bitlocker的文献翻译Word格式文档下载.docx
- 文档编号:19990681
- 上传时间:2023-01-13
- 格式:DOCX
- 页数:23
- 大小:37.53KB
bitlocker的文献翻译Word格式文档下载.docx
《bitlocker的文献翻译Word格式文档下载.docx》由会员分享,可在线阅读,更多相关《bitlocker的文献翻译Word格式文档下载.docx(23页珍藏版)》请在冰豆网上搜索。
指导老师:
BitLockerDriveEncryptioninWindows7:
FrequentlyAskedQuestions
BitLockerDriveEncryptionisadataprotectionfeatureavailableinWindows
7Enterprise,Windows
7Ultimate,andinalleditionsofWindowsServer2008R2.ThistopicincludesfrequentlyaskedquestionsaboutBitLockerinWindows
7.
1、WhatisBitLocker?
Howdoesitwork?
7EnterpriseandWindows
7UltimateforclientcomputersandinWindowsServer2008R2.BitLockerprovidesenhancedprotectionagainstdatatheftorexposureoncomputersandremovabledrivesthatarelostorstolen,andmoresecuredatadeletionwhenBitLocker-protectedcomputersaredecommissionedasitismuchmoredifficulttorecoverdeleteddatafromanencrypteddrivethanfromanon-encrypteddrive.
2、HowBitLockerworkswithoperatingsystemdrives
Dataonalostorstolencomputerisvulnerabletounauthorizedaccess,eitherbyrunningasoftwareattacktoolagainstitorbytransferringthecomputer'
sharddisktoadifferentcomputer.BitLockerhelpsmitigateunauthorizeddataaccessonlostorstolencomputersby:
EncryptingtheentireWindowsoperatingsystemdriveontheharddisk.BitLockerencryptsalluserfilesandsystemfilesontheoperatingsystemdrive,includingtheswapfilesandhibernationfiles.
Checkingtheintegrityofearlybootcomponentsandbootconfigurationdata.OncomputersthathaveaTrustedPlatformModule(TPM)version1.2,BitLockerusestheenhancedsecuritycapabilitiesoftheTPMtohelpensurethatyourdataisaccessibleonlyifthecomputer'
sbootcomponentsappearunalteredandtheencrypteddiskislocatedintheoriginalcomputer.
BitLockerisintegratedintoWindows
7andprovidesenterpriseswithenhanceddataprotectionthatiseasytomanageandconfigure.Forexample,BitLockercanuseanexistingActiveDirectoryDomainServices(AD
DS)infrastructuretoremotelystoreBitLockerrecoverykeys.
3、HowBitLockerworkswithfixedandremovabledatadrives
BitLockercanalsobeusedtoprotectfixedandremovabledatadrives.Whenusedwithdatadrives,BitLockerencryptstheentirecontentsofthedriveandcanbeconfiguredbyusingGroupPolicytorequirethatBitLockerbeenabledonadrivebeforethecomputercanwritedatatothedrive.BitLockercanbeconfiguredwiththefollowingunlockmethodsfordatadrives:
Automaticunlock.Fixeddatadrivescanbesettoautomaticallyunlockonacomputerwheretheoperatingsystemdriveisencrypted.RemovabledatadrivescanbesettoautomaticallyunlockonacomputerrunningWindows
7afterthepasswordorsmartcardisinitiallyusedtounlockthedrive.However,removabledatadrivesmustalwayshaveeitherapasswordorsmartcardunlockmethodinadditiontotheautomaticunlockmethod.
Password.Whenusersattempttoopenadrive,theyarepromptedtoentertheirpasswordbeforethedrivewillbeunlocked.ThismethodcanbeusedwiththeBitLockerToGoReaderoncomputersrunningWindows
VistaorWindows
XP,toopenBitLocker-protecteddrivesasread-only.
Smartcard.Whenusersattempttoopenadrive,theyarepromptedtoinserttheirsmartcardbeforethedrivewillbeunlocked.
Adrivecansupportmultipleunlockmethods.Forexample,aremovabledatadrivecanbeconfiguredtobeautomaticallyunlockedonyourprimaryworkcomputerbutqueryyouforapasswordifusedwithanothercomputer.
4、DoesBitLockersupportmultifactorauthentication?
Yes,BitLockersupportsmultifactorauthenticationforoperatingsystemdrives.IfyouenableBitLockeronacomputerthathasaTPMversion
1.2,youcanuseadditionalformsofauthenticationwiththeTPMprotection.BitLockerofferstheoptiontolockthenormalbootprocessuntiltheusersuppliesapersonalidentificationnumber(PIN)orinsertsaUSBdevice(suchasaflashdrive)thatcontainsaBitLockerstartupkey,orboththePINandtheUSBdevicecanberequired.Theseadditionalsecuritymeasuresprovidemultifactorauthenticationandhelpensurethatthecomputerwillnotstartorresumefromhibernationuntilthecorrectauthenticationmethodispresented.
备注:
UseofboththeUSBandPINalongwiththeTPMmustbeconfiguredbyusingtheManage-bdecommand-linetool.ThisprotectionmethodcannotbespecifiedbyusingtheBitLockersetupwizard.
5、WhataretheBitLockerhardwareandsoftwarerequirements?
TouseallBitLockerfeatures,yourcomputermustmeetthehardwareandsoftwarerequirementslistedinthefollowingtable.
Hardwareconfiguration:
ThecomputermustmeettheminimumrequirementsforWindows
Operatingsystem:
Windows
7Ultimate,Windows
7Enterprise,orWindowsServer2008R2(备注:
BitLockerisanoptionalfeatureofWindowsServer2008R2.UseServerManagertoinstallBitLockeronacomputerrunningWindowsServer2008R2.)
