BitLocker Network Unlock & BitLocker support for Encrypted Drives



Similar documents
Strategies for Firmware Support of Self-Encrypting Drives

UEFI Implications for Windows Server

How to enable Disk Encryption on a laptop

Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot

Cautions When Using BitLocker Drive Encryption on PRIMERGY

BitLocker Encryption for non-tpm laptops

Session ID: Session Classification:

Introduction to BitLocker FVE

For Windows XP 64 bit

70-685: Enterprise Desktop Support Technician

Step-by-Step Guide for Windows Deployment Services in Windows Server 2008 to be used as an internal resource only

Windows BitLocker Drive Encryption Step-by-Step Guide

In order to enable BitLocker, your hard drive must be partitioned in a particular manner.

Windows 7, Enterprise Desktop Support Technician

MBAM Self-Help Portals

Trustworthy Computing

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Technical Note. Installing Micron SEDs in Windows 8 and 10. Introduction. TN-FD-28: Installing Micron SEDs in Windows 8 and 10.

Encrypting with BitLocker for disk volumes under Windows 7

USB Bare Metal Restore: Getting Started

MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM)

Kingston KC300 Security Toolbox

Drive encryption with Microsoft BitLocker

Windows Server 2008 R2 Boot Manager Security Policy For FIPS Validation

Disk Encryption. Aaron Howard IT Security Office

DeployStudio Server Quick Install

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

ICT Professional Optional Programmes

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

University of Rochester Sophos SafeGuard Encryption for Windows Support Guide

Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media?

Reboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive

Using GIGABYTE Notebook for the First Time

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide

How To Manage Hard Disk Partitioning In Windows (Windows 8) (Windows 7) (Powerbook) (For Windows 8) And Windows 8 (Pro) (Winstone) (Probation) (Perl

Full Disk Encryption Agent Reference

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions

Windows Symantec Encryption Desktop (PGP) Install Guide. Symantec Encryption Desktop (PGP) Windows system requirements

SafeGuard Enterprise Web Helpdesk

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

TE100-P21/TEW-P21G Windows 7 Installation Instruction

User guide. Business

EMBASSY Remote Administration Server (ERAS) Administrator Manual

Hyper-V Server 2008 Setup and Configuration Tool Guide

Hands-on MESH Network Exercise Workbook

Microsoft Diagnostics and Recovery Toolset 7 Evaluation Guide

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

Deploying Windows Streaming Media Servers NLB Cluster and metasan

How to Encrypt your Windows 7 SDS Machine with Bitlocker

SafeGuard Enterprise 6.10 Peter Skondro

Symantec PGP Whole Disk Encryption Hands-On Lab V 3.7

User Guide for Windows 10

How Drive Encryption Works

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Sophos SafeGuard Disk Encryption, Sophos SafeGuard Easy Demo guide

qliqdirect Active Directory Guide

ScoMIS Encryption Service

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

Installing Microsoft Windows 8 on HP ElitePad 900 G1 Tablet

SafeGuard Easy startup guide. Product version: 7

StarMOBILE Network Configuration Guide. A guide to configuring your StarMOBILE system for networking

Using GIGABYTE Notebook for the First Time

How Endpoint Encryption Works

DriveLock and Windows 7

DriveLock and Windows 8

SSL Enforcer Documentation

Microsoft Windows Server 2008: Data Protection

EXPRESSCLUSTER X for Windows Quick Start Guide for Microsoft SQL Server Version 1

Administering FileVault 2 on OS X Lion with the Casper Suite. Technical Paper July 2012

BitLocker/Active Directory Encryption Procedure Department: Information Security Office Version: 1.0 Last Revised: 09/26/2011

Password Manager Windows Desktop Client

Using GIGABYTE Notebook for the First Time

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

Advanced Diploma In Hardware, Networking & Server Configuration

Dynamic VLAN assignment using RADIUS. Network Diagram

Administering FileVault 2 on OS X Mavericks with the Casper Suite v9.2 or Later. Technical Paper October 2013

Southern Maine Community College Computer Technology Professor Howard Burpee. Installing Windows 7

UBIQUITI BRIDGE CONFIGURATION PROCEDURE (PowerStation & NanoStation Units ONLY)

STEP III: Enable the Wireless Network Card. STEP IV: Print out the Printer Settings pages to determine the IP Address

Unified Access Point Administrator's Guide

WARNING!!: Before installing Truecrypt encryption software on your

Required Virtual Interface Maps to... mgmt0. virtual network = mgmt0 wan0. virtual network = wan0 mgmt1. network adapter not connected lan0

Get Success in Passing Your Certification Exam at first attempt!

DELL. Unified Server Configurator Security Overview. A Dell Technical White Paper. By Raja Tamilarasan, Wayne Liles, Marshal Savage and Weijia Zhang

SafeGuard Enterprise Installation guide. Product version: 6.1

Ultra Thin Client TC-401 TC-402. Users s Guide

Table of Contents. Online backup Manager User s Guide

SNMP Manager User s Manual

Intelligent Power Protector User manual extension for Microsoft Virtual architectures: Hyper-V 6.0 Manager Hyper-V Server (R1&R2)

How To Use 1Bay 1Bay From Awn.Net On A Pc Or Mac Or Ipad (For Pc Or Ipa) With A Network Box (For Mac) With An Ipad Or Ipod (For Ipad) With The

Introducing Cisco Voice and Unified Communications Administration Volume 1

SafeGuard Easy upgrade guide. Product version: 7

Using BitLocker to encrypt a Windows 8 device

Windows Server 2008 R2 Essentials

Cover sheet. How do you create a backup of the OS systems during operation? SIMATIC PCS 7. FAQ November Service & Support. Answers for industry.

