Skip to content Skip to navigation

Enable BitLocker

IT Services recommends that you enable  BitLocker with assistance from an IT support professional.

Overview

BitLocker Drive Encryption is a native security feature that is available in some versions of Windows. It is a whole disk encryption solution; it encrypts everything on the drive that Windows is installed on.

When you enable  BitLocker, you create a personal identification number (PIN), which you need to enter every time you start up your computer. A  recovery key is also  generated. You can use the recovery key to gain access to your computer if your forget your password. You should print the recovery key and store it in a safe place., apart from your computer. After the recovery key is generated you will be prompted to restart your computer. The encryption process starts when the computer reboots.

BitLocker is used in conjunction with a hardware component called a Trusted Platform Module (TPM). The TPM is a smartcard-like module on the motherboard that is installed in many newer computers by the computer manufacturers. BitLocker stores its recovery key in the TMP (version 1.2 or higher).

Requirements

To use BitLocker, your computer must satisfy certain requirements:

  • Supported operating systems:
    • Windows 8 — Professional or Enterprise edition
    • Windows 7 — Enterprise or Ultimate edition
  • The Trusted Platform Module (TPM) version 1.2 or higher must be installed. It must also be enabled and activated (or turned on).

Additional requirements:

  • You must be logged in as an administrator.
  • You must have access to a printer to print the recovery key.

Check your version of Windows

To find out the version of Windows you are running:

  1. Click the Start button.
  2. In the Search box, type winver.
  3. If the version displayed is not one of the versions listed above, BitLocker is not available on your computer. Instead, use McAfee Endpoint Encryption for whole disk encryption.

    Windows version

Check your TPM status

If the TPM does not meet the system requirements listed above, the Encryption installer displays the TPM status at the point where you choose your encryption options.

  • Example of TPM status message::

    TMP disabled

Contact your local IT support if you want to enable BitLocker but need assistance with enabling and activating the TPM.

Enabling BitLocker

If your computer meets the Windows version and TPM requirements, the process for enabling BitLocker is as follows:

  1. Click Start , click Control Panel, click System and Security (if the control panel items are listed by category), and then click BitLocker Drive Encryption.
  2. Click Turn on BitLocker.

    turn on BitLocker
  3. BitLocker scans your computer to verify that it meets the system requirements.
    • If your computer meets the system requirements, the setup wizard continues with the BitLocker Startup Preferences in step 8.
    • If preparations need to be made to your computer to turn on BitLocker,  they are displayed. Click Next.
    preparations to enable BitLocker
  4. If prompted to do so, remove any CDs, DVDs, and USB flash drives from your computer and then click Shutdown.

    message to remove CDs, DVDs, or USB drives and then shut down
  5. Turn your computer back on after shutdown. Follow the instructions in the message to continue initializing the TMP. (The message varies, depending on the computer manufacturer).

    restart message
  6. If your computer shuts down again, turn it back on.
  7. The BitLocker setup wizard resumes atomically. Click Next.

    BitLocker wizard resumes
  8. When the BitLocker startup preferences page is displayed, click Require a PIN at every startup.

    BitLocker startup preferences
  9. Enter a PIN from 8 to 20 characters long and then enter it again in the Confirm PIN field. Click Set PIN.
    Note: You will need to enter your PIN each time you start your compter.

    set PIN
  10. To store your recovery key, select Print the recovery key and then click Next.
    Note: Make sure your computer is connected to a printer.

    select where you want to store your recovery key
  11. Print a copy of your recovery key.

    print recovery key
  12. You will be prompted to restart your computer to start the encryption process. You can use your computer while your drive is being encrypted.

Logging in

Enabling BitLocker will change the way you log in to your system. You need to enter your PIN at every startup, prior to entering your password. This is designed to provide an additional layer of security for your data.

Changing your PIN or regenerating a copy of your recovery key

Once you have created your PIN, you can change it in the BitLocker Drive Encryption control panel You can also regenerate a new copy of your recovery key if you lose the printed copy.

  1. Click Start , click Control Panel, click System and Security (if the control panel items are listed by category), and then click BitLocker Drive Encryption.
  2. In the BitLocker Drive Encryption control panel, click  Manage BitLocker.

    BitLocker Drive Encryption control panel
  3. Follow the instructions on the screen.

Turning off BitLocker

If you want to decrypt your hard drive, all you need to do is turn off BitLocker. To turn off BitLocker you must be logged in as an administrator.

  1. Click Start , click Control Panel, click System and Security (if the control panel items are listed by category), and then click BitLocker Drive Encryption.
  2. In the BitLocker Drive Encryption control panel, click Turn Off BitLocker.

    BitLocker Drive Encryption control panel
  3. Click Decrypt Drive to start the decryption process.

    start decryption
Last modified April 19, 2013