Like many of you, I use USB key drives all the time to move data around from device-to-device or to share data with a colleague. I also use Bit Locker to Go on those drives, especially if they are going to be out of my hands (think UPS or FedEx) to that colleague. As you may know, BitLocker is a file encryption system which allow you to protect your files by encrypting the drive those files reside on. That can be your entire hard disk in your PC, an external disk or a USB drive. So long as you have a Windows 7 or 8 Pro or Enterprise, it can be opened and read just like any other drive.
Paul Thurrott has an excellent overview of Bit Locker on WinSuperSite that I highly recommend reading.
Until today I just assumed that Windows 8.1 with Bing, the low cost version of Windows 8.1 for budget friendly tablets and laptops, could not deal with BitLocker encrypted drives. I figured out however that actually BitLocker and Windows 8.1 with Bing can indeed work together.
For the sake of this article I’m not going to distinguish between BitLocker and BitLocker to Go. The later is fundamentally the same thing as the former, only for portable drives like USB keys.
So let me lay out the basics: In order to use BitLocker you have to have a Windows device that is running Windows 7 or 8 Professional version at a minimum. On these version of Windows, in Control Panel you have the ability to enable BitLocker on your drives in your PC and external drives. Nothing new to report here and again, read Paul Thurrott’s article above for some of these basics.
When it comes to BitLocker and Windows 8.1 with Bing, you do have some BitLocker functionality which, as best I can tell in hours of research on this, seems to be completely undocumented. If it is documented somewhere, send me a link. I haven’t found this particular needle in the Interweb haystack.
If you have a BitLocker encrypted USB key and you connect to your Windows 8.1 with Bing powered device, you will be prompted to unlock that drive to access it. Once you do, you have full read/write access to it. In other words, this isn’t the BitLocker to Go Reader which allows you to read files but not interact with them on a drive.
Here then is my scenario and how I got this working.
First, I purchased a MicroUSB to USB On-The-Go cable on Amazon. It was $6.99 for two of them so not a massive investment. My idea was to simply test things on my Toshiba Encore 2 Windows tablet like a mouse and USB drives (once a geek, always a geek).
Second, I connected up the cable to my tablet then plugged in a BitLocker encrypted USB drive that I had created on my Windows
BitLocker Drive Password Entry
8.1 PC. Once it was plugged in I was immediately told by Windows it was a BitLocker drive and when I tapped on this notification, I was prompted to enter the password for the drive.
This was not the behavior I was expecting. I assumed that Windows 8.1 with Bing would simply error out and not let me access the drive. Once I entered my password, not only could I read the drive but I could create files, folders and everything you would expect to do with full read/write access.
So why isn’t this documented anywhere on Microsoft’s website or other places? Great question. I have a hard time believing I’m the first to figure this out but I’ve not found any references to it. That said, I think that it is partly due to the limitations of Windows 8.1 with Bing when it comes to BitLocker. For example, you cannot encrypt a drive from this version of Windows. If I connect a non-BitLocker encrypted USB key to my tablet and then right-click it in File Explorer, I do not see an
Windows 8.1 with Bing Control Panel
option to enable BitLocker on it. Further, there is no BitLocker option in Control Panel under System and Security like there is in Windows 8.1 Professional.
What this means then, as best I can tell, is that you can read a BitLocker encrypted drive in Windows 8.1 with Bing but you cannot create a BitLocker encrypted drive.
Initially I thought this may have to do with the TPM (Trusted Platform Module) that is built into my particular tablet but is in virtually all of them at this point (along with most PCs). I’ve not entirely ruled that out but generally the TPM comes into play when you want to encrypt the boot drive of a device. Most tablets, because they have TPM, automatically encrypt the main flash drive of the device by default. This however is not referred to as BitLocker although it is effectively the same thing.
So give this a go and see what you find on your particular tablet using BitLocker and Windows 8.1 with Bing.
Well, in fact, if you turn on TMP (with secure boot) in the bios, Win 8.1 with Bing will show the encryption option straight away.
Some tablet may make secure boot as disabled by default somehow.
I found the Key: You need to activate a full version of W8 with License Key. During Rollout, MS offered W8 for 29 Euro. This key was accepted. BTW, an encrypted SDHC Card in my HP 7 Stream was unrecognized and requested to format. There was NO WAY to secure my Data synced from Onedrve on this Navigation Device, which shall remain in my car. This would have been a total security breach, as anyone stealing the device, this guy would have unencrypted access to my core data. The Stream 7 was toosmall for my data, so I moved the home dir to the SDCH Card.
try truecrypt. that’s how I encrypt data in sd card.
I have an HP Stream 7 which I purchased from the MS Store last month. During normal poking round, I noticed the OS drive is Bitlocker enabled. I checked the Control Panel and there is no Security option. However, there is a Disk Encryption option. The only option under that selection is to backup your recovery key, either to a file or to print out the Recovery key. I have found no option to disable or turn off Bitlocker on the HP Stream 7 tablet.