Windows 7: BitLocker To Go & Biometric improvements overview

Advertisement (Why?)

So far, in our Windows 7 Overview series, we have published the following:

Over the next few weeks we will be adding many more focus items on Windows 7 including Touch, Windows 7 networking and media enhancements. Stay tuned for the ultimate Windows 7 focus from Neowin.net. Here is an overview of BitLocker To Go and Biometric improvements in Windows 7.

Microsoft has introduced BitLocker To Go with Windows 7. Bitlocker To Go extends BitLocker drive encryption to USB storage devices, enabling them to be restricted with a passphrase. Many corporations have been asking for this feature since Windows XP when USB storage devices began to become more popular. In addition to having control over passphrase length and complexity, IT administrators can set a policy that requires users to apply BitLocker protection to removable drives before being able to write to them. BitLocker To Go also allows users to more securely share data with users who have not yet deployed Windows 7. Microsoft currently allows Windows XP SP3 and Windows Vista SP1 users to read BitLocker To Go devices using the passphrase. If you plug a bitlocker encrypted USB storage device into Windows 2000 or Windows XP SP2 you will simply see the device as a non-formatted device and will be unable to access the data. I took the feature for a spin earlier today and you can see the results below.

Microsoft has also introduced (with Windows 7) the Windows Biometric Framework. The framework is designed to make biometrics more reliable, compatible and usable in Windows 7. The Windows Biometric Framework also makes it easier for developers to include biometrics in their applications by providing a common API that can be added independently with each biometric fingerprint solution. Perhaps the most important addition in this area is that fingerprint sensors can now be used on domain enabled networks.

UPEK, who manufacture tens of millions of fingerprint sensors, has worked closely with Microsoft and released its pre-release protector suite and driver for Windows 7. The driver works well with Windows 7 and allows you to utilise the inbuilt fingerprint sensor to logon to Windows. I have been using the beta driver myself on a Lenovo X300 and you can find a demonstration below.

Bitlocker To Go

Below you can see the BitLocker control panel options, you can see that the USB key is currently encrypted:

To achieve encrypted status you need to do the following, click on protect in the Bitlocker control panel and you will get the following, allowing you to setup a strong pass phrase:

You must setup a recovery key so you can unlock the device if you forget the pass phrase:

Encryption will then begin and it took us approximately 20 mins for a slow 1GB stick. When you plug in the USB stick again it will prompt you for the pass phrase:

If you forget the pass phrase you can use the recovery key to unlock the device:

Biometric Improvements

Microsoft have introduced a control panel applet for managing fingerprint sensors:

You can associate various fingers per user:

You can also change the settings to enable/disable fingerprint logon, here you can see the domain option:

When you go to login to Windows the logon screen will look like this:

#1 +Lewism on 11 Jan 2009 - 21:27

Wow, built-in support from UPEK. I will install Windows 7 as soon as possible to try it since I have a fingerprint reader that is supported with UPEK software.

(2 replies) #2 Mav Phoenix on 11 Jan 2009 - 21:34

I love that bitlocker to go, it's exactly what I need currently for my drives!

#2.1 creamhackered on 11 Jan 2009 - 21:36

Yeah it's a great improvement, much needed. Especially for corp customers!

#2.2 +TCLN Ryster on 12 Jan 2009 - 11:26

creamhackered said,

Phew. When I read the article title "Bitlocker to go", my immediate thought was "oh no, they're scrapping bitlocker"

(2 replies) #3 3LAZe on 11 Jan 2009 - 21:40

I saw one of these finger unlock devices in some store (connect able via USB)

#3.1 +TCLN Ryster on 12 Jan 2009 - 11:27

Fingerprint readers have existed for years mate, they are nothing new.

#3.2 bruce w on 21 Jan 2009 - 20:59

You can buy a peripheral fingerprint reader from UPEK at http://www.upek.com/solutions/eikon if you don't already have one.

(4 replies) #4 sharp65 on 11 Jan 2009 - 21:49

The built in support for biometrics is great, very handy on my laptop.

#4.1 some_guy on 11 Jan 2009 - 21:54

its really polished too imo... for authentec users, go to their website to download the windows 7 driver

#4.2 creamhackered on 11 Jan 2009 - 21:58

even better that it works on domains!

