker requires the use of a Trusted Platform Module (TPM) device or physical key to access information encrypted by BitLocker. You can also require a personal identification number (PIN) in addition to the TPM device or physical key.
BitLocker keys can also be archived in Active Directory, which provide an extra level of protection in the event that the physical key is lost or the TPM device fails. This integration between Windows 7 and Windows Server 2008 R2 allows you to protect sensitive information without worrying about users losing their physical key.
|