Security Guard. Tips and Tricks for Windows 7 Protection

There are several obvious actions which can help you to protect your PC. You should install the newest patches for the OS and apps. Besides, buy the newest anti-virus software and use complex passwords. Here you will find some recommendations which can help you to use all the protection capabilities in Windows 7.

Using BitLocker

BitLocker is one of the most popular and improved securities in Win 7. This hard disk and encryption technology and protecting the integrity of the boot medium first appeared in Windows Vista. We can find BitLocker in several Ultimate and Enterprise edition of Win 7.  This program does not allow an attacker to extract data from the hard disk of stolen notebook if it was off at the time of the theft.

But there is one problem with BitLocker. It is difficult to restore data after hardware failure if protected volumes were blocked. That’s why although this technology can provide a great protection many of IT-specialists say that it is a problematic thing, because they face with it when it is necessary to make a data recovery.

In order to restore your data you need an access to keys or password of Bitlocker (which relate to blocked volumes). If there are not many computers it is easy to watch passwords and keys, but if the bill goes to the hundreds of them this task is really difficult.

Group policy allows IT-experts to configure BitLocker so, that encryption activates only after the successful creation of the keys and passwords’ back-up copies in Active Directory. Restoring of the encrypted data became really easy because of the changes in equipment of “Active Directory – users and computers” in Windows Server 2008 R2 and appearing of Remote Server Administration Tools for Win 7.  Keys and password search became easier than in the same facilities of Win Vista.

Instead of uploading, installing and configuring special options you just need to refer to the keys and recovery passwords of BitLocker using “BitLocker Recovery” (you can find it at the page of the properties of the computer account in “Active Directory Users and Computers”). The passwords and key back-up process include three stages.

1. In the group policy editor of the computers’ accounts go to the folder Computer Configuration/Windows Settings/Administrative Templates/Windows Components/BitLocker Drive Encryption.

2. If a computer has only one disk, go to the unit “Operating System Drivers” and edit the policy “Choose how BitLocker protected operating system drivers can be recovered”. If there is more than one disk use the unit “Fixed Data Drivers” and edit the policy “Choose how BitLocker protected fixed data drivers can be recovered”. Pay attention that although these policies can be configured identically they will affect to different disks.  

3. Inorder to adapt back-up copy of the passwords and keys of BitLocker in Active Directory when BitLocker protection is on, turn on the next options:

- Save BitLocker recovery information to AD DS for the operating system drivers and for hard disks if you need.

- Do not enable BitLocker until recovery information is stored in AD DS for the operating system drivers and for hard disks.

Passwords and keys of the protected volumes will be copied only after applying the policy. Passwords and keys of the volumes where BitLocker protection was configured earlier will not copy automatically to Active Directory. You will need to disable and enable again BitLocker and only after that the backup information will appear in Active Directory.

About the author: Paul Smith is a staff writer of http://askessay.com/. He is passionate about writing on various topics, including business, technology and social media.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.