Vista - Bitlocker experience

Hello:

I installed Windows Vista RC2 last sunday, and enabled Bitlocker that same
day. At first a little bit reluctant to the idea of having my whole volume
encrypted and potentially locked, since this was a fresh install (still had
no valuable info), I went for it.

Since my laptop does not have a TPM chip, I had to stick with storing the
key on a USB drive (which happens to be an iPod shuffle by the way).

Well, today, I have loaded all my personal information into the box, and my
experience with Bitlocker is just great. The functionality is truly as
transparent as the documentation states, and, to my surprise, system
performance has not been degraded. I actually run a virtual machine (which is
stored in the same encrypted volume) and it runs as fast as before enabling
Bitlocker.

The pre-OS user interface is straightforward and simple, impossible for an
end-user to get lost. I am an IT Security Consultant, but I always try to see
things as an end-user would.

To those wanting to try Bitlocker by themselves, I'd recommend STRICTLY
adhering to the Microsoft recommendations and guidelines
(http://www.microsoft.com/technet/win...bitlockr.mspx).

Thanks for your time, and my congratulations to the Bitlocker Team at
Microsoft. I think they've done a marvelous job.

Thanks very much for this feedback Luis, this is the kind of thing that
makes my day!
-
Jamie Hunter [MS]

"Luis Carlos Delgado (Costa Rica)"
<LuisCarlosDelgadoCostaRica@discussions.microsoft.com> wrote in message
news:633FC5C5-B21B-4DED-8E38-A761A1E4D659@microsoft.com...
> Hello:
>
> I installed Windows Vista RC2 last sunday, and enabled Bitlocker that same
> day. At first a little bit reluctant to the idea of having my whole volume
> encrypted and potentially locked, since this was a fresh install (still
> had
> no valuable info), I went for it.
>
> Since my laptop does not have a TPM chip, I had to stick with storing the
> key on a USB drive (which happens to be an iPod shuffle by the way).
>
> Well, today, I have loaded all my personal information into the box, and
> my
> experience with Bitlocker is just great. The functionality is truly as
> transparent as the documentation states, and, to my surprise, system
> performance has not been degraded. I actually run a virtual machine (which
> is
> stored in the same encrypted volume) and it runs as fast as before
> enabling
> Bitlocker.
>
> The pre-OS user interface is straightforward and simple, impossible for an
> end-user to get lost. I am an IT Security Consultant, but I always try to
> see
> things as an end-user would.
>
> To those wanting to try Bitlocker by themselves, I'd recommend STRICTLY
> adhering to the Microsoft recommendations and guidelines
> (http://www.microsoft.com/technet/win...bitlockr.mspx).
>
> Thanks for your time, and my congratulations to the Bitlocker Team at
> Microsoft. I think they've done a marvelous job.

And don't forget to take a printout of the recovery password

--
Vipin Aravind
http://blogs.explorewindows.com

"Luis Carlos Delgado (Costa Rica)"
<LuisCarlosDelgadoCostaRica@discussions.microsoft.com> wrote in message
news:633FC5C5-B21B-4DED-8E38-A761A1E4D659@microsoft.com...
> Hello:
>
> I installed Windows Vista RC2 last sunday, and enabled Bitlocker that same
> day. At first a little bit reluctant to the idea of having my whole volume
> encrypted and potentially locked, since this was a fresh install (still
> had
> no valuable info), I went for it.
>
> Since my laptop does not have a TPM chip, I had to stick with storing the
> key on a USB drive (which happens to be an iPod shuffle by the way).
>
> Well, today, I have loaded all my personal information into the box, and
> my
> experience with Bitlocker is just great. The functionality is truly as
> transparent as the documentation states, and, to my surprise, system
> performance has not been degraded. I actually run a virtual machine (which
> is
> stored in the same encrypted volume) and it runs as fast as before
> enabling
> Bitlocker.
>
> The pre-OS user interface is straightforward and simple, impossible for an
> end-user to get lost. I am an IT Security Consultant, but I always try to
> see
> things as an end-user would.
>
> To those wanting to try Bitlocker by themselves, I'd recommend STRICTLY
> adhering to the Microsoft recommendations and guidelines
> (http://www.microsoft.com/technet/win...bitlockr.mspx).
>
> Thanks for your time, and my congratulations to the Bitlocker Team at
> Microsoft. I think they've done a marvelous job.

Jamie,
Could you give me your email id?

