Sharing of thoughts and information is what blogging is all about. This way we can learn from each other. Post A Comment!These postings are provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.
Anthony Bartolo Twitter | LinkedIn
Pierre Roman Twitter | LinkedIn
BitLocker To Go is Microsoft’s removable media encryption solution offered for Windows 8.1. It utilizes the same underlying disk encryption technology as BitLocker does for fixed disks but is designed to address the removable media use case. If the USB key in question is ever lost, it is protected with BitLocker To Go thus keeping the data secure. Should the key be found by someone other than the owner, the data is still unreadable without the required PIN. This renders the data essentially useless except by an authorized user. There are dozens of configuration options managed through policy objects that can be used to control BitLocker. Details in regards to these options can be found on TechNet. Most organizations need to understand how they want to implement BitLocker To Go. A good starting point is to consider the following questions:
The decision whether or not to encrypt removable media is usually made by the organization and not left to the discretion of the end user. If the decision is left to the end user, both training and sound judgement will be required. Ultimately there is no way to ensure or measure compliance when the decision is left to the individual user's discretion. Typically, an organization will want to ensure compliance. This involves creating a process to centrally encrypt USB keys and have a request/authorization process for users that need to right to keys. The scenario for USB keys is something like the following:
To implement the above scenario the following GPOs can be used as a starting point:
Be sure to take advantage of the Microsoft Virtual Academy to learn additional aspects of utilizing Windows-To-Go offered in Windows 8.1 to better enable your organization.