I recently purchased a new laptop and have a copy of Vista Ultimate (from the 
Server 2008 launch event).

Although my laptop isn't connected to a domain, I'm wondering if it's a good 
idea to implement Bitlocker on a personal laptop for data protection and such.

Appreciate any thoughts/suggestions.

If your laptop has a TPM security chip (version 1.2 or later) do use 
BitLocker.  It will give you very good privacy protection for your data.
I use it, and wouldn't be without it.  But then I always prefer paranoia 
class security.

regards
the ancient mariner

"Big Dog"  skrev i meddelelsen 
news:EA4E2E33-93BD-47C9-8A37-D6F5448F5EF1@microsoft.com...
>I recently purchased a new laptop and have a copy of Vista Ultimate (from 
>the
> Server 2008 launch event).
>
> Although my laptop isn't connected to a domain, I'm wondering if it's a 
> good
> idea to implement Bitlocker on a personal laptop for data protection and 
> such.
>
> Appreciate any thoughts/suggestions.

Thanx - it doesn't have a TPM chip,  but I do know about the workaround (use 
a USB drive for the password).

Just partitioned the drive to the appropriate two volumes and am in the 
process of reinstalling everything.  Agree with you that preventive paranoia 
is always good.

Big Dog wrote:

> Thanx - it doesn't have a TPM chip,  but I do know about the workaround (use 
> a USB drive for the password).
> 
> Just partitioned the drive to the appropriate two volumes and am in the 
> process of reinstalling everything.  Agree with you that preventive paranoia 
> is always good.

What happens when the USB thumb drive gets lost, damaged, or
catastrophically fails (which it will if you continue writing to it
which wears it out due to oxide stress which eventually surpasses the
recovery space and error algorithms to mask out the errors)?

You can back up the startup key to another USB drive via:

Control Panel -> Security -> Bitlocker -> Manage Bitlocker keys -> Duplicate 
the startup key

Also - when you encrypt a drive, you get a printable recovery password. 
This can be used in instead of the USB key.

Cheers!


"VanguardLH"  wrote in message 
news:%23Jd%23vJZBJHA.4368@TK2MSFTNGP06.phx.gbl...
> Big Dog wrote:
>
>> Thanx - it doesn't have a TPM chip,  but I do know about the workaround 
>> (use
>> a USB drive for the password).
>>
>> Just partitioned the drive to the appropriate two volumes and am in the
>> process of reinstalling everything.  Agree with you that preventive 
>> paranoia
>> is always good.
>
> What happens when the USB thumb drive gets lost, damaged, or
> catastrophically fails (which it will if you continue writing to it
> which wears it out due to oxide stress which eventually surpasses the
> recovery space and error algorithms to mask out the errors)?

Chris wrote:

> "VanguardLH" wrote ...
>>
>> Big Dog wrote:
>>
>>> Thanx - it doesn't have a TPM chip,  but I do know about the
>>> workaround (use a USB drive for the password). 
>>> 
>>> Just partitioned the drive to the appropriate two volumes and am in
>>> the process of reinstalling everything.  Agree with you that
>>> preventive paranoia is always good.
>> 
>> What happens when the USB thumb drive gets lost, damaged, or
>> catastrophically fails (which it will if you continue writing to it
>> which wears it out due to oxide stress which eventually surpasses
>> the recovery space and error algorithms to mask out the errors)?
>
> You can back up the startup key to another USB drive via:
> 
> Control Panel -> Security -> Bitlocker -> Manage Bitlocker keys -> Duplicate 
> the startup key
> 
> Also - when you encrypt a drive, you get a printable recovery password. 
> This can be used in instead of the USB key.

That was what I alluded to - that something ELSE should be use as a
backup to using just a USB thumb drive as an encryption dongle.  I just
wanted to prod the "what if" scenario.  Even with the printout, it won't
(and shouldn't) be in the bag with a laptop (and neither should the USB
dongle), and there might be no one at home you can call to get it.  Even
if you create a backup USB thumb drive, it's likely you won't have it
with you when traveling (and when theft of the computer is highest).
You're screwed until you get back home.

Personally, and if TPM wasn't available, I'd be leery of relying on a
USB thumb drive to maintain my access to the hard disk versus, say,
instead using whole-disk encryption that only requires me to remember a
password.