--
Vipin Aravind
http://blogs.explorewindows.com

"Jamie Hunter [MS]" <jamiehun@nospam.microsoft.com> wrote in message
news:A9FF79FF-D78F-447D-9ECD-721C3A515922@microsoft.com...
> Thanks very much for this feedback Luis, this is the kind of thing that
> makes my day!
> -
> Jamie Hunter [MS]
>
> "Luis Carlos Delgado (Costa Rica)"
> <LuisCarlosDelgadoCostaRica@discussions.microsoft.com> wrote in message
> news:633FC5C5-B21B-4DED-8E38-A761A1E4D659@microsoft.com...
>> Hello:
>>
>> I installed Windows Vista RC2 last sunday, and enabled Bitlocker that
>> same
>> day. At first a little bit reluctant to the idea of having my whole
>> volume
>> encrypted and potentially locked, since this was a fresh install (still
>> had
>> no valuable info), I went for it.
>>
>> Since my laptop does not have a TPM chip, I had to stick with storing the
>> key on a USB drive (which happens to be an iPod shuffle by the way).
>>
>> Well, today, I have loaded all my personal information into the box, and
>> my
>> experience with Bitlocker is just great. The functionality is truly as
>> transparent as the documentation states, and, to my surprise, system
>> performance has not been degraded. I actually run a virtual machine
>> (which is
>> stored in the same encrypted volume) and it runs as fast as before
>> enabling
>> Bitlocker.
>>
>> The pre-OS user interface is straightforward and simple, impossible for
>> an
>> end-user to get lost. I am an IT Security Consultant, but I always try to
>> see
>> things as an end-user would.
>>
>> To those wanting to try Bitlocker by themselves, I'd recommend STRICTLY
>> adhering to the Microsoft recommendations and guidelines
>> (http://www.microsoft.com/technet/win...bitlockr.mspx).
>>
>> Thanks for your time, and my congratulations to the Bitlocker Team at
>> Microsoft. I think they've done a marvelous job.
>

There's a link off http://blogs.msdn.com/si_team that can be used for direct
contact (save me posting anything in the newsgroups for the bots to find
-
Jamie Hunter [MS]

"Vipin" <Vipin@nospam.com> wrote in message
news:OaK2CGH%23GHA.1224@TK2MSFTNGP05.phx.gbl...
> Jamie,
> Could you give me your email id?
>
> --
> Vipin Aravind
> http://blogs.explorewindows.com
>

Hi,

If the CIA/FBI get hold of a "terrorist" laptop that has bitlocker
encryption, how long will it take them to get the information off the
laptop if the suspected owner refuses to disclose the password?

Jamie Hunter [MS] wrote:
> Thanks very much for this feedback Luis, this is the kind of thing that
> makes my day!
> -
> Jamie Hunter [MS]
>
> "Luis Carlos Delgado (Costa Rica)"
> <LuisCarlosDelgadoCostaRica@discussions.microsoft.com> wrote in message
> news:633FC5C5-B21B-4DED-8E38-A761A1E4D659@microsoft.com...
>> Hello:
>>
>> I installed Windows Vista RC2 last sunday, and enabled Bitlocker that
>> same
>> day. At first a little bit reluctant to the idea of having my whole
>> volume
>> encrypted and potentially locked, since this was a fresh install
>> (still had
>> no valuable info), I went for it.
>>
>> Since my laptop does not have a TPM chip, I had to stick with storing the
>> key on a USB drive (which happens to be an iPod shuffle by the way).
>>
>> Well, today, I have loaded all my personal information into the box,
>> and my
>> experience with Bitlocker is just great. The functionality is truly as
>> transparent as the documentation states, and, to my surprise, system
>> performance has not been degraded. I actually run a virtual machine
>> (which is
>> stored in the same encrypted volume) and it runs as fast as before
>> enabling
>> Bitlocker.
>>
>> The pre-OS user interface is straightforward and simple, impossible
>> for an
>> end-user to get lost. I am an IT Security Consultant, but I always try
>> to see
>> things as an end-user would.
>>
>> To those wanting to try Bitlocker by themselves, I'd recommend STRICTLY
>> adhering to the Microsoft recommendations and guidelines
>> (http://www.microsoft.com/technet/win...bitlockr.mspx).
>>
>> Thanks for your time, and my congratulations to the Bitlocker Team at
>> Microsoft. I think they've done a marvelous job.
>


--
Gerry Hickman (London UK)

Well depends on how the notebook was encrypted.

