BitLocker Encryption
Configure the BIOS (Basic Input Output System)
1. Before BitLocker can be enabled the Computer BIOS will need to be configured to support the service. The process for doing this depends on the BIOS manufacturer but usually pressing F2, F10 or the Del key as soon as the PC turns on (before Windows loads) will load the BIOS setup.
The TPM (Trusted Platform Module) setting should be located within the Security section of the BIOS under “TPM Security” and tick enable.
Note: If this setting is already enabled please contact the IS Helpline as the Bitlocker service may already be setup on the laptop.
2. To leave the BIOS press Esc and save settings when prompted. Make sure you save the settings before leaving the BIOS and the machine should load as normal.
Activate BitLocker
3. Locate the BitLocker service by selecting the start button (bottom left of the screen) and type “BitLocker” into the “search programs and files” section. Select the option “BitLocker Drive Encryption”.
4. Select Turn on BitLocker. If this isn’t shown or is already turned on please contact the IS Helpline. You may be prompted to enter Administrator credentials.
5. Click Next again when prompted, at this point the system will enable the TPM Security Hardware.
6. Click Next leaving everything at the default setting, you will be prompted to restart.
If you are prompted to accept configuration changes, click accept the changes.
The machine should boot into Windows and BitLocker should resume automatically.
7. Once the initialisation of the hardware has taken place click Next to continue, if you are prompted to use BitLocker with additional keys select without additional keys.
8. Insert a pendrive (USB stick) into the machine and click on save the recovery key to a USB drive click save when prompted.
9. At this point it is also strongly recommended to print the recovery key if you have a printer installed. Make sure you remove the USB stick and check it in another machine that you can see the recovery key (should be a text file).
10. Tick the Run BitLocker system check option (you will be prompted to insert the USB stick) and allow the machine to restart. Log back into Windows as normal where you will find that the BitLocker encryption process should start. If this doesn’t happen and an error message is displayed, please contact IS Helpline.
11. The encryption process can take a number of hours to complete, you can use the machine throughout this period but performance will be reduced. There may not be any indication that the encryption process is running, you can check the status by repeating step 3 again at which point the text next to the drive should say “Encrypting”.
Make sure you keep the USB stick and or printouts safe as they will be needed if anything was to happen to the drive.
This article was published on Feb 8, 2013