• Files copied or moved from a BitLocker-protected disk are automatically decrypted as part of the copy or move procedure.
There isn’t a heck of a lot to configure for BitLocker. It’s either on or it’s not, and you either have TPM hardware or you don’t: If your system does have TPM hardware, BitLocker will use it.
To unlock a BitLocker-protected disk, you must use a recovery key. This key can take different forms, including a password or smartcard PIN. BitLocker-protected disks can be configured to auto-unlock when you sign in to Windows, which is the recommended approach for day-to-day use.
BitLocker is generally a seamless experience, with one exception: Some software installs are blocked when BitLocker is enabled on your disk. For this reason, you can temporarily suspend BitLocker, install the software, and then re-enable BitLocker.
If you lose your recovery key—forget the password or smartcard PIN, for example—it’s game over. There is literally no other recovery option available. Microsoft Support can’t help you.
Not scared off?
To enable BitLocker, launch the BitLocker Drive Encryption control panel (as always, Start Search is your friend). Shown in Figure 14-5, BitLocker is straightforward.
You can’t use any old password: It must meet certain minimum length and complexity requirements, which could be set by corporate policy.
To enable BitLocker (or BitLocker To Go), simply click the Turn on BitLocker option next to the appropriate disk. The BitLocker Drive Encryption wizard will step you through the process of encrypting the disk and creating a recovery key, which can be a standard password or smartcard with PIN.
We recommend you do all three. (Be sure to keep the printed copy secure, in a safe perhaps.)
The wizard will also ask whether you’d like to back up the recovery key, which is certainly desirable. You can save to SkyDrive, to a file, or print the recovery key.
Once this is complete, the wizard will present two options, new to Windows 8, for encrypting the disk: It can encrypt the entire disk, including the empty space, which is slower, or just encrypt the used disk space, which is faster and perfectly acceptable for unused disks.
Figure 14-5: BitLocker and BitLocker To Go utilize the same configuration interface.
Encrypting an entire fixed disk can be a very time-consuming process. In fact, you may want to do this overnight, though the process doesn’t impact your ability to use the disk.
When the encryption is complete, you’ll see that the disk appears different in both Explorer, as shown in Figure 14-6, and in the BitLocker Drive Encryption control panel.
Figure 14-6: BitLocker-protected disks are visually differentiated and now provide other options.
They also have some new options in the control panel. These include the following:
• Back up recovery key: While the BitLocker Drive Encryption wizard won’t complete without ensuring that you back up your recovery key in some fashion, you can back it up again at any time.
• Add or Change password: If you’re using a password, you can change the password at any time. Or, if you’re using a smartcard PIN, you can add a password as a second way to enter the recovery key.
• Remove password: You can remove the password if you’ve separately configured a smartcard PIN.
• Add or Change smartcard: If you’re using a smartcard PIN, you can change the PIN at any time. Or, if you’re using a password, you can add a smartcard PIN as a second way to enter the recovery key.
• Turn on (or off) auto-unlock: By default, BitLocker-protected disks will prompt you for a password (or PIN) each time you sign in to Windows or, in the case of an external, removable disk, when you plug the drive into the PC. The password entry interface can be seen in Figure 14-7. You can use the Automatically unlock on this PC option, found under More options, to disable this tiresome requirement.
• Turn off BitLocker: If you’d like to remove BitLocker encryption from a disk, this option will reverse the process.
Figure 14-7: By default, BitLocker-protected disks require you to enter a password or PIN each time they’re first accessed.
BitLocker and BitLocker To Go are available only in Windows 8 Pro. But Windows RT, the ARM-based version of Windows 8 that’s included with Windows devices, includes a feature called drive encryption, which is on by default and functions somewhat similarly to BitLocker. Why include this feature in Windows RT? These devices are managed with a technology called Exchange ActiveSync (EAS), which uses policies to ensure that compatible devices—which include iPhones, iPads, Android devices, Windows Phones, and now Windows RT devices—meet the basic security rules of your organization. And one of the policies it can set includes device encryption. Without this security feature, many corporations wouldn’t allow users to access corporate resources.
Virtualization
Users of Windows 7 Professional, Enterprise, and Ultimate could also download a free feature called XP Mode, which was essentially a copy of Windows XP that could only be used inside of Windows Virtual PC.
In Windows 7, Microsoft provided a virtualization solution called Windows Virtual PC that allowed users to run virtualized instances of Windows XP, Vista, and 7, and even individual applications within those environments, side by side with native Windows 7 applications. And it did so without forcing users to manage the complexity of dealing with two desktops, one virtualized and one native.
Windows Virtual PC offered decent functionality but middling performance because it was based on an older form of virtualization technology purchased long ago from Connectix Corporation. So in Windows 8, Microsoft has dramatically expanded the virtualization capabilities of its desktop OS. And let’s just say that performance is no longer going to be an issue.
Thanks to the integration of its previously server-only hypervisor technology, Hyper-V, Windows 8 offers the same core virtualization features as does Windows Server 2012, albeit aimed at a few core scenarios. And it doesn’t stop there: Windows 8 also includes some interesting and useful virtualization integration features that really put this version over the top.