HardwareTPM:
TPMversion
1.2,ATPMisnotrequiredforBitLocker;
however,onlyacomputerwithaTPMcanprovidetheadditionalsecurityofpre-startupsystemintegrityverificationandmultifactorauthentication.
BIOSconfiguration:
ATrustedComputingGroup(TCG)-compliantBIOS.TheBIOSmustbesettostartfirstfromtheharddisk,andnottheUSBorCDdrives.TheBIOSmustbeabletoreadfromaUSBflashdriveduringstartup.
Filesystem:
AtleasttwoNTFSdiskpartitions,oneforthesystemdriveandonefortheoperatingsystemdrive.Thesystemdrivepartitionmustbeatleast100megabytes(MB)andsetastheactivepartition.
6、Whyaretwopartitionsrequired?
Whydoesthesystemdrivehavetobesolarge?
TwopartitionsarerequiredtorunBitLockerbecausepre-startupauthenticationandsystemintegrityverificationmustoccuronaseparatepartitionfromtheencryptedoperatingsystemdrive.Thisconfigurationhelpsprotecttheoperatingsystemandtheinformationintheencrypteddrive.InWindows
Vista,thesystemdrivemustbe1.5gigabytes(GB),butinWindows
7thisrequirementhasbeenreducedto100MBforadefaultinstallation.ThesystemdrivemayalsobeusedtostoretheWindowsRecoveryEnvironment(WindowsRE)andotherfilesthatmaybespecifictosetuporupgradeprograms.Computermanufacturersandenterprisecustomerscanalsostoresystemtoolsorotherrecoverytoolsonthisdrive,whichwillincreasetherequiredsizeofthesystemdrive.Forexample,usingthesystemdrivetostoreWindows
REalongwiththeBitLockerstartupfilewillincreasethesizeofthesystemdriveto300MB.Thesystemdriveishiddenbydefaultandisnotassignedadriveletter.ThesystemdriveiscreatedautomaticallywhenWindows
7isinstalled.
7、WhichTrustedPlatformModules(TPMs)doesBitLockersupport?
BitLockersupportsTPMversion
1.2.BitLockerdoesnotsupportpreviousversionsofTPMs.Version
1.2TPMsprovideincreasedstandardization,securityenhancement,andimprovedfunctionalityoverpreviousversions.Inaddition,youmustuseaMicrosoft-providedTPMdriver.
注意事项:
WhenusingBitLockerwithaTPM,itisrecommendedthatBitLockerbeturnedonimmediatelyafterthecomputerhasbeenrestarted.IfthecomputerhasresumedfromsleeppriortoturningonBitLocker,theTPMmayincorrectlymeasurethepre-bootcomponentsonthecomputer.Inthissituation,whentheusersubsequentlyattemptstounlockthecomputer,theTPMverificationcheckwillfailandthecomputerwillenterBitLockerrecoverymodeandprompttheusertoproviderecoveryinformationbeforeunlockingthedrive.
8、HowcanItellwhethermycomputerhasaTPMversion
1.2?
ClickStart,clickControlPanel,clickSystemandSecurity,clickBitLockerDriveEncryption,andthenclickTurnOnBitLocker.IfyourcomputerdoesnothaveaTPMversion
1.2ortheBIOSisnotcompatiblewiththeTPM,youwillreceivethefollowingerrormessage:
AcompatibleTrustedPlatformModule(TPM)SecurityDevicemustbepresentonthiscomputer,butaTPMwasnotfound.PleasecontactyoursystemadministratortoenableBitLocker.
IfyoureceivethiserrormessageonacomputerthathasaTPM,checkifeitherofthefollowingsituationsappliestoyourcomputer:
SomecomputershaveTPMsthatdonotappearintheWindows
7TPMMicrosoftManagementConsolesnap-in(tpm.msc)duetoaBIOSsettingthathidestheTPMbydefaultanddoesnotmaketheTPMavailableunlessitisfirstenabledintheBIOS.IfyourTPMmightbehiddenintheBIOS,consultthemanufacturer'
sdocumentationforinstructionstodisplayorenabletheTPM.
SomecomputersmighthaveanearlierversionoftheTPMoranearlierversionofthesystemBIOSthatisnotcompatiblewithBitLocker.ContactthecomputermanufacturertoverifythatthecomputerhasaTPMversion
1.2ortogetaBIOSupdate.
9、CanIuseBitLockeronanoperatingsystemdrivewithoutaTPMversion
Yes,youcanenableBitLockeronanoperatingsystemdrivewithoutaTPMversion1.2,iftheBIOShastheabilitytoreadfromaUSBflashdriveinthebootenvironment.ThisisbecauseBitLockerwillnotunlocktheprotecteddriveuntilBitLocker'
sownvolumemasterkeyisfirstreleasedbyeitherthecomputer'
sTPMorbyaUSBflashdrivecontainingtheBitLockerstartupkeyforthatcomputer.However,computerswithoutTPMswillnotbeabletousethesystemintegrityverificationthatBitLockercanalsoprovide.
TohelpdeterminewhetheracomputercanreadfromaUSBdeviceduringthebootprocess,usetheBitLockersystemcheckaspartoftheBitLockersetupprocess.ThissystemcheckperformsteststoconfirmthatthecomputercanproperlyreadfromtheUSBdevicesattheappropriatetimeandthatthecomputermeetsotherBitLockerrequirements.
ToenableBitLockeronacomputerwithoutaTPM,youmustenablethe“Require
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- bitlocker 文献 翻译