Fundamentals of a Windows Server Infrastructure MOC 10967

Dell UPS Local Node Manager USER'S GUIDE EXTENSION FOR MICROSOFT VIRTUAL ARCHITECTURES Dellups.com

ThinkPad USB Portable Secure Hard Drive User Guide

Transcription:

presented by BitLocker Network Unlock & BitLocker support for Encrypted Drives UEFI Winter Plugfest February 21-23, 2011 Presented by Narendra Acharya (Microsoft) Updated 2011-06-01 www.uefi.org 1

Agenda BitLocker Network Unlock Windows Requirements for Network Unlock Validating Network Unlock BitLocker & Encrypted Drives Windows Requirements for Encrypted Drives Validating Encrypted Drives Questions www.uefi.org 2

BitLocker Network Unlock www.uefi.org 3

BitLocker Network Unlock Windows 7 BitLocker Unlock experience TPM + PIN key protector which provides a high level of protection Significant deployment problem for servers, which need to be serviced and restarted with no human interaction Power management calls for shutting down or hibernating machine in order to save electricity, especially at night Causes problems by preventing Wake-On-LAN Windows 8 improves BitLocker Unlock experience No user prompting Uses Wired network, Windows Deployment Server (WDS) & DHCP BitLocker (at pre-boot) discovers its Network Unlock provider on WDS Retrieves a secret from WDS Automatically unlocks the OS volume using the secret & the TPM Systems without wired network use TPM + PIN www.uefi.org 4

Requirements for Network Unlock Systems with wired LAN ports and TPMs must support BitLocker Network Unlock Requires full DHCP support for wired LAN during pre-boot through a UEFI DHCP driver Includes support for EFI_DHCP4 and DHCP6 protocols defined in UEFI 2.3.1 EFI_DHCP4_PROTOCOL EFI_DHCP4_SERVICE_BINDING_PROTOCOL EFI_DHCP6_PROTOCOL EFI_DHCP6_SERVICE_BINDING_PROTOCOL If implemented for Server Support for both IPv4 and IPv6 required System.Fundamentals.Firmware.UEFIBitLocker www.uefi.org 5

Validating Network Unlock Download the Network Key Protector Test Suite from Microsoft Connect & Refer Instructions Use 3 Machines & a regular Network Switch Setup DHCP server - Windows Server 2008 R2 or Windows 8 Server Setup WDS Server - Windows 8 Server only Install WDS role and BitLocker Network Unlock feature Initialize WDS server Type from Administrator CMD prompt: wdsutil /Verbose /initializeserver /reminst:"c:\remoteinstall" /standalone Add Network Unlock private certificate: Run server-applycert.cmd Restart WDS Server: Run net stop wdsserver & Run net start wdsserver Setup UEFI Client Windows 8 Client Setup Group Policy: Run client-gp-usepin.cmd Add Network Unlock public key: Run reg import RSA2048NKP_FVE_NKP.reg Turn on BitLocker with TPM+PIN (1234) & Save the Recovery Password Verify manage-bde status output protector lists has Network (Certificate based) Restart the machine If OS boots directly to Windows Logon Network Unlock works If prompted for BitLocker PIN, IPv6 and IPv4 Network Unlock failed www.uefi.org 6

BitLocker support for Encrypted Drives www.uefi.org 7

BitLocker & Encrypted Drives Windows 7 BitLocker performance implications and storage support Overhead during encryption, run-time, startup, etc. Performance implications exacerbated on low-power PCs and Slates Hardware Encrypted Drives not supported on Windows 7 Windows 8 improves BitLocker performance and supports Encrypted Drives Encrypted Drives offload processing to hardware Specialized hardware reduces power use and increases battery life Initial encryption time of volumes eliminated. Run time improved BitLocker manages keys Systems without Hardware Encrypted Drives use software based encryption www.uefi.org 8

Requirements for Encrypted Drives Systems with Encrypted Drive must support BitLocker Requires support for EFI_STORAGE_SECURITY_COMMAND_PROTOCOL defined in UEFI 2.3.1 IEEE 1667 TCG Silo TCG OPAL v2.0 Single User Mode Support Programmatic Tper Reset System.Fundamentals.Firmware.UEFIEncryptedHDD www.uefi.org 9

Validating Encrypted Drives Correctly provision & partition using Windows 8 in-box tools like Setup / Diskmgmt.msc / Diskpart.exe Ensure TPM is enabled & activated (Use TPM.msc) Turn on BitLocker on the OS volume & Ensure to select Run BitLocker system check option on the final UI page Restart the machine & Type the following from an Administrator CMD prompt: manage-bde -status You are done if it says Encryption Method: Hardware Encryption If error message specifying BitLocker can t be enabled appears after you login, then: Capture the error information Export the events from: Applications & Services Logs Microsoft Windows BitLocker-API www.uefi.org 10

Questions? Contact BitLocker Network Unlock: dereka@microsoft.com BitLocker & Encrypted Drives: ram.valliyappan@microsoft.com www.uefi.org 11

Thanks for attending the UEFI Winter Plugfest For more information on the Unified EFI Forum and UEFI Specifications, visit http://www.uefi.org presented by www.uefi.org 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information