Second, BitLocker is more convenient to share.
If a file in a folder is encrypted with an EFS encryption system, it is cumbersome to share the file on the network. If the system administrator often wants to import a user's certificate to another user's operating system, or other similar means, the file can be shared. However, if you use the BitLocker protection mechanism, it will be more convenient in this file sharing.
When a user saves a file to a drive that uses the BitLocker mechanism, it is automatically encrypted. But what happens if the user copies this encrypted file to another drive that does not use BitLocker technology? The file is automatically decrypted. At this point, other users can read as much as they have the relevant permissions. However, the premise is that the user who copied the file has the right to decrypt. The method of file encryption system processing with EFS is still similar here. However, there is still a big difference between the two parties in this file sharing. Suppose now that users want to share a file encrypted with BitLocker encryption mechanism to other users through the network. What happens to the operating system at this point? The first thing to be clear is that as long as the shared file is still on the protected drive, the file is still stored in encrypted form and the operating system does not decrypt it. Second, as long as the user allows other users to access the shared file (implemented by authorization authentication), other users can access the file. Instead of manually importing certificates to other users, like the EFS encrypted file system. That is to say, under the BitLocker protection mechanism, this authentication and authorization process is transparent to the user. This is one of the biggest improvements in BitLocker compared to the EFS file encryption system.
Third, the special protection of the operating system partition.
The EFS Encrypted File System treats system files the same as normal user files. However, in the BitLocker protection mechanism, special protection measures are taken to protect the security of system files to the greatest extent. As long as the system administrator encrypts the system partition using BitLocker technology, the system will always monitor the computer after the operating system starts, such as monitoring disk errors, BiOS changes, startup configuration file changes, etc., and can prevent this. The security risks. If the operating system detects these errors, BitLocker will automatically lock the disk drive. At this point, the system administrator needs to unlock the drive with a pre-set key. This measure prevents the operating system's files and configuration files from being modified without the system administrator's knowledge. This is useful for preventing Trojans, viruses, malicious programs, etc. from damaging the operating system.
However, when using this protection mechanism for the operating system, you need to pay attention to two points. First, when you first use the encryption protection mechanism for the system partition, you need to create an unlock password. Otherwise, the system administrator cannot unlock the operating system when it is locked by a suspicious tool. The files in this drive will also be inaccessible. So, don't forget to set an unlocked password when this drive is enabled for each drive. Second, if the TPM chip is installed in the user's computer, the password can be stored on the chip. When the system partition is locked, BitLocker will unlock the password as the chip requires. If the Windows 7 operating system is used as a server, configuring a TPM chip for this server and enabling the BitLocker protection mechanism on the system partition can largely guarantee the security and stability of the server system. It can also be seen from this that Microsoft has been continuously improving its security and stability.
In addition, if the EFS encrypted file system is used, the attacker can log in to the operating system as long as the attacker knows the account and password. At this point, the protection mechanism of the EFS encrypted file is lost. However, BitLocker has also improved in this regard. Even if the attacker knows the user's account and password, it can still take steps to protect the system files, ie BitLocker will monitor changes to the system files. If it finds that this change poses a security risk to the operating system, it takes steps to reject the change. So far, this is a feature that the EFS file encryption system cannot.
The EFS encryption system and the BitLocker encryption mechanism are quite different in terms of implementation details. BitLocker has a relatively unique performance in protecting system partitions. And it is more convenient in the management of shared files
In Windows 7 and Vista, when you download the updater, but it hasnt been installed yet, if y
According to foreign media reports, IE7 and IE8 (including Windows7 default IE8) minimum window widt
What exactly is MED-V? MED-V provides an application instance on a virtual machine, so you
Added a library concept to the Win7 system, but few friends will use it. Before I
Super Tips in Win 7: Problem Step Recorder
Win7 home version of the keyboard failure phenomenon solution in the
The extraordinary UAC new experience under win7 (1)
How to do Windows7 network delay? Experts can easily get a few strokes (1)
Win7 system can not use the online banking problem to solve
Solve the problem of parallelism in movies under Windows 7
Very useful 10 Windows 7 optimization adjustments
QQ group no sound how it happened QQ group no sound reason and solution
Two tricks to make your system speed run like fly
Install Windows 7 system must know the content
WinXP method to limit user login time
WinXP calculator function introduction
Win10 app store automatic cancellation method
Win8 system information application how to add information
How do Windows 7 systems change the date, time, and number format?
What should I do if the Win10 Firefox flash plugin crashes?
Win10 boot failure prompts "Your computer has a problem, need to restart" how to do