bitlocker的文献翻译.docx

bitlocker的文献翻译.docx

《bitlocker的文献翻译.docx》由会员分享，可在线阅读，更多相关《bitlocker的文献翻译.docx（23页珍藏版）》请在冰豆网上搜索。

bitlocker的文献翻译

河南理工大学（本科）文献翻译

Windows7中

Bitlocker驱动器加密常被问到的问题

姓名：

学号：

专业：

指导老师：

BitLockerDriveEncryptioninWindows7:

FrequentlyAskedQuestions

BitLockerDriveEncryptionisadataprotectionfeatureavailableinWindows 7Enterprise,Windows 7Ultimate,andinalleditionsofWindowsServer2008R2.ThistopicincludesfrequentlyaskedquestionsaboutBitLockerinWindows 7.

1、WhatisBitLocker?

Howdoesitwork?

BitLockerDriveEncryptionisadataprotectionfeatureavailableinWindows 7EnterpriseandWindows 7UltimateforclientcomputersandinWindowsServer2008R2.BitLockerprovidesenhancedprotectionagainstdatatheftorexposureoncomputersandremovabledrivesthatarelostorstolen,andmoresecuredatadeletionwhenBitLocker-protectedcomputersaredecommissionedasitismuchmoredifficulttorecoverdeleteddatafromanencrypteddrivethanfromanon-encrypteddrive.

2、HowBitLockerworkswithoperatingsystemdrives

Dataonalostorstolencomputerisvulnerabletounauthorizedaccess,eitherbyrunningasoftwareattacktoolagainstitorbytransferringthecomputer'sharddisktoadifferentcomputer.BitLockerhelpsmitigateunauthorizeddataaccessonlostorstolencomputersby:

EncryptingtheentireWindowsoperatingsystemdriveontheharddisk.BitLockerencryptsalluserfilesandsystemfilesontheoperatingsystemdrive,includingtheswapfilesandhibernationfiles.

Checkingtheintegrityofearlybootcomponentsandbootconfigurationdata.OncomputersthathaveaTrustedPlatformModule（TPM）version1.2,BitLockerusestheenhancedsecuritycapabilitiesoftheTPMtohelpensurethatyourdataisaccessibleonlyifthecomputer'sbootcomponentsappearunalteredandtheencrypteddiskislocatedintheoriginalcomputer.

BitLockerisintegratedintoWindows 7andprovidesenterpriseswithenhanceddataprotectionthatiseasytomanageandconfigure.Forexample,BitLockercanuseanexistingActiveDirectoryDomainServices（AD DS）infrastructuretoremotelystoreBitLockerrecoverykeys.

3、HowBitLockerworkswithfixedandremovabledatadrives

BitLockercanalsobeusedtoprotectfixedandremovabledatadrives.Whenusedwithdatadrives,BitLockerencryptstheentirecontentsofthedriveandcanbeconfiguredbyusingGroupPolicytorequirethatBitLockerbeenabledonadrivebeforethecomputercanwritedatatothedrive.BitLockercanbeconfiguredwiththefollowingunlockmethodsfordatadrives:

Automaticunlock.Fixeddatadrivescanbesettoautomaticallyunlockonacomputerwheretheoperatingsystemdriveisencrypted.RemovabledatadrivescanbesettoautomaticallyunlockonacomputerrunningWindows 7afterthepasswordorsmartcardisinitiallyusedtounlockthedrive.However,removabledatadrivesmustalwayshaveeitherapasswordorsmartcardunlockmethodinadditiontotheautomaticunlockmethod.

Password.Whenusersattempttoopenadrive,theyarepromptedtoentertheirpasswordbeforethedrivewillbeunlocked.ThismethodcanbeusedwiththeBitLockerToGoReaderoncomputersrunningWindows VistaorWindows XP,toopenBitLocker-protecteddrivesasread-only.

Smartcard.Whenusersattempttoopenadrive,theyarepromptedtoinserttheirsmartcardbeforethedrivewillbeunlocked.

Adrivecansupportmultipleunlockmethods.Forexample,aremovabledatadrivecanbeconfiguredtobeautomaticallyunlockedonyourprimaryworkcomputerbutqueryyouforapasswordifusedwithanothercomputer.

4、DoesBitLockersupportmultifactorauthentication?

Yes,BitLockersupportsmultifactorauthenticationforoperatingsystemdrives.IfyouenableBitLockeronacomputerthathasaTPMversion 1.2,youcanuseadditionalformsofauthenticationwiththeTPMprotection.BitLockerofferstheoptiontolockthenormalbootprocessuntiltheusersuppliesapersonalidentificationnumber（PIN）orinsertsaUSBdevice（suchasaflashdrive）thatcontainsaBitLockerstartupkey,orboththePINandtheUSBdevicecanberequired.Theseadditionalsecuritymeasuresprovidemultifactorauthenticationandhelpensurethatthecomputerwillnotstartorresumefromhibernationuntilthecorrectauthenticationmethodispresented.

备注：

UseofboththeUSBandPINalongwiththeTPMmustbeconfiguredbyusingtheManage-bdecommand-linetool.ThisprotectionmethodcannotbespecifiedbyusingtheBitLockersetupwizard.

5、WhataretheBitLockerhardwareandsoftwarerequirements?

TouseallBitLockerfeatures,yourcomputermustmeetthehardwareandsoftwarerequirementslistedinthefollowingtable.

Hardwareconfiguration：

ThecomputermustmeettheminimumrequirementsforWindows 7.

