1. Home
  2. Teknologi

EFS Recovery Agent To recover encrypted files with lost or damaged keys, you use a special EFS

EFS Recovery Agent To recover encrypted files with lost or damaged keys, you use a special EFS

certificate. To use this special certificate, you have to create the recovery cer- tificate, install it, and then update other EFS certificates with the recovery certificate.

To create a recovery certificate, do the following:

1. Open a command prompt.

2. Insert the removable media (a disk or USB flash drive) that you’re using to store your certificate.

3. Navigate to the directory on the removable media drive where you want to store the recovery certificate by typing drive letter (where drive

letter is the letter of the removable media) and then pressing Enter.

CHAPTER 9: Managing Files and Folders

4. Type cipher /r: filename (where filename is the name that you want to give to the recovery certificate) and then press Enter. If you’re

prompted for an administrator password or confirmation, type the pass- word or provide confirmation.

Windows stores the certificate in the directory shown at the command prompt. To install the recovery certificate, use the following steps:

1. Insert the removable media that contains your recovery certificate.

2. Click the Start button. In the search box, type secpol.msc , and then press Enter. If you’re prompted for an administrator password or confir-

mation, type the password or provide confirmation.

3. In the left pane, double-click Public Key Policies, right-click Encrypting File System, and then click Add Data Recovery Agent. This opens the Add Recovery Agent Wizard.

4. Click Next and then navigate to your recovery certificate.

5. Click the certificate and then click Open.

6. When you are asked if you want to install the certificate, click Yes, click Next, and then click Finish.

7. Click to open Command Prompt.

8. At the command prompt, type gpupdate and then press Enter. To update previously encrypted files with the new recovery certificate, do the

following:

1. Log on to the account you were using when you first encrypted the files.

2. Click to open Command Prompt.

3. At the command prompt, type cipher /u and then press Enter. If you choose not to update encrypted files with the new recovery certificate at

this time, the files are automatically updated the next time you open them.

BitLocker Drive Encryption

A new feature that was added to Windows Vista was BitLocker Drive Encryption, which is designed to protect computers from attackers who have physical access to a computer. Without BitLocker Drive Encryption, an attacker

Encryption

could start the computer with a boot disk and then reset the administrator password to gain full control of the computer. Or the attacker could access the computer’s hard disk directly by using a different operating system to bypass file permissions.

BitLocker Drive Encryption is the feature in Windows 7 that makes use of a computer’s Trusted Platform Module (TPM), which is a microchip that is built into a computer. It is used to store cryptographic information, such as encryption keys. Information stored on the TPM can be more secure from external software attacks and physical theft then have the information stored on a USB flash drive. BitLocker Drive Encryption can use a TPM to validate the integrity of a computer’s boot manager and boot files at startup, and to guarantee that a computer’s hard disk has not been tampered with while the operating system was offline. BitLocker Drive Encryption also stores meas- urements of core operating system files in the TPM.

If a computer has a functional TPM, the encryption keys can be stored in the TPM. If someone removes the hard drive from the system, the information on the hard drive cannot be accessed because it must be decrypted with the keys stored on the TPM.

In addition, the TPM performs a hash on a snapshot of the important operat- ing system configuration files. When the system boots, TPM performs anoth- er hash on the same system configuration files and compares the two hash val- ues. The TPM releases the key to unlock the encrypted volume. If the values do not match, BitLocker determines that the system has been compromised, locks the drive, and goes into recovery mode. To unlock the system that is in recovery mode, you have to enter a 48-decimal-digit key. Of course, you must make sure that you create the recovery password when you turn on BitLocker for the first time. If you don’t, you could permanently lose access to your files. Recovery mode is also used if a disk drive is transferred to another system.

BitLocker can be used in three ways: . TPM-only: This is transparent to the user, and the user logon experi-

ence is unchanged. If the TPM is missing or changed, or if the TPM detects changes to critical operating system startup files, BitLocker enters its recovery mode, and you need a recovery password to regain access to the data.

. TPM with startup key: In addition to the protection provided by the TPM, a part of the encryption key is stored on a USB flash drive. This is referred to as a startup key. Data on the encrypted volume cannot be accessed without the startup key.

CHAPTER 9: Managing Files and Folders

. TPM with PIN: In addition to the protection provided by the TPM, BitLocker requires a PIN to be entered by the user. Data on the encrypted volume cannot be accessed without entering the PIN.

By default, the BitLocker Setup Wizard is configured to work seamlessly with the TPM. An administrator can use Group Policy or a script to enable addi- tional features and options.

