What I do is I come over here to my lovely set of removable drives. I’m going to need a drive to encrypt and I’m going to need a drive that will store my recovery key. To do that, I’m going to need two drives. Now all we have to do is fire up BitLocker and encrypt the drive. If we want to stick with what’s the most tried and true 256‑bit algorithm that we can use, AES‑CBC 256‑bit is going to be our friend. It’s not standardized or it’s not widely accepted as the standard, yet it’s a little more efficient on large drives. AES‑CBC, AES Cipher Block Chaining is going to be the more standard of them. This bottom option here, Removable Data Drive Encryption, that’s what we’re going to change. Because this context of this video is using USB flash drive, that’s removable data. Now, I’m going to go on and click on Enable so I can actually make the changes in Group Policy. I’ve double‑clicked the correct one, 1511 and later. It’s very easy to make a change to the wrong one and the cryptography doesn’t change for you.
Super‑duper important to make sure that whichever setting you change, matches the version of Windows you’re using. We’re using a new version of Windor later. Windows 7, Server 2008 is this one, Windows 8, and other versions of Windows like that. It depends on which version of Windows we’re using. I’m going to make sure to expand this, because notice we have three different types of choose drive encryption and cipher strength setting.
Let me full screen this so it’s a little bit easier on the eyes. I’m going to change the BitLocker configuration that is stored under Administrative Templates, Windows Components, BitLocker Drive Encryption. I’m going to fire up gpedit.msc, and that will come up with the Local Group Policy Editor. I’m going to do that with Local Group Policy Editor. I’m going to make a change to the machine’s local policy. It’s really important that we set up the cryptography first, because once the drive is encrypted, whatever key strength it used is going to stay, the key strength that’s in use on that drive.įirst step is we come over to Windows 10.
Then, I’m going to go ahead and show you how to encrypt the drive itself. That’s what I’m going to show you right now.įirst, I’m going to set up the proper type of cryptography for us.
If this applies to you, you know who you are, but you probably need to know how to change that in Windows 10 so that you’re using that kind of encryption. Oftentimes in government agencies, we need to use 256‑bit encryption, 256‑bit AES. In particular, the key size for encrypting data in Windows 10, it defaults to 128‑bit encryption. Civilian requirements are not quite as stringent in many cases as government requirements. I’m going to talk about that in very much a government context, because oftentimes, government requirements are slightly different than the default configuration in Windows 10. I’m going to talk a little bit about how to protect that data in Windows 10. When data is portable, it’s oftentimes important to protect that data, very especially in the government sector where we have all kinds of different regulations that require data encryption whenever data is stored and moved off‑site, or even oftentimes, on‑site. We move it around between home machines and work machines, or between work computers. Data is often moved from place to place, or computer to computer on USB flash drives. I want to talk a little bit about encrypting USB flash drives government edition.Įncrypting flash drives itself is an interesting concept, and fairly important one. I’m an instructor here at Interface Technical Training. In this video, Security Instructor Mike Danseglio demonstrates how to use BitLocker in Window 10 to secure files on a USB Flash drive that adhere to stricter data protection requirements as found inside Government entities.īitLocker 2-day instructor-led training is now available at Interface:īITLOCK: Planning and Deploying BitLocker Drive Encryption Training