If the OP goes the USB drive route, he should read:

http://support.microsoft.com/kb/923123/en-us
http://support.microsoft.com/kb/923124/en-us

"VanguardLH"  schreef in bericht 
news:ub3dAXaBJHA.4108@TK2MSFTNGP05.phx.gbl...
> Chris wrote:
>
>> "VanguardLH" wrote ...
>>>
>>> Big Dog wrote:
>>>
>>>> Thanx - it doesn't have a TPM chip,  but I do know about the
>>>> workaround (use a USB drive for the password).
>>>>
>>>> Just partitioned the drive to the appropriate two volumes and am in
>>>> the process of reinstalling everything.  Agree with you that
>>>> preventive paranoia is always good.
>>>
>>> What happens when the USB thumb drive gets lost, damaged, or
>>> catastrophically fails (which it will if you continue writing to it
>>> which wears it out due to oxide stress which eventually surpasses
>>> the recovery space and error algorithms to mask out the errors)?
>>
>> You can back up the startup key to another USB drive via:
>>
>> Control Panel -> Security -> Bitlocker -> Manage Bitlocker keys -> 
>> Duplicate
>> the startup key
>>
>> Also - when you encrypt a drive, you get a printable recovery password.
>> This can be used in instead of the USB key.
>
> That was what I alluded to - that something ELSE should be use as a
> backup to using just a USB thumb drive as an encryption dongle.  I just
> wanted to prod the "what if" scenario.  Even with the printout, it won't
> (and shouldn't) be in the bag with a laptop (and neither should the USB
> dongle), and there might be no one at home you can call to get it.  Even
> if you create a backup USB thumb drive, it's likely you won't have it
> with you when traveling (and when theft of the computer is highest).
> You're screwed until you get back home.
>
> Personally, and if TPM wasn't available, I'd be leery of relying on a
> USB thumb drive to maintain my access to the hard disk versus, say,
> instead using whole-disk encryption that only requires me to remember a
> password.
>
> If the OP goes the USB drive route, he should read:
>
> http://support.microsoft.com/kb/923123/en-us
> http://support.microsoft.com/kb/923124/en-us

Ever seen Myth Busters? They showed how simple it is to copy a fingerprint 
or to cheat it. Don't rely on it.

On Sun, 24 Aug 2008 13:23:47 +0200, "Flight"
<jPUNTvoorbeeld@gmailPUNTcom> wrote:

>Ever seen Myth Busters? They showed how simple it is to copy a fingerprint 
>or to cheat it. Don't rely on it. 

Yep, you're definitely an idiot.

"Paul Montgomery"  schreef in bericht 
news:4oh2b4pf8i4fptvmp60uotkh3ueu7svj6g@4ax.com...
> On Sun, 24 Aug 2008 13:23:47 +0200, "Flight"
> <jPUNTvoorbeeld@gmailPUNTcom> wrote:
>
>>Ever seen Myth Busters? They showed how simple it is to copy a fingerprint
>>or to cheat it. Don't rely on it.
>
> Yep, you're definitely an idiot.

And why, you moron? Or was this another hickup from a very sick old man?

That's why our preferred recommendation is to use both a TPM and a PIN --  
essentially storing part of the SRK (storage root key) in the TPM and part 
of the SRK in your brain. If you don't have a TPM, then I'd suggest a PIN 
rather than a USB drive, simply because it means that you don't have to 
worry about keeping track of the drive. It's unlikely that you'd forget the 
PIN since you'd have to enter it every time you booted on your PC; 
nevertheless, remember that you can also create a recovery password. Store 
the recovery password on a piece of paper (that is, print it out) and 
protect this piece of paper. Ideal candidates for protecting it include 
wallets and purses. And please don't label it "My BitLocker recovery 
password"!   :)

-- 
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"VanguardLH"  wrote in message 
news:#Jd#vJZBJHA.4368@TK2MSFTNGP06.phx.gbl...
> Big Dog wrote:
>
>> Thanx - it doesn't have a TPM chip,  but I do know about the workaround 
>> (use
>> a USB drive for the password).
>>
>> Just partitioned the drive to the appropriate two volumes and am in the
>> process of reinstalling everything.  Agree with you that preventive 
>> paranoia
>> is always good.
>
> What happens when the USB thumb drive gets lost, damaged, or
> catastrophically fails (which it will if you continue writing to it
> which wears it out due to oxide stress which eventually surpasses the
> recovery space and error algorithms to mask out the errors)?

VanguardLH wrote:

> (and when theft of the computer is highest).

Geez, I need to focus on the post instead of the other article I was
reading. 

Oops, should've been "and when the dongle might break"

Steve Riley [MSFT] wrote:

> And please don't label it "My BitLocker recovery password"!   :)

And tape it to your spare house key, and where they can use your
driver's license to find out where is your house.  Of course, if you are
the gender or type that carries a purse, the wallet, key ring, and USB
thumb drive are all together to capture in one swoop.