Windows 8

1. Windows 8 2. Module 1 - Installing and Deploying Windows 8. 3. Windows 8 editions. 4. Advantage of 64 bit Processor. 5. Minimum hardware requirement for Windows 8 6. Option for installing Windows 8 7. Installation of Windows 8 8. Upgrading and Migrating to Windows 8 9. What is Upgrading 10. What is Migration 11. Migrating User Data and Settings 12. Migrating using USMT ( User State Migration Tool ) 13. MBR - Master Boot Record 14. GUID - GPT Disk. 15. Disk Management tools. 16. Simple Volume 17. Spanned and Striped Volumes 18. Maintaining Disks, Partitions, and Volumes 19. Disk Quota 20. Device Driver in Windows 8 21. System Restore 22. LAST KNOWN GOOD CONFIGURATION 23. Configure and Trouble shoot Network Connections 24. What is an IPv4 Address 25. Default Gateway 26. Public and Private IPv4 Address 27. IPv6 Network Connectivity 28. IPv4 Address can be assigned by following types 29. Implementing Name Resolution 30. Trouble Shooting Network Connectivity 31. Implementing Wireless Security 32. Wireless network Technologies 33. What is Wireless Broadband? 34. IEEE 802.11 35. Wireless Network Configuration 36. Security Types 37. Implementing Network Security. 38. Configuring Windows Firewall 39. Ports and Application 40. Important Application, Protocol and Port Number 41. Configure Inbound and Outbound Rules 42. Securing Network traffic 43. Configuring Windows Defender 44. Managing File Access 45. NTFS Standard permission for FOLDER 46. Preventing Permission Inheritance 47. Different ways to Share Folder 48. RULE for setting NTFS + SHARE PERMISSION 49. Managing Printers 50. SkyDrive 51. Securing Windows 8 Desktop 52. User Account Types and Rights 53. Windows Authentication Methods 54. Important Security Features in Windows 8 55. Managing EFS Certificates 56. BitLocker 57. Configuring BitLocker To Go 58. UAC - User Account Control 59. Configuring Application. 60. Application Compatibility Issue 61. Resolve Common Application Compatibility Issues 62. Office 365 63. Windows Store 64. LOB (Line Of Business) and Sideloading 65. Configuring Internet Explorer Settings 66. AppLocker 67. Optimizing and Maintaining Windows 8 Client Computers 68. Performance Monitor 69. Commonly used Performance Counters 70. Resource Monitor 71. Managing Reliability of Windows 8 72. Managing Windows 8 Updates 73. Configuring Mobile Computing and Remote Access 74. Tools for Configuring Mobile Computers and Device Setting 75. Configure VPN Access 76. Data encryption 77. VPN Tunneling Protocols 78. Configure Remote Desktop and Remote Assistance 79. Remote Assistance 80. DirectAccess 81. Hyper-V 82. VHD 83. Managing Snapshot 84. Troubleshooting and Recovery Options for Windows 8 85. Enable and configure Windows 7 File Recovery 86. Advance Troubleshoot now option 87. Windows 8 System Restore 88. Using Windows PowerShell
Pr.Pg Next Pg

BitLocker tutorials

Description: BitLocker icon.png

  • Windows BitLocker Drive Encryption is full disk encryption feature included with Ultimate and Enterprise Edition of Microsoft Windows Vista, Windows 8, Windows 8 Pro and Windows 8 Enterprise desktop operating system and Windows Server 2008, 2008 R2 and Windows Server 2012 Server operating system.

  • It is designed to protect data by providing Encryption for entire Volume.

  • By default it used the AES encryption algorithm in CBC mode with 128 bit key.

  • BitLocker provide integrated solution in Windows 8 to data in case of lost, stolen, or decommissioned computer.

  • It ensures that data stored on a computer remains encrypted, even if someone tempers with the computer when the operating system is not running.

  • BitLocker helps mitigate unauthorized data access by enhancing Windows file and system protections.

  • BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.

 

  • BitLocker Drive Encryption performs two functions that provide both offline data protection and system integrity verification.

    • Encrypts all data stored on the Windows operating system volume and configured data volumes. BitLocker also provides protection for non-Microsoft applications when they are installed on the encrypted volume.

    • BitLocker Is configured by default to use TPM (Trusted Platform Module) to ensure the integrity of start-up components, which operating system uses in the start-up process. It locks any BitLocker-protected volumes, if someone tampers with the computer when the operating system is not running.

How BitLocker Verify System Integrity.