#4.3 MioTheGreat on 11 Jan 2009 - 23:10

some_guy said,

http://www.authentec.com/win7beta32.cfm
http://www.authentec.com/win7beta64.cfm

I had to google it. I couldn't find the links on their website.

#4.4 sharp65 on 12 Jan 2009 - 03:58

It actually gave me the link directly to the 64 bit version of that driver inside the windows solution center. That's what surprised me to most.

(5 replies) #5 s3n4te on 11 Jan 2009 - 21:57

My fingerprint reader is listed under the Biometric devices in the driver manager, but it's not listed in the Biometrics windows in the CP. Any ideas why? It's a UPEK one too.

edit:
I found out that you need the UPEK prelease Windows 7 drivers: 32BIT or 64BIT

Last edited by s3n4te on 11 Jan 2009 - 22:04

#5.1 +Lewism on 11 Jan 2009 - 22:03

Not all models are supported right now:
http://www.upek.com/support/downloads/wind...sensortypes.asp

#5.2 s3n4te on 11 Jan 2009 - 22:07

Lewism said,

Mine is

#5.3 creamhackered on 11 Jan 2009 - 22:08

Yup, that's mentioned in the article

#5.4 s3n4te on 11 Jan 2009 - 22:11

doh! I only looked at the pictures lol

edit: Windows Explorer crashes after enrollment

#5.5 MioTheGreat on 12 Jan 2009 - 02:01

s3n4te said,

Yeah. And after I rebooted, the finger print stuff no longer works for me.

#6 Kevinul on 11 Jan 2009 - 22:01

Yes, I already have ideas for them both. ;-)

(4 replies) #7 s3n4te on 11 Jan 2009 - 22:22

OS X can't read Bitlocker to go?

#7.1 Ledward on 11 Jan 2009 - 23:36

Thanks for stating the obvious?

#7.2 simon360 on 12 Jan 2009 - 00:30

Don't think Windows can read FileVault, either. Just one of those incompatibilities that we'll have to live with.

Not sure if it would be safe to open up BitLocker at all and make it a standard of some sort, either.

#7.3 Tikitiki on 12 Jan 2009 - 01:28

simon360 said,

Generally Open Source standards are more secure in the end. Relying on obscurity is a weak form of security

#7.4 m-p{3} on 12 Jan 2009 - 03:42

Why not?

TrueCrypt is open-source, and it doesn't make it less secure.

#8 Glendi on 11 Jan 2009 - 23:15

OMG Windows 7 sure has tons of new stuff.

(2 replies) #9 obiwankenobi on 11 Jan 2009 - 23:38

OMG, they sure got it right....I've been unable to get my Microsoft Fingerprint Reader to work at all! Great job, Microsoft! Way to get hardware branded with the comapany logo working correctly! /sarcasm (At least Microsoft's driver made my fingerprint reader not show up as an unknown device, or a device with a driver error. Vista was better in this category for me. It at least "worked". Now, it just appears to work to suit device manager's needs. It doesn't let me register fingerprints, which makes it useless. Not a happy camper on this end dealing with this issue.)

#9.1 creamhackered on 12 Jan 2009 - 00:02

umm it's beta?

#9.2 Yuxi on 18 Jan 2009 - 16:14

There is also no x64 driver for the Microsoft reader (I found out the hard way).

(15 replies) #10 Johnny105 on 12 Jan 2009 - 00:25

Very misleading information. WinXp SP3 CANNOT read encrypted USB drive. I learnt the hard way! MS says the cross platform feature will be available in the RTM release. Shame on Neowin for publishing this disastrously incorrect article.

#10.1 apu95 on 12 Jan 2009 - 01:02

Why are you whining so much about it? It's a beta. RTM is a ways away and some stuff is bound to be broken. Neowin might have gotten it wrong, but it doesn't matter. You should know that this isn't for production use...

#10.2 creamhackered on 12 Jan 2009 - 01:20

I tested it in XP SP3 and it prompted me for the pass so...?

#10.3 Johnny105 on 12 Jan 2009 - 01:54

You're lying

#10.4 Johnny105 on 12 Jan 2009 - 01:55

apu95 said,

Because the article definitively stated that encrypted drives can be read by WinXp Sp3. Why publish deliberately misleading info?

