bitlocker的文献翻译.docx

1、bitlocker的文献翻译河南理工大学（本科）文献翻译Windows 7中Bitlocker驱动器加密常被问到的问题姓名：学号：专业：指导老师：BitLocker Drive Encryption in Windows 7: Frequently Asked QuestionsBitLocker Drive Encryption is a data protection feature available in Windows7 Enterprise, Windows7 Ultimate, and in all editions of Windows Server 2008 R2. This

2、 topic includes frequently asked questions about BitLocker in Windows7.1、What is BitLocker? How does it work?BitLocker Drive Encryption is a data protection feature available in Windows7 Enterprise and Windows7 Ultimate for client computers and in Windows Server 2008 R2. BitLocker provides enhanced

3、protection against data theft or exposure on computers and removable drives that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned as it is much more difficult to recover deleted data from an encrypted drive than from a non-encrypted drive.2、How

4、BitLocker works with operating system drives Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software attack tool against it or by transferring the computers hard disk to a different computer. BitLocker helps mitigate unauthorized data access on lost or st

5、olen computers by:Encrypting the entire Windows operating system drive on the hard disk. BitLocker encrypts all user files and system files on the operating system drive, including the swap files and hibernation files. Checking the integrity of early boot components and boot configuration data. On c

6、omputers that have a Trusted Platform Module (TPM) version 1.2, BitLocker uses the enhanced security capabilities of the TPM to help ensure that your data is accessible only if the computers boot components appear unaltered and the encrypted disk is located in the original computer.BitLocker is inte

7、grated into Windows7 and provides enterprises with enhanced data protection that is easy to manage and configure. For example, BitLocker can use an existing Active Directory Domain Services (ADDS) infrastructure to remotely store BitLocker recovery keys. 3、How BitLocker works with fixed and removabl

8、e data drives BitLocker can also be used to protect fixed and removable data drives. When used with data drives, BitLocker encrypts the entire contents of the drive and can be configured by using Group Policy to require that BitLocker be enabled on a drive before the computer can write data to the d

9、rive. BitLocker can be configured with the following unlock methods for data drives: Automatic unlock. Fixed data drives can be set to automatically unlock on a computer where the operating system drive is encrypted. Removable data drives can be set to automatically unlock on a computer running Wind

10、ows7 after the password or smart card is initially used to unlock the drive. However, removable data drives must always have either a password or smart card unlock method in addition to the automatic unlock method.Password. When users attempt to open a drive, they are prompted to enter their passwor

11、d before the drive will be unlocked. This method can be used with the BitLocker To Go Reader on computers running WindowsVista or WindowsXP, to open BitLocker-protected drives as read-only.Smart card. When users attempt to open a drive, they are prompted to insert their smart card before the drive w

12、ill be unlocked.A drive can support multiple unlock methods. For example, a removable data drive can be configured to be automatically unlocked on your primary work computer but query you for a password if used with another computer.4、Does BitLocker support multifactor authentication?Yes, BitLocker

13、supports multifactor authentication for operating system drives. If you enable BitLocker on a computer that has a TPM version1.2, you can use additional forms of authentication with the TPM protection. BitLocker offers the option to lock the normal boot process until the user supplies a personal ide

14、ntification number (PIN) or inserts a USB device (such as a flash drive) that contains a BitLocker startup key, or both the PIN and the USB device can be required. These additional security measures provide multifactor authentication and help ensure that the computer will not start or resume from hi

15、bernation until the correct authentication method is presented.备注： Use of both the USB and PIN along with the TPM must be configured by using the Manage-bde command-line tool. This protection method cannot be specified by using the BitLocker setup wizard.5、What are the BitLocker hardware and softwar

16、e requirements?To use all BitLocker features, your computer must meet the hardware and software requirements listed in the following table.Hardware configuration：The computer must meet the minimum requirements for Windows7.Operating system：Windows7 Ultimate, Windows7 Enterprise, or Windows Server 20

