- The document describes various scenarios for using BitLocker Drive Encryption on Windows Vista systems, including using only TPM protection, two-factor authentication with TPM and PIN, and using a startup key for added protection.
- It provides details on the user experience for setting up BitLocker through the setup wizard and control panel, as well as creating and using recovery keys or passwords to access an encrypted drive in recovery scenarios.
- Scripting methods are also described for programmatically enabling, disabling, and managing BitLocker encryption and keys.
BitLocker Drive Encryption User Experience and Scenarios
1. BitLocker Drive Encryption:
Scenarios, User Experience, and
Flow
May 16, 2006
Abstract
This paper provides information about Microsoft® BitLocker™, a security feature
that is available in certain Microsoft Windows® operating systems. It provides
guidelines for IT administrators and advanced users to understand the different
scenarios that BitLocker supports, the user interfaces that help set up and manage
keys in the product, and the user experience flow.
This information applies for the Microsoft Windows Vista™ operating system.
The current version of this paper is maintained on the Web at:
http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerFlow.mspx
Contents
Overview..................................................................................................................................3
Basic BitLocker Use Scenario (TPM-Only)..............................................................................5
Two-Layer Protection Use Scenarios......................................................................................7
Two-Factor Protection: TPM and PIN.................................................................................7
Two-Layer Protection: TPM and Startup Key......................................................................8
Startup Key–Only Use Scenario............................................................................................10
Recovery Use Scenarios.......................................................................................................12
Accessing a Protected Volume by Using a Recovery Key ...............................................13
Accessing a Protected Volume by Using a Recovery Password .....................................14
Disabling Protection Use Scenario........................................................................................16
BitLocker Setup Wizard User Experience..............................................................................17
Control Panel Main Page..................................................................................................18
Option to Use a Startup Key or PIN for Added Security....................................................18
Save a Startup Key on a USB Drive.................................................................................19
Set a Startup PIN..............................................................................................................20
Create a Recovery Password ..........................................................................................21
Option to Save the Recovery Password...........................................................................22
Save a Recovery Password to a USB Drive.....................................................................22
Show the Recovery Password..........................................................................................23
Print the Recovery Password............................................................................................23
Save the Password in a Folder.........................................................................................24
Recovery Warning ............................................................................................................24
Encrypt the Volume...........................................................................................................25
Pre-Windows Boot and Recovery User Experience..............................................................25
Key Management User Experience.......................................................................................29
Manage Keys Options.......................................................................................................30
Duplicating the Recovery Password.................................................................................31
Duplicating the Startup Key...............................................................................................31
Resetting the PIN..............................................................................................................31
Definitions..............................................................................................................................31
Appendix ...............................................................................................................................33
Key Architecture and Design.............................................................................................33
Administration...................................................................................................................36