Microsoft has provided BitLocker since the Enterprise and Ultimate versions of Windows Vista and Windows 7. The Vista release could only encrypt operating system partitions (with some extended capability through the command line tool). Windows 7 inclusion extended whole drive encryption capabilities to additional partitions and to removable drives. Encryption of removable drives was labeled BitLocker to Go. BitLocker has also been included within both professional and enterprise versions of Windows 8, 8.1, and 10. The ability to encrypt removable drives is included within all versions of BitLocker since Windows 7 Enterprise.
The BitLocker to Go reader was created simultaneous to the Windows 7 release to enable customers with Windows XP or Windows Vista systems to read removable drives protected with BitLocker technology. This blog provides some BitLocker to Go reader background and directions for acquiring the reader for your use.
BitLocker to Go is enabled by clicking the alternate mouse button (right-clicking) on the drive within File Explorer (aka Windows Explorer/File Manager) and selecting Turn on BitLocker. A BitLocker encrypted removable drive may be read (or modified) on the system used to encrypt the removable drive since the encryption key is stored on the system. The encryption/decryption key will be stored in association with a TPM 1.2 (Trusted Platform Module 1.2) or newer OR a removable USB device (flash drive).
For more details regarding BitLocker requirements, options and functionality check out the newest Microsoft Technet Article “What’s new in BitLocker?” updated by Brian Lich on 5/23/2016.
You can also receive a Windows 10 BitLocker update that includes a hands-on lab in our 20697-1 Installing and Configuring Windows 10 course. Make certain that you understand the robust options for BitLocker management through the Control Panel>BitLocker Management Tool or Group Policy. Pay particular attention to BitLocker Recovery Agents and recover using a BitLocker recovery password.
In Windows 10, BitLocker capabilities are extended to encrypt data drives formatted with exFAT, FAT, FAT32 or NTFS. The one requirement is that the drive have at least 64MB of available disk space.
Microsoft continues to provide the BitLocker to Go Reader with Windows 10 for platforms running Windows Vista or Windows 7 (and Windows XP even though support has expired). Windows 7 support pages provide an overview that is referenced within Windows 10 online support.
You can still find and download the BitLocker to Go reader (bitlockertogo.exe) although it is supposed to be installed onto an external USB drive that has been encrypted with BitLocker to Go by default.
Download the BitLocker to Go Reader directly from Microsoft or use the search box on Windows 10 which took me directly to the download site.)
The original promotion for the BitLocker to Go reader stated: “The BitLocker To Go Reader is an application that provides users read-only access to BitLocker-protected FAT-formatted drives on computers running Windows XP or Windows Vista”. The reader continues to support FAT, FAT32, and reportedly exFAT and NTFS drives, although I have not attempted to use it personally on the latter two formats.
You will still need a copy of the key used to encrypt the drive, preferably delivered via a separate medium than the encrypted device.
It should also be noted that the BitLocker to Go reader merely allows you to read the contents of the encrypted drive by converting it from ciphertext to cleartext as you open the files. You will need to copy or write the files to a partition available to the local device in order to modify them. In other words, BitLockerToGo reader is NOT an encryption tool; it serves read only decryption of BitLocker encrypted drives on systems that do not directly support BitLocker.
Now go have some fun with those encrypted portable drives.
Steve teaches PMP: Project Management Fundamentals and Professional Certification, Windows 10, and CompTIA classes in Phoenix, Arizona.