How to enable Bitlocker
1. Introduction
Windows Vista introduced a new feature called Bitlocker that can be enabled to provide volume level encryption for hard drives and is commonly used for portable devices like laptops. Bitlocker can also be used to secure server hard drive or any other machine/device. Windows 7 have expanded on the feature of Bitlocker and enables the ability to encrypt portable devices like flash drives as well.
2. Enable Trusted Platform Module (TPM)
TPM is chip that is added to the local motherboard that can be used for encryption purposes (more information can be found here http://en.wikipedia.org/wiki/Trusted_Platform_Module ) and will need to be enabled if we are using TPM based encryption. I must note that your machine does not require a TPM chip to enable bitlock as other methods can be enabled.
**Note there a many BIOS manufactures and each one may have different steps to enable TPM**
1. Reboot/Boot machine
2. Press F2 to access the BIOS setup (this may be different depending on the BIOS)
3. Scroll down to the Security section
4. Expand TPM Security
5. Select ON-> Enter
6. Press ESC -> Save/Exit changes
7. Select F2 to access the Bios setup
8. Scroll down to the Security section
9. TPM Activation -> Activate
10. Press ESC
11. Exit BIOS and boot to OS
3. Enable Bitlocker
To enable Bitlocker functionality we need to enable the group policies that provide the functionality we with to deploy like requiring a startup pin at boot.
Enable Pin
1. Start –Run –MMC (if prompted to elevate permission click continue)
2. File – > Add –Remove snap in
3. Select Group Policy Object Editor -> Add
4. Leave the default of local and click finish
5. Click OK
6. In the Local Computer Policy window expand Computer configuration -> Administrative Templates -> Windows Componets -> BitLocker Drive Encryption
7. Select Control Panel Setup: Enable advanced startup options -> Properties
8. On the properties menu – select Enabled and under Configure TPM startup Pin set the option to Allow users to create or skip
9. Click OK
10. Close the MMC Window
11. Click Start -> Settings -> Control Panel
12. Launch the BitLocker Drive Encryption icon (if prompted to elevate permission click continue)
** If you receive the warning message below please verify you have done the steps outlined in the section Enable TPM (Dell D620) **
- If you have not installed the Bitlocker/EFS update please see section 3.1 – Preparing Your Drive.
14. Select the Turn On Bitlocker icon
Note: Once you have encrypted your system drive you will be able to encrypt other volumes
15. The initialization screen is presented
16. On the Set Bitlocker startup preferences select the Require PIN at every startup
17. Input a pin that has a minimum of 4 numbers
18. Click SET PIN
19. Select Save the password in a folder
Note: This key cannot be stored on the drive you are encrypting, as this may be needed if a recovery scenario occurs
20. After saving the files click Next
21. Leave the default to run a system check and click continue
22. Select Restart Now to reboot and start the bitlocker process
23. On reboot you will be prompted to enter your Bitlocker pin to boot the computer
24. If you have additional drives please go back to step 13 and repeat the required steps for the additional drives
3.1 Preparing Your drive
1. Select “Setup your hard disk for BitLocker Drive Encryption”
2. Run Windows Update and download “Bitlocker and EFS enhancements”
3. Launch the “BitLocker Drive Preparation Tool”
4. Click “I Accept” on the BitLocker Drive Preperation Tool
5. Click “Continue”
6. Allow the drive preperation to complete
7. click “Finish”
8. Click “Restart Now” to reboot the computer
9. After the reboot, you are returned to the screen presented in Section 3 – Enable BitLocker, Step 14
![[Google]]( http://www.exchange-genie.com/wp-content/plugins/easy-adsenser/google-light.gif)
September 29th, 2011 at 11:16 pm
Thank you very much, you save my life.