deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-07-09 14:13:39 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Reviewed_bitlocker-overview-and-requirements-faq.md (#3883)

Browse Source
This commit is contained in:
Asha Iyengar
2020-09-29 12:58:07 +05:30
committed by GitHub
parent 4d837887e0
commit 28ce946dab
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md
View File

@ -27,7 +27,11 @@ ms.custom: bitlocker
**How does BitLocker work with operating system drives** **How does BitLocker work with operating system drives**
You can use BitLocker to mitigate unauthorized data access on lost or stolen computers by encrypting all user files and system files on the operating system drive, including the swap files and hibernation files, and checking the integrity of early boot components and Boot Configuration Data (BCD). For further information, see [BitLocker overview] (bitlocker-deviceencryption-overview.md#internal-drive-encryption). You can use BitLocker to mitigate unauthorized data access on lost or stolen computers by:
- Encrypting all user files and system files (including the swap files and hibernation files) on the operating system drive.
- Checking the integrity of early boot components and Boot Configuration Data (BCD).
For more information, see [BitLocker overview] (bitlocker-deviceencryption-overview.md#internal-drive-encryption).
**How does BitLocker work with fixed and removable data drives** **How does BitLocker work with fixed and removable data drives**
@ -43,6 +47,7 @@ For requirements, see [System requirements](bitlocker-deviceencryption-overview.
> [!NOTE] > [!NOTE]
> Dynamic disks are not supported by BitLocker. Dynamic data volumes are not displayed in the Control Panel. Although the operating system volume is always displayed in the Control Panel, regardless of whether it is a dynamic disk, it cannot be protected by BitLocker if it is a dynamic disk. > Dynamic disks are not supported by BitLocker. Dynamic data volumes are not displayed in the Control Panel. Although the operating system volume is always displayed in the Control Panel, regardless of whether it is a dynamic disk, it cannot be protected by BitLocker if it is a dynamic disk.
**Question - The above statement is not clear**.
## Why are two partitions required? Why does the system drive have to be so large? ## Why are two partitions required? Why does the system drive have to be so large?
@ -66,7 +71,7 @@ Beginning with Windows 10, version 1803, you can check TPM status in **Windows D
Yes, you can enable BitLocker on an operating system drive that does not have a TPM version 1.2 or higher, which can be done through the following options: Yes, you can enable BitLocker on an operating system drive that does not have a TPM version 1.2 or higher, which can be done through the following options:
- If the BIOS or UEFI firmware has the ability to read from a USB flash drive in the boot environment, you can use a removable disk. To help determine whether a computer can read from a USB device during the boot process, use the BitLocker system check as part of the BitLocker setup process. This system check performs tests to confirm that the computer can properly read from the USB devices at the appropriate time and that the computer meets other BitLocker requirements. - If the BIOS or UEFI firmware has the ability to read from a USB flash drive in the boot environment, you can use a removable disk. To help determine whether a computer can read from a USB device during the boot process, use the BitLocker system check as part of the BitLocker setup process. This system check performs tests to confirm that the computer can properly read from the USB devices at the appropriate time and that the computer meets other BitLocker requirements.
- You can use a password or a PIN to unlock the encrypted diskThis is because BitLocker will not unlock the protected drive until BitLocker's own volume master key is first released by either the computer's TPM or a USB flash drive containing the BitLocker startup key for that computer. - You can use a password or a PIN to unlock the encrypted disk. This is because BitLocker will not unlock the protected drive until BitLocker's own volume master key is first released by either the computer's TPM or a USB flash drive containing the BitLocker startup key for that computer.
- In addition to the above two options, the volume master key can be encrypted with a password or a PIN so that it can be displayed in a decrypted version when the user keys in the password. - In addition to the above two options, the volume master key can be encrypted with a password or a PIN so that it can be displayed in a decrypted version when the user keys in the password.