So far, in our Windows 7 Overview series, we have published the following:
- Windows 7 beta quick review
- Windows 7: Easy Connect
- Windows 7: Problem Steps Recorder
- Windows 7: Action Center Overview
- Windows 7: User Account Control (UAC) Overview
- Windows 7: Calibate Your Display
- Windows 7: Federated Search
- Windows 7: Device Stage
- Windows 7: Internet Explorer 8 Overview
Microsoft has introduced BitLocker To Go with Windows 7. Bitlocker To Go extends BitLocker drive encryption to USB storage devices, enabling them to be restricted with a passphrase. Many corporations have been asking for this feature since Windows XP when USB storage devices began to become more popular. In addition to having control over passphrase length and complexity, IT administrators can set a policy that requires users to apply BitLocker protection to removable drives before being able to write to them. BitLocker To Go also allows users to more securely share data with users who have not yet deployed Windows 7. Microsoft currently allows Windows XP SP3 and Windows Vista SP1 users to read BitLocker To Go devices using the passphrase. If you plug a bitlocker encrypted USB storage device into Windows 2000 or Windows XP SP2 you will simply see the device as a non-formatted device and will be unable to access the data. I took the feature for a spin earlier today and you can see the results below.
Microsoft has also introduced (with Windows 7) the Windows Biometric Framework. The framework is designed to make biometrics more reliable, compatible and usable in Windows 7. The Windows Biometric Framework also makes it easier for developers to include biometrics in their applications by providing a common API that can be added independently with each biometric fingerprint solution. Perhaps the most important addition in this area is that fingerprint sensors can now be used on domain enabled networks.
UPEK, who manufacture tens of millions of fingerprint sensors, has worked closely with Microsoft and released its pre-release protector suite and driver for Windows 7. The driver works well with Windows 7 and allows you to utilise the inbuilt fingerprint sensor to logon to Windows. I have been using the beta driver myself on a Lenovo X300 and you can find a demonstration below.
Bitlocker To Go
Below you can see the BitLocker control panel options, you can see that the USB key is currently encrypted:
To achieve encrypted status you need to do the following, click on protect in the Bitlocker control panel and you will get the following, allowing you to setup a strong pass phrase:
You must setup a recovery key so you can unlock the device if you forget the pass phrase:
Encryption will then begin and it took us approximately 20 mins for a slow 1GB stick. When you plug in the USB stick again it will prompt you for the pass phrase:
If you forget the pass phrase you can use the recovery key to unlock the device:
Microsoft have introduced a control panel applet for managing fingerprint sensors:
You can associate various fingers per user:
You can also change the settings to enable/disable fingerprint logon, here you can see the domain option:
When you go to login to Windows the logon screen will look like this: