Published: May 29, 2007
Deploying data encryption across an organization requires a great deal of deliberation and prior planning. The Data Encryption Toolkit for Mobile PCs Planning and Implementation Guide describes the planning and implementation processes you should follow to use Microsoft® BitLocker™ Drive Encryption (BitLocker) and the Encrypting File System (EFS) as part of your strategy for protecting data on mobile PCs.
A Quick Overview of BitLocker
BitLocker is an important new security feature in the Windows Vista™ operating system that provides significant data and operating system protection for your computer. BitLocker is a full-volume encryption technology that can help ensure that data is not revealed if someone tampers with the computer when the installed operating system is offline. It is most effective on computers that have a compatible Trusted Platform Module (TPM) microchip and BIOS, because it uses them to provide enhanced data protection and to ensure early boot component integrity. BitLocker can optionally use an external USB key as a token to hold the startup key.
A Quick Overview of EFS
EFS enables transparent encryption and decryption of files by using advanced standards–based cryptographic algorithms. Any individual or program that does not possess the appropriate cryptographic key cannot decrypt the encrypted data, even if they gain physical possession of the computer on which the files reside. Even people who are authorized to access the computer and its file system cannot view the data.
EFS combines two types of encryption: a symmetric cipher is used to protect the data in the file, and an asymmetric cipher is used to protect the key used in the symmetric cipher.
The Distributed Systems Guide of the Windows 2000 Server Resource Kit includes a comprehensive overview of EFS and a collection of information about EFS in Microsoft Windows® 2000. To locate this information online, use the Windows 2000 Server Resource Kit table of contents to browse to the Distributed Systems Guide, expand Distributed Security and then click Encrypting File System.
There are differences between EFS in Windows 2000, Windows XP Professional, Windows Server® 2003, and Windows Vista. The Windows XP Professional Resource Kit explains the differences between implementations of EFS in Windows 2000 and Windows XP Professional, and the "Encrypting File System in Windows XP and Windows Server 2003" article describes modifications in Windows XP and Windows Server 2003. Differences between EFS in Windows XP Professional and Windows Vista are described in Chapter 2: Configuration and Deployment Tasks in this guide.
The Planning and Implementation Guide chapters discuss the following topics:
Who Should Read this Guide
This guide is intended for IT professionals who are responsible for designing, planning for, and implementing computer networks that that include dozens to thousands of client computers, especially laptop and Tablet PC computers. You should read this guide if your responsibilities include:
Support and Feedback
The Solution Accelerators – Security and Compliance (SA-SC) team would appreciate your thoughts about this and other Solution Accelerators. Please contribute comments and feedback to firstname.lastname@example.org. We look forward to hearing from you.
Solution Accelerators provide prescriptive guidance and automation for cross-product integration. They present proven tools and content so you can plan, build, deploy, and operate information technology with confidence. To view the extensive range of Solution Accelerators and for additional information, visit the Solution Accelerators page on Microsoft TechNet.
The SA-SC team would like to acknowledge and thank the group of people who produced the Data Encryption Toolkit for Mobile PCs Planning and Implementation Guide. The following individuals were either directly responsible or made a substantial contribution to the writing, development, and testing of this guide.
Mike Smith-Lonergan - Microsoft
David Mowers - Securitay, Inc.
Bill Canning - Microsoft
Roger A. Grimes - Microsoft
Paul Robichaux - 3Sharp, LLC
Steve Wacker - Wadeware LLC
Randy Armknecht - Calamos Investments
Vijay Bharadwaj - Microsoft
Marcus Bluestein - Kraft Kennedy & Lesser, Inc.
Dean Chen - Waggener Edstrom Worldwide
Tom Daemen - Microsoft
Mike Danseglio - Microsoft
Erik Holt - Microsoft
Russell Humphries - Microsoft
David Kennedy - Microsoft
Douglas MacIver - Microsoft
Sanjay Pandit - Microsoft
Greg Petersen - Avanade
Matt Setzer - Microsoft
Stan Shkolnik - Deloitte Touche Tohmatsu
Michael Trotman - United States Postal Service (USPS)
Richard Trusson - Microsoft
Mike Wolfe - Microsoft
Alain Meeus - Microsoft
Jim Stuart - Microsoft
Karina Larson - Microsoft
Gaurav Singh Bora - Microsoft
Sumit Ajitkumar Parikh - Infosys Technologies Ltd.
Swaminathan Viswanathan - Infosys Technologies Ltd.
Swapna Rangachari Jagannathan - Infosys Technologies Ltd.
Neethu Thomas - Infosys Technologies Ltd.