Configuring BitLocker and Windows Encryption

Lab #3 - Assessment Worksheet

Configuring BitLocker and Windows Encryption

Assignment Name and Number: _Operating Systems: Hardening and Security - ISSC342_____


In this lab, you used the Microsoft Encrypting File System (EFS) to encrypt files and folders on a Windows Server 2012 machine. You documented the success or failure of your encryption efforts. You also installed Microsoft BitLocker Drive Encryption, a data protection feature that is used to resist data theft and the risk of exposure from lost, stolen, or decommissioned computers. You encrypted a data drive on the remote server and decrypt it using a recovery key.

Lab Assessment Questions & Answers

  1. Within a Microsoft Windows Server 2012 environment, who has access rights to the EFS features and functions in the server?

The user who creates the file because the encryption will be based on the password of the account.

  1. What are some best practices you can implement when encrypting BitLocker drives and the use of BitLocker recovery passwords?

With BitLocker you can have all the data encrypted at once, when you access the data and enter the decryption key you will have access until the encryption is activated again by a user or a restart of the system.

  1. What was the recovery key generated by BitLocker in this lab?


  1. How would you grant additional users access rights to your EFS encrypted folders and data files?

Using the data/folder properties it can be added the users that the creator users is allowing to access the data.

  1. What are the main differences between EFS and BitLocker?

ETS is used for securing files and folders and relies on the logged on user certificate details to encrypt on decrypt files and folders. BitLocker is used for securing the hard drive’s contents when the computer is offline and uses the computers TPM chip to store encryption keys and does not rely on individual user credentials.

  1. The customer privacy data policy in your company's data classification standard requires encryption in two places: data stored locally or on a LAN, and data stored on a laptop. Describe your solution for meeting this policy requirement.

Fort the local data or LAN I will prefer the use of the BitLocker method because it’s easier to manage and encrypt all data at once. For the laptop I prefer to use the EFS because it can be used by different users and have their own data secure at all times.

LAB #3 ScreenShots

Configuring BitLocker and Windows Encryption Image 1

Documents Folder, green in color, with the Microsoft Encryption File System.

Configuring BitLocker and Windows Encryption Image 2

“Access is denied” when another user tryes to enter the EFS of another user.

Configuring BitLocker and Windows Encryption Image 3

Comfirmation of the creation of the New Volume, disk E: .

Configuring BitLocker and Windows Encryption Image 4

Using the PowerShell to enable BitLocker on the new created drive, command used: Enable-BitLocker -MountPoint "E:" -EncryptionMethod Aes256 -UsedSpaceOnly -RecoveryPasswordProtector

Configuring BitLocker and Windows Encryption Image 5

The disk is unlocked after introducing the security key.