Use BitLocker to encrypt external storage drives - Part 2
Network Administration - In part two of this article series, I will show you how to enforce BitLocker security in a more consistent way using group policy settings.
>> Using BitLocker to encrypt external storage drives - Part 1
The default settings in Windows 7 allow users to decide whether to encrypt and when to encrypt data on external drives. In the second part of this article series, I will show you how to enforce BitLocker security in a more consistent way using group policy settings.
In part one, I showed you how to use BitLocker manually to encrypt the contents of a USB drive. Although the procedure that we introduced in the previous section worked quite well, there are still many other options. Imagine if your company has a lot of sensitive information on data files. Ideally, you will definitely want to protect all that data safely. In fact, however, there are many employees in your company where their job requires access to certain data, even when they cannot connect to the corporate network.
One more thing to assume for the situation here is that your employees can leave their USB somewhere and inside that USB contains a lot of customer data, then the encryption is captured. must have. BitLocker to Go can provide the type of encryption you need now, but the encryption method that we introduced you in Part 1 of this series requires users to encrypt their USB storage drives themselves. they.
Obviously we can't put this encryption job into the hands of users and trust they will do this well. To be more feasible, we need to find another method. Windows 7 and Windows Server 2008 R2 have group policy settings that we can use to control how and when to use BitLocker encryption.
The Group Policy Object Editor contains quite a few Group Policy settings related to BitLocker encryption, but there is a directory that contains BitLocker encryption settings for external storage devices. You can access this folder at the Computer Configuration Administrative Templates Windows Components BitLocker Drive Encryption Removable Data Drives . You can see the group policy settings inside this folder in Figure A.

Figure A: All settings related to external storage encryption are stored in the Removable Data Drives folder
Control the use of BitLocker on external storage drives
Setting up the first Group Policy I want to introduce is setting the ' Control Use of BitLocker on Removable Drives '. As its name implies, this setting allows you to control whether users are allowed to encrypt external storage devices with BitLocker.
Most simply, disabling this setting will prevent users from encrypting external storage devices, while they will be able to use BitLocker to encrypt them if you do not do anything.
If you choose to disable group policy settings, there are two other options that can be set. The first of these two options is to allow users to use BitLocker protection on external storage devices. Obviously this option is a bit cumbersome, but the reason why Microsoft offers it is because it allows you to control this setting and the next setting that we will introduce when group policy setting is clicked. active.
The second setting allows users to defer and decrypt BitLocker protection on external storage devices. In other words, you can control allowing users to turn off BitLocker for external storage devices.
Configure smart card usage on external storage drives
This group policy setting allows you to control the use of smart cards as a mechanism for authenticating users in accessing BitLocker encrypted content. If the decision to activate this Group Policy setting, there will be a sub-option that you can use to request the use of a smart card. If you select this option, users will only be able to access BitLocker-encrypted content using the smart card authentication process.
Deny 'Write' access to external storage drives not protected by BitLocker
The ' Deny Write Access to Removable Drives Not Protected By BitLocker ' setting is one of the important Group Policy settings related to external storage encryption. When this setting is enabled, Windows will check for external storage devices connected to the computer to see if BitLocker encryption is enabled. If BitLocker is not enabled on the device, then it will be processed in ' read only ' status. Users only receive ' write ' access if BitLocker is enabled on the device. This way, you can prevent users from recording data and unencrypted external storage devices.
When you enable this group policy setting, you are also given the ' write ' level access lock option for the device that is configured in another organization. This option can also help you prevent the use of unattended external storage devices.
Imagine if you want to ensure that only authenticated (authorized) users can write data to external storage devices, and any data written to those devices is encode. Now assume that a certain employee in your company wants to copy your customer list to USB. If one of your stated goals is to prevent writing data to external storage devices in an unencrypted format, you have now enabled the ' Deny Write Access to Removable Drives setting. Not Protected By BitLocker '.
