(0) exportieren Drucken
Alle erweitern

Unlocking Removable Drives on Windows XP and Windows Vista

Letzte Aktualisierung: November 2009

Betrifft: Windows 7, Windows Server 2008 R2

BitLocker protection on FAT-formatted removable drives is known as BitLocker To Go. When a BitLocker-protected removable drive is unlocked on a computer running Windows 7, the drive is automatically recognized and the user is either prompted for credentials to unlock the drive or the drive is unlocked automatically if it is configured to do so. Computers running Windows XP or Windows Vista do not automatically recognize that the removable drive is BitLocker-protected.

To allow users of these operating systems to read content from BitLocker-protected removable drives by default, an additional FAT32 drive is created that is hidden on computers running Windows 7 but is visible on computers running Windows XP or Windows Vista. This hidden drive is called the discovery drive. The discovery drive contains the BitLocker To Go Reader. With BitLocker To Go Reader, users can unlock the BitLocker-protected drives by using a password or a recovery password (also known as recovery key).

As an alternative to having BitLocker install the BitLocker To Go Reader on the removable drive, the reader can be downloaded from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=151425). You can configure the Group Policy setting Allow access to BitLocker-protected removable data drives from earlier versions of Windows to control whether the discovery drive is created and the BitLocker To Go Reader is installed on removable drives when BitLocker protection is turned on for the drive.

  • You should make sure that users unlock BitLocker-protected removable drives only on computers they trust. After the drive is unlocked, the contents of the drive and the unlock mechanism you used are exposed to the host computer and could be captured.

  • The discovery drive is formatted as unencrypted (plaintext) and with no free space. User data should not be stored on this drive.

A best practice to consider when using BitLocker To Go is requiring users to use a standard user account instead of an administrator account. This helps prevent modifications to the discovery drive's source directory (Windows\BitLockerDiscoveryVolumeContents) where the BitLocker To Go Reader (bitlockertogo.exe) application is copied from and applied to discovery drives.

The BitLocker To Go Reader is not compatible with the NTFS file system. By default, many external drives are formatted in NTFS by the operating system. If you are planning to use the BitLocker To Go Reader, format the external drives in your organization by using the exFAT file system.

Fanden Sie dies hilfreich?
(1500 verbleibende Zeichen)
Vielen Dank für Ihr Feedback.


Microsoft führt eine Onlineumfrage durch, um Ihre Meinung zur MSDN-Website zu erfahren. Wenn Sie sich zur Teilnahme entscheiden, wird Ihnen die Onlineumfrage angezeigt, sobald Sie die MSDN-Website verlassen.

Möchten Sie an der Umfrage teilnehmen?
© 2014 Microsoft