  • BitLocker uses the TPM to verify the integrity of the start-up process by checking boot file integrity has been maintained. It ensures that there has been no modification of those files, such as with boot sector viruses or root kits.

  • Any software that try to start the system does not have access to the decryption keys for the Windows operating system volume, thus it provides Enhancing protection.

  • If it monitor files have been tampered with, the system does not start it Locks the system. This alerts the user about the tampering system fails to start as usual. In such case that system lockout occurs, BitLocker offers a simple recovery process.

  • In conjunction with the TPM, BitLocker verifies the integrity of early start-up components; it prevents additional offline attacks, such as attempts to insert malicious code into those components.

 

Using BitLocker To Go with Removable Drives

  • BitLocker To Go provides enhanced protection against data theft and exposure by extending BitLocker drive encryption support to removable storage devices, such as USB Pen drives.

  • In Windows 8, users can encrypt their removable media by opening Windows Explorer, right-clicking the drive, and clicking Turn On BitLocker. They will then be asked to choose a method to unlock the drive. These options include:

• Password: This is a combination of letters, symbols, and numbers the user will enter to unlock the drive.

• Smart card: In most cases, a smart card is issued by your organization and a user enters a smart card PIN to unlock the drive.

 

  • After choosing the unlock methods, users will be asked to print or save their recovery password. This is a 48-digit password that can also be stored in AD DS and used if other unlocks methods fail such as when a password is forgotten. Finally, users will be asked to confirm their unlock selections and to begin encryption.

  • When you insert a BitLocker-protected drive into your computer, Windows will detect that the drive is encrypted automatically, and then prompt you to unlock it.

 

Difference between BitLocker and EFS

 

BitLocker

EFS

Encrypts entire Volume which includes Operating System volume, Windows System Files and Hibernation File.

Encrypts Files and Folders

Does not require User Certificates. It depends upon Computer Motherboard TPM BIOS.

Requires User Certificate

Protects the Operating system files from modification.

Does not protect operating System Files.

 

  • Windows 7 and Windows 8, drives are automatically prepared for use by BitLocker. In Windows Vista, users are required to manually partition their hard drive.

  • Windows 8 creates the system partition on the hard drive automatically. This partition does not have a drive letter and it is not visible in Windows Explorer, so users will not be able to write to it.

  • In a default installation, a computer will have a separate system partition and an operating system drive.

  • The system partition requires only 100 Megabytes for Windows 7 and Windows 8

  • You can use BitLocker to encrypt operating system drives, fixed data drives, and removable data drives in Windows 8.

  • When you use BitLocker with operating system drives, you must format the drive with the NTFS file system.

  • AS BitLocker stores its own encryption and decryption key in a hardware device that is separate from the hard disk, you must have one of the following:

1)     A computer with TPM (Trusted Platform Module) version 1.2 or

2)     A removable USB Pen drive.

 

1) TPM - Trusted Platform Module.

 

  • TPM is a specialized Chip that manufacturer can install on computer motherboard for purpose of hardware authentication.

  • The primary scope of a TPM is to assure the integrity of a platform. TPM accomplishes this by storing information specific to host system such as encryption keys, digital certificates and passwords. Start the power-on boot process from a trusted condition and extend this trust until the OS has fully booted and applications are running.

  • Though this technology was made available since 2006, very few motherboards are shipped with TMP 1.2.

  • Determine if a Computer has a TPM version 1.2 Chip

  • BitLocker does not require a TPM. However, TPM 1.2 provides the additional security of prestart up system-integrity verification.

 

2) A removable USB Pen drive.

  • If computers do not have TPM 1.2, you can still use BitLocker to encrypt the Windows operating system volume using USB Pen Drive.

  • User needs to insert a USB start-up key to start the computer or resume from hibernation.

  • Additionally, BitLocker offers the option to lock the normal start-up process until the user supplies a PIN or inserts a removable USB Pen drive that contains a start-up key.

  • This security measure provides a multifactor authentication and assurance that the computer will not start or resume from hibernation until the correct PIN or start-up key is presented.

 

Hardware Requirements to turn on BitLocker Drive Encryption

1) Computer's hard drive must have the space necessary for Windows 8 to create the two disk partitions: one for the system volume and one for the operating system volume.Here System volume includes the drive on which you install Windows. BitLocker encrypts this drive and it is not assigned drive letter.

Operating system volume is partition created as needed, when you enable BitLocker in Windows 8. This partition remains unencrypted so that you can start the computer. This partition must be 100 MB, and you must set it as the active partition.