If they are using TPM only then the key is in the chip and probalby
accesable with the technology they have. If they escrow the key to a domain
I am sure the FBI can get that too. If you do TPM + PIN using managebde
then there is less likely hood they could get at the data. But I dobut a
terrorist would trust the built in encryption technology anyway.

--
Josh
http://windowsconnected.com

Now with NNTP goodness!

"Gerry Hickman" <gerry666uk@newsgroup.nospam> wrote in message
news:%23D3gVFJDHHA.4228@TK2MSFTNGP03.phx.gbl...
> Hi,
>
> If the CIA/FBI get hold of a "terrorist" laptop that has bitlocker
> encryption, how long will it take them to get the information off the
> laptop if the suspected owner refuses to disclose the password?
>
> Jamie Hunter [MS] wrote:
>> Thanks very much for this feedback Luis, this is the kind of thing that
>> makes my day!
>> -
>> Jamie Hunter [MS]
>>
>> "Luis Carlos Delgado (Costa Rica)"
>> <LuisCarlosDelgadoCostaRica@discussions.microsoft.com> wrote in message
>> news:633FC5C5-B21B-4DED-8E38-A761A1E4D659@microsoft.com...
>>> Hello:
>>>
>>> I installed Windows Vista RC2 last sunday, and enabled Bitlocker that
>>> same
>>> day. At first a little bit reluctant to the idea of having my whole
>>> volume
>>> encrypted and potentially locked, since this was a fresh install (still
>>> had
>>> no valuable info), I went for it.
>>>
>>> Since my laptop does not have a TPM chip, I had to stick with storing
>>> the
>>> key on a USB drive (which happens to be an iPod shuffle by the way).
>>>
>>> Well, today, I have loaded all my personal information into the box, and
>>> my
>>> experience with Bitlocker is just great. The functionality is truly as
>>> transparent as the documentation states, and, to my surprise, system
>>> performance has not been degraded. I actually run a virtual machine
>>> (which is
>>> stored in the same encrypted volume) and it runs as fast as before
>>> enabling
>>> Bitlocker.
>>>
>>> The pre-OS user interface is straightforward and simple, impossible for
>>> an
>>> end-user to get lost. I am an IT Security Consultant, but I always try
>>> to see
>>> things as an end-user would.
>>>
>>> To those wanting to try Bitlocker by themselves, I'd recommend STRICTLY
>>> adhering to the Microsoft recommendations and guidelines
>>> (http://www.microsoft.com/technet/win...bitlockr.mspx).
>>>
>>> Thanks for your time, and my congratulations to the Bitlocker Team at
>>> Microsoft. I think they've done a marvelous job.
>>
>
>
> --
> Gerry Hickman (London UK)

Hi Josh,

> If they are using TPM only then the key is in the chip and probalby
> accesable with the technology they have.

Does this mean there's a back door into TPM?

> If they escrow the key to a domain
> I am sure the FBI can get that too.

Can you explain what it means "escrow the key to a domain". Do you mean
like the laptop is joined to a domain and they have an enterprise
certificate setup (or similar) but the FBI could hack the corporate
domain and get the key?

> If you do TPM + PIN using managebde
> then there is less likely hood they could get at the data.

Interesting...

> But I dobut a
> terrorist would trust the built in encryption technology anyway.

Hehe!

--
Gerry Hickman (London UK)

Inline for your convience....

--
Josh
http://windowsconnected.com

Now with NNTP goodness!

"Gerry Hickman" <gerry666uk@newsgroup.nospam> wrote in message
news:unlHbNQDHHA.1220@TK2MSFTNGP04.phx.gbl...
> Hi Josh,
>
>> If they are using TPM only then the key is in the chip and probalby
>> accesable with the technology they have.
>
> Does this mean there's a back door into TPM?

Not at all, it means governments have unlimited resources and a known
starting point....

>
>> If they escrow the key to a domain I am sure the FBI can get that too.
>
> Can you explain what it means "escrow the key to a domain". Do you mean
> like the laptop is joined to a domain and they have an enterprise
> certificate setup (or similar) but the FBI could hack the corporate domain
> and get the key?

sure once you apply the longhorn schema to your domain one of the options
for key escrow for Bitlocker is to an Active Directory domain. This writes
the key as a subobject of the computer object for recovery purposes. If the
FBI can get there hands on the domain then they would have the key.


>
> > If you do TPM + PIN using managebde
>> then there is less likely hood they could get at the data.
>
> Interesting...
>
>> But I dobut a terrorist would trust the built in encryption technology
>> anyway.
>
> Hehe!
>
> --
> Gerry Hickman (London UK)