For the enterprise customer one of the greatest integrated features in Windows Vista was the new BitLocker technology. However it was limited to only encrypting the local hard drives. Now, in Windows 7, Microsoft has introduces BitLocker to Go, which is a form of BitLocker for mobile/removable media. It enables full drive encryption with either smartcard authentication or password protection. The password can be separate than your network logon credentials, and also can have their own password policies applied gia Group Policy. Even more, it is backward compatible with prior versions of Microsoft Windows, however the data is read-only. To write data to a BitLocker to Go disk, you must be running Windows 7.
And as with Encrypted File System (EFS) back in Windows 2000, you’ll need to carefully plan your data recovery system should a user forget their password. Just as with EFS you can utilize a recovery key, but you must configure and enforce this in advance. Otherwise, if you do not intentionally set this up the users can begin using BitLocker without a recovery key and risk loosing data if they forget their password for the drive. This is especially risky since you can enable your local computer to remember the password, so really the only time you’ll use the password is when attempting to access the drive from another system. From this standpoint, it may be a good idea to configure GPO now for the Windows 7 .admx files to prohibit BitLocker to Go until a formal policy can be established.