That will allow you to have some level of protection, but it can also allow users to enable BitLocker on their home computer, USB encryption, and then bring the encrypted drive to the office and write data up. Activating the ' Do Not Allow Write Access to Devices Configured in Another Organization ' option will allow Windows to find out where an external storage device comes from. If the device is encrypted by another organization, BitLocker will deny ' write ' access to them.
Allows access to external storage devices protected by BitLocker from previous Windows versions
Some people claim that this option is named yet not satisfactory. The truth is that Windows doesn't really care what version of Windows is used to format an external storage device. Instead, this option allows you to control whether to allow users to unlock formatted BitLocker encrypted storage devices with the FAT file system.
If this setting is enabled, there will be another option you can enable to prevent the BitLocker to Go Reader from installing into the storage volumes that have been formatted with the FAT file system.
Configure using a password for an external storage device
This is one of the most understandable settings. It allows you to control whether or not to require the use of a password to unlock the contents of external storage devices. Assuming that you want to protect the password for these external storage devices, you will then have the option to control the length and requirements of the password level calculation.
Conclude
The group policy settings we introduced to you are aimed at controlling how BitLocker will be used with external storage devices. Although one of the problems with data encryption is that if the encryption keys are lost, then your data will not be decrypted. So in Part 3 of this series, I will show you a technique that can avoid this problem by saving the encryption keys in Active Directory.
You should read it
- 8 other uses of external hard drives/NAS besides file storage
- Secure FTP Server with Windows Server 2008
- 4 ways to manage the process of Backup Windows Server 2008 on multiple servers
- Setting up Wi-Fi authentication in Windows Server 2008 - Part 1
- Set up Wi-Fi authentication in Windows Server 2008 - Part 2
- New points in SQL 2008 (Part 1)
- Create, install and attach VHD files
- Encryption in SQL Server 2005
May be interested
- How to change your BitLocker PIN quicklybitlocker is a feature that helps protect the internal hard drive from outside attacks or offline attacks. it is designed to protect data by providing a key for the entire drive. in the following article, tipsmake will show you 3 ways to change bitlocker pin quickly and easily on windows 10.
- 5 best external hard drives of 2024external hard drives come in all shapes and sizes, from portable to more compact but permanent secondary storage devices. of course, the best external hard drive will be the one that suits your needs!
- How to use BitLocker to encrypt data on Windows 8microsoft provides users with a bitlocker encryption tool to ensure user data is protected at the highest level. if you have some important data to store in your computer hard drive or usb flash drive, you can use the bitlocker encryption tool.
- 7 best external hard drivesyou have used up your computer or phone memory and need a device to store photos, music and files. depending on your personal needs, there are several types of external hard drives that you can choose from. this article will introduce you to the 7 best external hard drives in 2017.
- 6 Tips for Using External Hard Drives on Macapple charges a premium for built-in storage, so investing in an affordable external hard drive can help solve your storage woes without breaking the bank.
- What is BitLocker? How to turn it on and off on Windows 10, 11encryption when sharing online has now been applied on computer hard drives to secure personal data with bitlocker software. in addition to securing personal information, you can also use bitlocker to prevent hackers from attacking and accessing your device. follow tipsmake's article below to know what bitlocker is.
- How to fix an external hard drive error is not displayed on the Macmost of us use external hard drives and usb. users can also use icloud or buy a macbook with larger storage capacity to reduce dependence on external drives, but they are still a necessity.
- How to turn off BitLocker on Windows 11, turn off hard drive encryptionthe bitlocker feature on windows 11 (professional, enterprise and education editions) is designed to encrypt the hard drive to better secure user data. however, for many reasons, users should turn off bitlocker on windows 11 to avoid trouble.
- How to configure BitLocker (Part 2)in part 1 of this series, i showed you how to configure bitlocker and some complex issues to know before you start using this feature.
- Instructions for encrypting USB or memory cards with Bitlocker on Windows 10to ensure the security of data on a usb or memory card, you can use bitlocker to encrypt your usb or memory card. in the article below, network administrator will guide you the steps to encrypt usb data or memory card with bitlocker.