On computers without a compatible TPM, BitLocker can provide encryption, but not the added security of locking keys with the TPM. In this case, the user is required to create a startup key that is stored on a USB flash drive.

On computers with a compatible TPM, BitLocker Drive Encryption can use one of two TPM modes:

. TPM-only: In this mode, only the TPM is used for validation. When the computer starts up, the TPM is used to validate the boot files, the operating system files, and any encrypted volumes. Because the user doesn’t need to provide an additional startup key, this mode is transpar- ent to the user and the user logon experience is unchanged. However, if the TPM is missing or the integrity of files or volumes has changed, BitLocker enters recovery mode and requires a recovery key or password to regain access to the boot volume.

. Startup key: In this mode, both the TPM and a startup key are used for validation. When the computer starts up, the TPM is used to validate the boot files, the operating system files, and any encrypted volumes. The user must have a startup key to log on to the computer. A startup key can be either physical, such as a USB flash drive with a machine- readable key written to it, or personal, such as a personal identification number (PIN) set by the user. If the user doesn’t have the startup key or is unable to provide the correct startup key, BitLocker enters recovery mode. As before, BitLocker also enters recovery mode if the TPM is missing or the integrity of boot files or encrypted volumes has changed.

The system requirements of BitLocker are as follows: . Because BitLocker stores its own encryption and decryption key in a

hardware device that is separate from your hard disk, you must have one of the following:

A computer with TPM. If your computer was manufactured with TPM version 1.2 or higher, BitLocker stores its key in the TPM.

Encryption

A removable USB memory device, such as a USB flash drive. If your computer doesn’t have TPM version 1.2 or higher, BitLocker stores its key on the flash drive.

. Your computer must have at least two partitions. One partition must include the drive Windows is installed on. This is the drive that BitLocker encrypts. The other partition is the active partition, which must remain unencrypted so that the computer can be started. Partitions must be formatted with the NTFS file system.

. Your computer must have a BIOS that is compatible with TPM and sup- ports USB devices during computer startup. If this is not the case, you need to update the BIOS before using BitLocker.

To find out if your computer has TPM security hardware, do the following:

1. Open BitLocker Drive Encryption by clicking the Start button, clicking

Dokumen yang terkait

Keanekaragaman Makrofauna Tanah Daerah Pertanian Apel Semi Organik dan Pertanian Apel Non Organik Kecamatan Bumiaji Kota Batu sebagai Bahan Ajar Biologi SMA

26 317 36

FREKUENSI KEMUNCULAN TOKOH KARAKTER ANTAGONIS DAN PROTAGONIS PADA SINETRON (Analisis Isi Pada Sinetron Munajah Cinta di RCTI dan Sinetron Cinta Fitri di SCTV)

27 310 2

Analisis Sistem Pengendalian Mutu dan Perencanaan Penugasan Audit pada Kantor Akuntan Publik. (Suatu Studi Kasus pada Kantor Akuntan Publik Jamaludin, Aria, Sukimto dan Rekan)

136 695 18

DOMESTIFIKASI PEREMPUAN DALAM IKLAN Studi Semiotika pada Iklan "Mama Suka", "Mama Lemon", dan "BuKrim"

133 700 21

KONSTRUKSI MEDIA TENTANG KETERLIBATAN POLITISI PARTAI DEMOKRAT ANAS URBANINGRUM PADA KASUS KORUPSI PROYEK PEMBANGUNAN KOMPLEK OLAHRAGA DI BUKIT HAMBALANG (Analisis Wacana Koran Harian Pagi Surya edisi 9-12, 16, 18 dan 23 Februari 2013 )

64 565 20

PENERAPAN MEDIA LITERASI DI KALANGAN JURNALIS KAMPUS (Studi pada Jurnalis Unit Aktivitas Pers Kampus Mahasiswa (UKPM) Kavling 10, Koran Bestari, dan Unit Kegitan Pers Mahasiswa (UKPM) Civitas)

105 442 24

Pencerahan dan Pemberdayaan (Enlightening & Empowering)

0 64 2

KEABSAHAN STATUS PERNIKAHAN SUAMI ATAU ISTRI YANG MURTAD (Studi Komparatif Ulama Klasik dan Kontemporer)

5 102 24

GANGGUAN PICA(Studi Tentang Etiologi dan Kondisi Psikologis)

4 75 2

Efek Hipokolesterolemik dan Hipoglikemik Patigarut Butirat

2 94 12