#10.5 sharp65 on 12 Jan 2009 - 04:00

Uhhh..? Yes. Shame on neowin for writing an article about a Future operating system.

#10.6 shockz on 12 Jan 2009 - 05:03

Johnny105 said,

He's lying? That's the best you could come up with??? When someone comes in contradicting perhaps maybe some intelligent post would be better.

Perhaps you just don't know what your doing... or perhaps there is something wrong with your flash drive.

#10.7 James812 on 12 Jan 2009 - 05:04

*Rolls Eyes* Wow Johnny whats up your @$$.

#10.8 +TCLN Ryster on 12 Jan 2009 - 11:30

You're calling a Neowin admin a liar? Good move mate.

#10.9 creamhackered on 12 Jan 2009 - 12:23

Sadly I'm not. I haven't got XP SP3 anymore but when I tested it, it worked fine.

#10.10 Johnny105 on 12 Jan 2009 - 14:28

Yes you are....and it can be easily proven. Wonder when you "lost" your XP SP3?

#10.11 xDayan on 12 Jan 2009 - 17:35

Dude, I'd call it quits. If you keep, disrespecting the Neowin staff, your going to get warn or banned. If He says, he's telling the truth, he is. If it was some random member, I might think he's lying, but I'd keep it to myself. He's a Staff member, I doubt he would liar here. If I can find my USB Drive, I'll run the test. (I'm Tri-booting, XP SP3, Vista Home Pro x64, Windows 7 x64 Built 7000) And just Because, He doesn't have XP installed anymore doesn't prove anything. I Reinstall and Delete OSes all the time. So not having it installed anymore when beta testing other OSes doesn't mean anything...

#10.12 s3n4te on 12 Jan 2009 - 18:38

Stop the bull**** Johnny!

#10.13 creamhackered on 13 Jan 2009 - 13:28

And http://www.neowin.net/news/main/09/01/11/w...view?cid=711506 just confirmed it works too so Johnny105, who is the liar now?

#10.14 garethevans1986 on 14 Jan 2009 - 17:18

We all believed you creamhackered! lol

#10.15 geekypc on 28 Feb 2009 - 15:38

wow johnny don't be such a d-bag...sheesh

(1 reply) #11 Raa on 12 Jan 2009 - 01:02

Man that title was misleading. "Bitlocker to Go" I thought they were removing Bitlocker

#11.1 Jugalator on 12 Jan 2009 - 14:35

Yes, that branding is a bit unfortunate, I also got very confused even as I started reading the article.

Maybe I'm just slow, but I can see the potential for this confusing other readers in the future too. MS should simply change that name to something else to not risk anything; easy enough to do now during the beta. BitLocker Mobile, just something like that?

#12 DrOmango on 12 Jan 2009 - 01:12

Authentec users can finally use biometric feature can download drivers here.

edit: my bad, it was posted already.

Last edited by DrOmango on 12 Jan 2009 - 01:54

#13 McDave on 12 Jan 2009 - 08:05

Wonder if these will be Enterprise & Ultimate only features.

(3 replies) #14 swift_gti on 12 Jan 2009 - 08:30

And suprise suprise Microsoft doesn't even support it's own fingerprint reader in Windows 7....
MS Hardware site says; No beta software is available. Fingerprint Reader is not supported on Windows 7.

It never even worked properly in Vista as it causes IE7 to hang when you scan your print.. and they never even got that fixed.

What a joke - last time I purchase any Microsoft branded hardware!

Last edited by swift_gti on 12 Jan 2009 - 10:21

#14.1 +TCLN Ryster on 12 Jan 2009 - 11:35

swift_gti said,

What a joke - last time I purchase any Microsoft branded hardware!

I wouldn't quite go that far, their keyboards and mice are usually quite good and generally have good future OS support (beta software is out already!).

Microsoft are (in)famous for releasing new and novelty items and then not supporting them for very long. They did it with the Strategic Commander and the Game Voice... both were very good products in their day and had tons of potential, but they stopped making them very soon after they started. It's the same with the fingerprint reader which is now just a useless paperweight. I won't be buying any non-keyboard and mouse products from them in the future.

