Hi,I have read about bit locker feature in Windows 7 and i need some clarifications for following queries. I appreciate if someone can answer.1) We cant use smart card certificates to encrypt operating system drive. Please confirm? 2) If i use USB Flash driver to encrypt operating system drive, in that case can i use smart card certificates to encrypt Fixed, removable and other partition(like D, E) drives? I know if i have TPM enabled on my hardware then i can use smart card to encrypt my fixed and removable drives.3) What certificate template i have to use to issue certificates for my smart cards ( i am using Windows Server 2003).Regardswanni.

Hi,I have read about bit locker feature in Windows 7 and i need some clarifications for following queries. I appreciate if someone can answer.1) We cant use smart card certificates to encrypt operating system drive. Please confirm? 2) If i use USB Flash driver to encrypt operating system drive, in that case can i use smart card certificates to encrypt Fixed, removable and other partition(like D, E) drives? I know if i have TPM enabled on my hardware then i can use smart card to encrypt my fixed and removable drives.3) What certificate template i have to use to issue certificates for my smart cards ( i am using Windows Server 2003).Regardswanni. Wanni,I have to correct my earlier statement.BitLocker in Windows 7 does support Smart Cards for drive encryption and recovery.1. You can use Smart Card Certificates to encrypt the OS volume2. Usually the key material for the OS volume is stored in the TPM, the key material for other disks is then stored on this encrypted volume. This has nothing to do with a USB key to boot the OS. The key material on a USB key is then combined with the key material in the TPM to construct the decryption key for the OS volume.3. The key usage attribute of the certificate must be Key Encipherment or one of the following: CERT_DATA_ENCIPHERMENT_KEY_USAGE CERT_KEY_AGREEMENT_KEY_USAGE CERT_KEY_ENCIPHERMENT_KEY_USAGE More information about BitLocker and Smart Cards can be found at http://technet.microsoft.com/en-us/library/dd875530(WS.10).aspx Ray

Hi all, I think "1. You can use Smart Card Certificates to encrypt the OS volume" is wrong - although the thread is quite old :P At least you're not able to use a smart card to encrypt the system volume via the GUI. And I do not know how you would enter the path to the certificate stored on the smartcard in an manage-bde statement. Maybe someone can give me a clue what I missed here... Thanks, kind regards MMF