Welcome to Vista Banter. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
|
Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security) |
|
LinkBack | Thread Tools | Display Modes |
|
|||
Bitlocker
I have two question that i need to clarify?
First, How not having a TPM chip affects bitlocker? is it the early-boot component that i require? because i understand that i CAN use a USB for this Second, if i take a Bitlocker encripted disk and plug it as a secondary drive on another computer, how can i read it (For restore purposes) Thanks. Or. |
|
|||
Bitlocker
Compared to a USB flash drive, the TMP chip is integrated into the
motherboard and "always plugged in". If you have a TMP, you can also add a PIN/password to be typed in when the computer starts (in addition to any passwords on user accounts). I don't think you can read an encrypted hard drive without the encryption key, but I haven't tried. I'll try it now and let you know. "Or Tsemah" wrote: I have two question that i need to clarify? First, How not having a TPM chip affects bitlocker? is it the early-boot component that i require? because i understand that i CAN use a USB for this Second, if i take a Bitlocker encripted disk and plug it as a secondary drive on another computer, how can i read it (For restore purposes) Thanks. Or. |
|
|||
Bitlocker
Please tell me, is there any difference of running a Laptop with a "TPM
Transparent" Bitlocker state (Without the use of PIN\USB) and not running Bitlocker at all? I mean, if the computer get stolen, the thief could read the info on the drive because the TPM handels the encryption. Or. "Brian Lew" wrote: Compared to a USB flash drive, the TMP chip is integrated into the motherboard and "always plugged in". If you have a TMP, you can also add a PIN/password to be typed in when the computer starts (in addition to any passwords on user accounts). I don't think you can read an encrypted hard drive without the encryption key, but I haven't tried. I'll try it now and let you know. "Or Tsemah" wrote: I have two question that i need to clarify? First, How not having a TPM chip affects bitlocker? is it the early-boot component that i require? because i understand that i CAN use a USB for this Second, if i take a Bitlocker encripted disk and plug it as a secondary drive on another computer, how can i read it (For restore purposes) Thanks. Or. |
|
|||
Bitlocker
The only difference I can see is if only the hard drive is stolen. And
you're right, if the whole computer is stolen, and BitLocker is still in transparent mode, it will still be transparent. "Or Tsemah" wrote: Please tell me, is there any difference of running a Laptop with a "TPM Transparent" Bitlocker state (Without the use of PIN\USB) and not running Bitlocker at all? I mean, if the computer get stolen, the thief could read the info on the drive because the TPM handels the encryption. Or. "Brian Lew" wrote: Compared to a USB flash drive, the TMP chip is integrated into the motherboard and "always plugged in". If you have a TMP, you can also add a PIN/password to be typed in when the computer starts (in addition to any passwords on user accounts). I don't think you can read an encrypted hard drive without the encryption key, but I haven't tried. I'll try it now and let you know. "Or Tsemah" wrote: I have two question that i need to clarify? First, How not having a TPM chip affects bitlocker? is it the early-boot component that i require? because i understand that i CAN use a USB for this Second, if i take a Bitlocker encripted disk and plug it as a secondary drive on another computer, how can i read it (For restore purposes) Thanks. Or. |
|
|||
Bitlocker
Thanks for the quick response.
I have another question qbout security for you It's a simple one, How does the NAP Health server directs me to a quarnatined Network when my health certificate is inadiquate? Does it tells my DHCP Server to change my IP? Or maybe tells the switch hardware to move me to a VLAN? Thanks. Or. "Brian Lew" wrote: The only difference I can see is if only the hard drive is stolen. And you're right, if the whole computer is stolen, and BitLocker is still in transparent mode, it will still be transparent. "Or Tsemah" wrote: Please tell me, is there any difference of running a Laptop with a "TPM Transparent" Bitlocker state (Without the use of PIN\USB) and not running Bitlocker at all? I mean, if the computer get stolen, the thief could read the info on the drive because the TPM handels the encryption. Or. "Brian Lew" wrote: Compared to a USB flash drive, the TMP chip is integrated into the motherboard and "always plugged in". If you have a TMP, you can also add a PIN/password to be typed in when the computer starts (in addition to any passwords on user accounts). I don't think you can read an encrypted hard drive without the encryption key, but I haven't tried. I'll try it now and let you know. "Or Tsemah" wrote: I have two question that i need to clarify? First, How not having a TPM chip affects bitlocker? is it the early-boot component that i require? because i understand that i CAN use a USB for this Second, if i take a Bitlocker encripted disk and plug it as a secondary drive on another computer, how can i read it (For restore purposes) Thanks. Or. |
|
|||
Bitlocker
I have no clue; sorry I couldn't be of more help.
"Or Tsemah" wrote: Thanks for the quick response. I have another question qbout security for you It's a simple one, How does the NAP Health server directs me to a quarnatined Network when my health certificate is inadiquate? Does it tells my DHCP Server to change my IP? Or maybe tells the switch hardware to move me to a VLAN? Thanks. Or. "Brian Lew" wrote: The only difference I can see is if only the hard drive is stolen. And you're right, if the whole computer is stolen, and BitLocker is still in transparent mode, it will still be transparent. "Or Tsemah" wrote: Please tell me, is there any difference of running a Laptop with a "TPM Transparent" Bitlocker state (Without the use of PIN\USB) and not running Bitlocker at all? I mean, if the computer get stolen, the thief could read the info on the drive because the TPM handels the encryption. Or. "Brian Lew" wrote: Compared to a USB flash drive, the TMP chip is integrated into the motherboard and "always plugged in". If you have a TMP, you can also add a PIN/password to be typed in when the computer starts (in addition to any passwords on user accounts). I don't think you can read an encrypted hard drive without the encryption key, but I haven't tried. I'll try it now and let you know. "Or Tsemah" wrote: I have two question that i need to clarify? First, How not having a TPM chip affects bitlocker? is it the early-boot component that i require? because i understand that i CAN use a USB for this Second, if i take a Bitlocker encripted disk and plug it as a secondary drive on another computer, how can i read it (For restore purposes) Thanks. Or. |
|
|||
Bitlocker
A couple of clarifications on BitLocker for you regarding your questions on
this thread: (1) How to read the disk in another computer for restore purposes For this scenario, a USB key or password is required. The "manage-bde" command line interface, which wraps around the WMI interface, is the most powerful way to address all desired restore scenarios. (2) Can a thief read a TPM protected disk? In the TPM-only case, the TPM is protecting the OS. Although the OS has full access to the data because the OS has the key, it is protecting access to the disk. For this security to work successfully, it is important that the logon password is strong. I.e. a blank password would allow the thief access to the data . In summary, TPM ensures OS cannot have the key if it is cracked. IS has key if the OS is not cracked. Thief cannot get key without cracking OS. TPM+USB or TPM+PIN does provided extra security depth, however these usually have a usability pain factor associated with them. - Jamie Hunter [MS] ---- "Or Tsemah" wrote in message ... I have two question that i need to clarify? First, How not having a TPM chip affects bitlocker? is it the early-boot component that i require? because i understand that i CAN use a USB for this Second, if i take a Bitlocker encripted disk and plug it as a secondary drive on another computer, how can i read it (For restore purposes) Thanks. Or. |