2) Computer BIOS that is compatible with TPM or supports USB devices during computer start-up. The BIOS must be TCG (Trusted Computing Group) compliant. It must be set to start first from the hard disk, and not the USB or CD drives and able to read from a USB flash drive during start-up.

 

Exercise Steps to determine if a computer has a TPM version 1.2 chip

  • Open Control Panel, click System and Security, and then click BitLocker Drive Encryption.

  • In the lower left corner, click TPM Administration. The Trusted Platform Module (TPM) Management on Local Computer console opens. If the computer does not have the TPM 1.2 chip, the “Compatible TPM cannot be found” message appears.

  • As we don’t have TPM 1.2 competent module we will configure to use BitLocker without TPM.

  • There are various Group Policies that you need to know. Using these policies setting helps enforce standard deployment of BitLocker Drive Encryption in you organization.

Click Windows Key + R to select Run

Type gpedit.msc to start Local Group Policy Editor.

Expand Computer Configuration

Administrative Templates

Windows Components

BitLocker Drive Encryption

  • It gives options to set policies for Fixed Data Drive, Operating System Drives, Removable Data Drives.

  • Select Operating System Drive and select Require additional authentication at start-up option. (This option is supported on At least Windows Server 2008 R2 or Windows 7). If you are working on Windows Server 2008 or Windows Vista select next option Require additional authentication at start-up (Windows Server 2008 and Windows Vista).

  • This option allows you to configure BitLocker with or without using TPM (Trusted Platform Module).

 

Description: bitlocker-1

 

  • As we want to use BitLocker without a TPM, select ž Allow BitLocker without a compatible TPM (requires a password or a start-up key on a USB flash drive).

 

Description: bitlocker-2

 

  • Click Ok.

  • Close the Local Group Policy Editor.

  • As you have changed the policy setting so that you can use a startup key instead of a TPM. To force Group Policy immediately, press Windows Key + R, Select Run and type gpupdate.exe /force, and then press Enter.

  • Assume you need to turn BitLocker On C: drive, in Select Computer and Right Click C: drive and click Turn on BitLocker.

  • If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

  • To keep your data more secure, On the Set BitLocker Startup Preferences page, you can choose between Insert a USB Flash drive or Enter a Password option. If you choose to insert Enter Password you will be prompted to enter Password and Reenter it for confirmation. If Choose to insert a USB flash disk Insert your USB Pen drive in the computer, if you have not done so already. On the Save your Startup Key page, choose the location of your USB Pen drive, and then click Save.

  • Next it will open on the How you want to back up your Recovery key page. If you lost USB pen drive or Earlier password, it is good idea to have more than one and keep it in safe place. It gives following choice.

Save to your Microsoft Account.

Save the USB Flash drive: Saves the password to a USB Pen drive.

Save to a file: this option will Saves the Recovery password to a file at location specified.

Print the Recovery Key - this option will Prints the Recovery Key , keep it in safe custody.

  • Use one or more of these options to preserve the recovery password. For each, select the option, and then follow the wizard steps to set the location for saving or printing the recovery password.

  • Note:- Do not store the recovery password and the startup key on the same Pen Drive, because if startup Pen drive goes missing, you will not be able to recover.

  • When you have finished saving the recovery password, click Next.

  • On the Choose how much of your drive to Encrypt. Choose between Encrypt used disk space only, this option will be faster and best for new computer or ¤ Encrypt Entire drive, this option will be slower but best for computer already in use. Click Next.

  • In next page Are you ready to encrypt this disk. ž Run BitLocker System Check, and then click Continue.

  • Confirm that you want to restart the computer by clicking Restart Now. The computer restarts, and BitLocker verifies whether the computer is BitLocker-compatible and ready for encryption. If it is not, you will see an error message alerting you to the problem before encryption starts.

  • If the computer is ready for encryption, the Encryption in Progress status bar is displayed. You can monitor the ongoing completion status of the disk-volume encryption by dragging your mouse cursor over the BitLocker icon, which is in the notification area at the bottom of your screen. You also can click the Encryption icon to view the status.

  • Once you complete the procedure, you have encrypted the operating system volume and created Recovery Password unique to that volume.

  • Every time when you start your computer, you will need to plug the USB Pen drive if you have chosen to save BitLocker password on Pen Drive, otherwise you have to enter BitLocker Password to unlock this drive.

 

 

Pr.Pg border                                              Next Pg