Last edited by TCLN Ryster on 12 Jan 2009 - 11:41

#14.2 +Frazell Thomas on 12 Jan 2009 - 16:06

TCLN Ryster said,

I see... Microsoft is a bad company because they didn't release a pre-release driver for Windows 7? I could see the argument if you were making this after Windows 7 was officially released as final...

Anyway, get the AutenTech finger print reader driver anyways as that is the hardware Microsoft uses... So it IS supported in 7 MS just doesn't want you harping at them yet.

#14.3 +TCLN Ryster on 13 Jan 2009 - 13:41

I was making a general point regarding Microsoft's history of not supporting their cool gadgets with software updates for very long. It was the OP that made the point about the fingerprint reader, not I.

Anyhow, where would one obtain the Authentec finger print reader driver from?

Edit: I found the links near the top of this thread.

Last edited by TCLN Ryster on 13 Jan 2009 - 14:17

#15 xDayan on 12 Jan 2009 - 17:44

Fingerprint Support WOOT. Works great on my XPS M1530.

#16 JonathanVP on 12 Jan 2009 - 21:21

Doesn't seem to work on my Toshiba laptop.

(2 replies) #17 greenphotos on 13 Jan 2009 - 09:39

On windows 7 beta 7000 I just set up a bitlocker 1GB USB key drive and added a picture.
Then on my colleagues XP SP3 box he opened it, typed the password and up came the file, and opened fine.

It works 100%. Very impressed.

#17.1 creamhackered on 13 Jan 2009 - 13:26

So I'm not a liar? Phew

thanks for confirming this too

#17.2 +TCLN Ryster on 13 Jan 2009 - 14:23

ROFL! If it's any consolation, I just confirmed it too

(1 reply) #18 greenphotos on 13 Jan 2009 - 13:48

Point to note is that if you BitLock a drive, it is still accessable as a share. This is because when you plug it in it'll ask for password, from that point it will be like any normal drive with permissions etc.
So thus BitLocking is only good for drives you move around and want to protect once removed, not if on a network (just use normal permission/share setup for that)

#18.1 +TCLN Ryster on 13 Jan 2009 - 14:25

greenphotos said,

Indeed. Once you've authenticated to the drive, Windows has full and open access to it, so you'll need to use share / folder permissions to secure it from there. Bitlocker is only useful to prevent data theft if someone finds your USB key on a train or something.

#19 Unique Touch on 14 Jan 2009 - 22:51

My U.are.U 4000B Reader (Digital Persona) is detected in Device Manager but it doesn't light up nor does it has a biometric enrollment feature in the biometric devices section of the control panel.

Anyone else got it working?

Cheers

#20 eranhuman on 17 Jan 2009 - 13:49

ok so I have a Dell Precision M65 notebook which has an integrated UPEK fingerprint scanner. I followed the instructions above and per the only some work mine should. I installed the UPEK Windows 7 preview drivers and nada. As before I tried it I have the biometric device in device manager but still no biometric devices in control panel. Does anyone have any ideas?

#21 lflashl on 19 Jan 2009 - 06:49

could anyone please tell how to use bitlocker on my system drive, without a tpm..

#22 itman352 on 27 Feb 2009 - 15:49

Does this work on XP laptops???

#23 po134 on 07 Mar 2009 - 20:34

this article is misleading as you need to install the upek driver from their own website to use them correctly (read: for anything else than windows sign-on and even then I couldn't sign-on with windows7 built-in software I hade to install upek crapware over w7 and then I had problems because I already made my fingerprints on w7 utility and upek would ask for them again!

I sure hope they fixed that in the RC, cause it would be really great if it worked for everything out of the box (read: logging into websites too !

#24 Dannydeman on 19 Mar 2009 - 13:40

I bought a Upek Eikon for this

The only one in the Netherlands (cost me 60 euro's!

but I like to try it out..
(damn..i'm a geek)

#25 family guy on 27 Apr 2009 - 21:22

Hmm... I don't see any biometrics control panel selection. Using a Dell XPS1330. Do I need to have the fingerprint software running? Or is it supposed to be native support?

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Neowin.net

Windows 7: BitLocker To Go & Biometric improvements overview

Share this Article

About the Author

Related news