BitLocker is another new security feature that helps, well, lock up all the data, or bits, on the hard drive. This feature is especially handy if your computer's hard drive is ever lost or stolen, and the purpose of this section is to give you a brief overview of this feature and of some of the key components needed.

BitLocker Drive Encryption works by encrypting the entire Windows operating system volume. The keys needed to unlock the encrypted volume are stored on what's called a Trusted Platform Module (TPM) chip, which is built into the motherboard.

Why is this significant? The encryption keys needed to unlock data on your entire Windows volume are removed from the hard drive and stored on the TPM chip. This prevents someone from stealing your hard drive, taking it to another machine, sticking it into an enclosure, and accessing all the data. The encryption keys needed to unlock this data are still back on the TPM chip, which sits on the motherboard of the laptop, which is back at your office, sans hard drive.

During Vista's boot process, the TPM releases the encryption key needed to decrypt data on the operating system volume, but only after operating system integrity has been established. (None of which is visible to the end user under most circumstances. The release of the encryption key happens without user input, unless otherwise directed by Group Policy.) This ensures that no offline tampering has taken place.

For a properly configured system, Bitlocking ...