Skip to content Skip to navigation

Stanford Whole Disk Encryption for Windows

Overview

When you run the SWDE installer, the first step is Stanford's Device Enrollment app, a brief questionnaire which gathers basic information about your computer. If you already have responded to these questions, your previous answers are displayed.

After you complete the questionnaire SWDE steps you through the process of encrypting your hard drive. It checks your computer to make sure certain requirements are met, such as having BigFix software installed. You will need to fix, or let the installer fix, any items that are flagged before continuing.

Once your computer has been authorized to install encryption, the installer attempts to enable BitLocker,  Windows built-in encryption technology, to encrypt the whole disk. If BitLocker cannot be enabled automatically, a browser opens and displays the instructions for manually enabling BitLocker.

Before you begin

Note: You are encouraged to contact your local support organization to make sure your system is being routinely backed up prior to running the SWDE installer.

IMPORTANT: Make sure that you back up your computer or data before you start encrypting. If the disk encryption process encounters a disk error, data loss or corruption could occur.

  • Before starting the encryption, make sure your computer is on AC power and has an active network connection.
  • Depending on the size and speed of your hard drive and how many files are stored there, encryption can take from 45 minutes to two days. You may want to install the the software at the end of the day and let the encryption run over night. You can use your computer during the encryption process, but certain activities may be noticeably slower.

Download software

System requirements:

  • Operating System: Windows 7 (Enterprise or Ultimate) or Windows 8/8.1 (Professional or Enterprise)
  • Windows 8.0 and below: The Trusted Platform Module (TPM) version 1.2 or higher must be installed. It must also be enabled and activated (or turned on).

Device enrollment questionnaire

  1. Run the installer. A setup wizard guides you through the steps necessary to install the software.
  2. First, the Device Enrollment app runs, asking a series of questions regarding the use of this computer for Stanford business. If you have already answered these questions, please review the answers and make any necessary corrections.  Click Proceed Now.

    start enrollment questionaire  
  3. Next, choose whether or not you have a valid SUNet ID and then click Continue.

    query for valid SUNet ID
  4. If you have a valid SUNet ID:
    • Enter your SUNet ID and password on the WebLogin screen.

      WebLogin screen
    • You will be asked to answer some questions about this device and the types of data that is accessed and stored on it.
    • If BigFix, Stanford's patch management software, is not present on your computer, it will be installed for you.
  5. If you do not have a valid SUNet ID:
    • If you are no longer affiliated with Stanford, you are asked to remove BigFix. The BigFix uninstaller launches automatically when you exit the questionnaire.
    • If  this computer is used for Stanford work, the questionnaire is terminated. Someone with a valid SUNet ID needs to complete the questionnaire.

Encrypt

After the questionnaire is completed, SWDE steps you through the process of encrypting your hard drive.

Run the encryption installer

  1. First, your computer's Windows Update status is checked. If your computer is missing any Windows updates, a list of the missing updates displays. Click Update Windows Before Continuing.

    Windows update status
  2. Next, the Welcome window displays. Browse through the instructions and then click Next.

    Encryption Installer welcome screen
  3. Read the policy agreement and then click Next.

    policy agreement
  4. The installer runs a test on your computer to ensure that certain requirements are met before encrypting. For example, BigFix and anti-virus software must be installed and some network services need to be disabled.
    • Click Fix Items to fix these problems.
    • Click Next if the Test Results show that no items need to be fixed.

    Note: If you need to install BigFix or anti-virus software, you are directed to another website to download the software. After installing, close the browser and continue with the Encryption installation.

    test results with problems
  5. Click Configure to enable BitLocker.

    enable BitLocker
  6. The next screen describes what to expect. If you are ready to encrypt your hard drive, check I have a backup and understand the risks involved and wish to continue and then click Continue.

    acknowledge that you have a backup or understand the risk of not having one
  7. A Bitlocker recovery partition is created but your computer must be restarted to enable it. Click OK to restart your computer.
     

    If the installer cannot enable BitLocker,  an error message displays. Your default browser launches and navigates to the instruction page for manually enabling BitLocker. Follow these instructions to encrypt your computer.

    restart computer to enable BitLocker recovery partition
  8. After your computer restarts a User Account Control dialog box displays. Click Yes to let the Stanford Security Compliance program make changes to this computer.

    User Account Control dialog box
  9. If a window displays asking if you have a TPM owner password, click Clear the TPM.

    clear the TPM
  10. The screen describing what to expect displays again. Check I have a backup and understand the risks involved and wish to continue and then click Continue.

  11. Create a Bitlocker password and then click OK. You will need to enter this password whenever you restart your computer once BitLocker is enabled.
    Note: The red ball changes to green when your BitLocker password meets Stanford's security standards.

    create a BitLocker password
  12. An encryption recovery key is generated and displayed. You will need this to unlock your encrypted drive if you forget your computer password. Make a copy of the recovery key and store it in a safe place. Then, click Close.

    Encryption recovery key
  13. Click Restart Computer Now to restart your computer. Encryption will begin when your computer restarts.
    Note: Click Let me see my password to see your password in clear text before continuing. Remember this password.

    restart computer to begin encryption
  14. From this point on, you will need to enter your BitLocker password whenever you restart your computer.

    restart computer to continue installation of SWDE

Enable BitLocker manually

If the installer could not enable BitLocker, use the step-by-step instructions to enable BitLocker.

If you need help

  • If you encounter problems, please call (650) 725-4357 or submit a HelpSU request. This service is provided 24 X 7 by IT Services.
     
  • Removal of McAfee Whole Disk Encryption is a service that is available upon request. Please submit a HelpSU request to contact your local support representative who can initiate these actions from the server.
Last modified March 12, 2015