Operatingsystem：

Windows 7Ultimate,Windows 7Enterprise,orWindowsServer2008R2（备注：

BitLockerisanoptionalfeatureofWindowsServer2008R2.UseServerManagertoinstallBitLockeronacomputerrunningWindowsServer2008R2.）

HardwareTPM：

TPMversion 1.2,ATPMisnotrequiredforBitLocker;however,onlyacomputerwithaTPMcanprovidetheadditionalsecurityofpre-startupsystemintegrityverificationandmultifactorauthentication.

BIOSconfiguration：

ATrustedComputingGroup（TCG）-compliantBIOS.TheBIOSmustbesettostartfirstfromtheharddisk,andnottheUSBorCDdrives.TheBIOSmustbeabletoreadfromaUSBflashdriveduringstartup.

Filesystem：

AtleasttwoNTFSdiskpartitions,oneforthesystemdriveandonefortheoperatingsystemdrive.Thesystemdrivepartitionmustbeatleast100megabytes（MB）andsetastheactivepartition.

6、Whyaretwopartitionsrequired?

Whydoesthesystemdrivehavetobesolarge?

TwopartitionsarerequiredtorunBitLockerbecausepre-startupauthenticationandsystemintegrityverificationmustoccuronaseparatepartitionfromtheencryptedoperatingsystemdrive.Thisconfigurationhelpsprotecttheoperatingsystemandtheinformationintheencrypteddrive.InWindows Vista,thesystemdrivemustbe1.5gigabytes（GB）,butinWindows 7thisrequirementhasbeenreducedto100MBforadefaultinstallation.ThesystemdrivemayalsobeusedtostoretheWindowsRecoveryEnvironment（WindowsRE）andotherfilesthatmaybespecifictosetuporupgradeprograms.Computermanufacturersandenterprisecustomerscanalsostoresystemtoolsorotherrecoverytoolsonthisdrive,whichwillincreasetherequiredsizeofthesystemdrive.Forexample,usingthesystemdrivetostoreWindows REalongwiththeBitLockerstartupfilewillincreasethesizeofthesystemdriveto300MB.Thesystemdriveishiddenbydefaultandisnotassignedadriveletter.ThesystemdriveiscreatedautomaticallywhenWindows 7isinstalled.

7、WhichTrustedPlatformModules（TPMs）doesBitLockersupport?

BitLockersupportsTPMversion 1.2.BitLockerdoesnotsupportpreviousversionsofTPMs.Version 1.2TPMsprovideincreasedstandardization,securityenhancement,andimprovedfunctionalityoverpreviousversions.Inaddition,youmustuseaMicrosoft-providedTPMdriver.

注意事项：

WhenusingBitLockerwithaTPM,itisrecommendedthatBitLockerbeturnedonimmediatelyafterthecomputerhasbeenrestarted.IfthecomputerhasresumedfromsleeppriortoturningonBitLocker,theTPMmayincorrectlymeasurethepre-bootcomponentsonthecomputer.Inthissituation,whentheusersubsequentlyattemptstounlockthecomputer,theTPMverificationcheckwillfailandthecomputerwillenterBitLockerrecoverymodeandprompttheusertoproviderecoveryinformationbeforeunlockingthedrive.

8、HowcanItellwhethermycomputerhasaTPMversion 1.2?

ClickStart,clickControlPanel,clickSystemandSecurity,clickBitLockerDriveEncryption,andthenclickTurnOnBitLocker.IfyourcomputerdoesnothaveaTPMversion 1.2ortheBIOSisnotcompatiblewiththeTPM,youwillreceivethefollowingerrormessage:

AcompatibleTrustedPlatformModule（TPM）SecurityDevicemustbepresentonthiscomputer,butaTPMwasnotfound.PleasecontactyoursystemadministratortoenableBitLocker.

IfyoureceivethiserrormessageonacomputerthathasaTPM,checkifeitherofthefollowingsituationsappliestoyourcomputer:

SomecomputershaveTPMsthatdonotappearintheWindows 7TPMMicrosoftManagementConsolesnap-in（tpm.msc）duetoaBIOSsettingthathidestheTPMbydefaultanddoesnotmaketheTPMavailableunlessitisfirstenabledintheBIOS.IfyourTPMmightbehiddenintheBIOS,consultthemanufacturer'sdocumentationforinstructionstodisplayorenabletheTPM.

SomecomputersmighthaveanearlierversionoftheTPMoranearlierversionofthesystemBIOSthatisnotcompatiblewithBitLocker.ContactthecomputermanufacturertoverifythatthecomputerhasaTPMversion 1.2ortogetaBIOSupdate.

9、CanIuseBitLockeronanoperatingsystemdrivewithoutaTPMversion 1.2?

Yes,youcanenableBitLockeronanoperatingsystemdrivewithoutaTPMversion1.2,iftheBIOShastheabilitytoreadfromaUSBflashdriveinthebootenvironment.ThisisbecauseBitLockerwillnotunlocktheprotecteddriveuntilBitLocker'sownvolumemasterkeyisfirstreleasedbyeitherthecomputer'sTPMorbyaUSBflashdrivecontainingtheBitLockerstartupkeyforthatcomputer.However,computerswithoutTPMswillnotbeabletousethesystemintegrityverificationthatBitLockercanalsoprovide.

TohelpdeterminewhetheracomputercanreadfromaUSBdeviceduringthebootprocess,usetheBitLockersystemcheckaspartoftheBitLockersetupprocess.ThissystemcheckperformsteststoconfirmthatthecomputercanproperlyreadfromtheUSBdevicesattheappropriatetimeandthatthecomputermeetsotherBitLockerrequirements.

ToenableBitLockeronacomputerwithoutaTPM,youmustenablethe“Require