A. Windows 7 includes BitLocker To Go, which takes the capability of BitLocker that performs bit-level full volume encryption and extends its use to removable storage devices such as USB keys, meaning if we lose our USB thumb drive, our data is safe. We can use the BitLocker Drive Encryption Control Panel applet to manage BitLocker To Go, or with Windows 7, a context menu item is available to turn on BitLocker directly from Windows Explorer as shown below. http://www.windowsitpro.com/content/content/101445/bittogo1.jpg

Once you turn on BitLocker, an initialization of the drive is performed, which includes creating a System Volume Information folder on the drive. You can select how the drive should be unlocked, either via a password or a smart card.

As with normal BitLocker, you'll be prompted to save a recovery key to a location or print it (you can't save the key to the device you are encrypting; that wouldn't make sense.) Once the key is saved and you click Next, the drive will start encrypting. The encryption is full volume and not data, so even if the drive is fairly empty the encryption will still take a long time.

Once the encryption is complete, when you insert a USB device encrypted with BitLocker To Go, you'll be prompted to enter the password you configured or insert the smart card. When you enter the credentials, you can specify the option to remember the password on the computer so the device will be unlocked automatically.

In addition, you can use Group Policy to only allow USB devices to be used as targets if encrypted with BitLocker To Go, otherwise the USB device will be available as read-only.