17、08 R2（备注：BitLocker is an optional feature of Windows Server 2008 R2. Use Server Manager to install BitLocker on a computer running Windows Server 2008 R2.）Hardware TPM：TPM version1.2, A TPM is not required for BitLocker; however, only a computer with a TPM can provide the additional security of pre-

18、startup system integrity verification and multifactor authentication.BIOS configuration：A Trusted Computing Group (TCG)-compliant BIOS. The BIOS must be set to start first from the hard disk, and not the USB or CD drives. The BIOS must be able to read from a USB flash drive during startup.File syste

19、m：At least two NTFS disk partitions, one for the system drive and one for the operating system drive. The system drive partition must be at least 100 megabytes (MB) and set as the active partition.6、Why are two partitions required? Why does the system drive have to be so large?Two partitions are req

20、uired to run BitLocker because pre-startup authentication and system integrity verification must occur on a separate partition from the encrypted operating system drive. This configuration helps protect the operating system and the information in the encrypted drive. In WindowsVista, the system driv

21、e must be 1.5 gigabytes (GB), but in Windows7 this requirement has been reduced to 100 MB for a default installation. The system drive may also be used to store the Windows Recovery Environment (Windows RE) and other files that may be specific to setup or upgrade programs. Computer manufacturers and

22、 enterprise customers can also store system tools or other recovery tools on this drive, which will increase the required size of the system drive. For example, using the system drive to store WindowsRE along with the BitLocker startup file will increase the size of the system drive to 300 MB. The s

23、ystem drive is hidden by default and is not assigned a drive letter. The system drive is created automatically when Windows7 is installed. 7、Which Trusted Platform Modules (TPMs) does BitLocker support?BitLocker supports TPM version1.2. BitLocker does not support previous versions of TPMs. Version1.

24、2 TPMs provide increased standardization, security enhancement, and improved functionality over previous versions. In addition, you must use a Microsoft-provided TPM driver. 注意事项：When using BitLocker with a TPM, it is recommended that BitLocker be turned on immediately after the computer has been re

25、started. If the computer has resumed from sleep prior to turning on BitLocker, the TPM may incorrectly measure the pre-boot components on the computer. In this situation, when the user subsequently attempts to unlock the computer, the TPM verification check will fail and the computer will enter BitL

26、ocker recovery mode and prompt the user to provide recovery information before unlocking the drive.8、How can I tell whether my computer has a TPM version1.2?Click Start, click Control Panel, click System and Security, click BitLocker Drive Encryption, and then click Turn On BitLocker. If your comput

27、er does not have a TPM version1.2 or the BIOS is not compatible with the TPM, you will receive the following error message:A compatible Trusted Platform Module (TPM) Security Device must be present on this computer, but a TPM was not found. Please contact your system administrator to enable BitLocke

28、r. If you receive this error message on a computer that has a TPM, check if either of the following situations applies to your computer:Some computers have TPMs that do not appear in the Windows7 TPM Microsoft Management Console snap-in (tpm.msc) due to a BIOS setting that hides the TPM by default a

29、nd does not make the TPM available unless it is first enabled in the BIOS. If your TPM might be hidden in the BIOS, consult the manufacturers documentation for instructions to display or enable the TPM.Some computers might have an earlier version of the TPM or an earlier version of the system BIOS t

30、hat is not compatible with BitLocker. Contact the computer manufacturer to verify that the computer has a TPM version1.2 or to get a BIOS update.9、Can I use BitLocker on an operating system drive without a TPM version1.2?Yes, you can enable BitLocker on an operating system drive without a TPM versio

31、n 1.2, if the BIOS has the ability to read from a USB flash drive in the boot environment. This is because BitLocker will not unlock the protected drive until BitLockers own volume master key is first released by either the computers TPM or by a USB flash drive containing the BitLocker startup key f

32、or that computer. However, computers without TPMs will not be able to use the system integrity verification that BitLocker can also provide.To help determine whether a computer can read from a USB device during the boot process, use the BitLocker system check as part of the BitLocker setup process. This system check performs tests to confirm that the computer can properly read from the USB devices at the appropriate time and that the computer meets other BitLocker requirements.To enable BitLocker on a computer without a TPM, you must enable the “Require