unlock!the!drive!whenever!it!is!started.! ! Locating!the!section!of!the! ... The!
following!screen!shot!shows!the!BIOS!location!on!a! Dell!Latitude!D630!laptop.
!
Encrypting*a*Windows*7*Hard*Disk* with%Bitlocker%Disk%Encryption! ! ! ! ! ! ! ! ! ! This!document!contains!the!necessary!steps!to!encrypt!the!contents!of!a!hard!drive! using!Bitlocker!and!Windows!7.! ! The!following!instructions!are!derived!from!documentation!at:! ! http://technet.microsoft.com/en1us/library/cc731549(v=ws.10)! http://technet.microsoft.com/en1us/library/dd835565(v=ws.10)! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! 5!November!2012! David!Anderson! Lou!Arminio! ! ! ! 1!
!
Ensure!System!has!a!TPM!Chip!
! Enter!the!BIOS!of!the!system!to!verify!the!presence!of!a!Trusted!Platform!Module! (TPM)!chip.!!The!TPM!chip!stores!the!authentication!key!for!the!encrypted!drive.!! While!Bitlocker!will!work!on!a!system!that!does!not!have!a!TPM!chip,!this!will! require!the!system!user!to!insert!a!USB!flash!drive!into!the!computer!in!order!to! unlock!the!drive!whenever!it!is!started.! ! Locating!the!section!of!the!BIOS!that!shows!and!allows!configuration!of!the!TPM! chip!will!vary!by!system.!!The!following!screen!shot!shows!the!BIOS!location!on!a! Dell!Latitude!D630!laptop.! ! ! ! !
!
!
!
! ! ! 2!
!
Activate!the!TPM!Chip!
! Before!telling!the!system!to!start!encryption,!it!will!be!necessary!to!activate!the!TPM! chip.!!This!is!a!twoQstep!process.!!First,!ensure!the!TPM!Security!setting!is!“On”.!!If!it! is!not,!enable!the!check!box!and!click!“Apply.”! !
! Changing!this!value!will!require!a!reboot.!!Save/Exit!the!BIOS!setting!screen,!then! reenter!the!BIOS!for!the!next!step.!!! ! !
! ! ! 3!
!
! !
Activate!the!TPM!Module!
! Next,!go!to!the!TPM!Activation!settings!and!activate!the!TPM!Module.! !
! Changing!this!value!will!require!a!reboot.!!Save/Exit!the!BIOS!setting!screen,!then! reenter!the!BIOS!for!the!next!step.!!! ! !
! ! ! 4!
!
!
Verify!System!Boot!Order!
! Another!important!setting!to!verify!is!the!boot!order!of!the!system.!!If!the!system!is! set!to!attempt!to!boot!from!a!USB!devices!before!the!internal!HDD,!attempting!to! verify!a!saved!recovery!key!will!fail,!and!the!encryption!process!will!have!to!be! restarted!(which!will!generate!a!new!recovery!key,!which!will!again!need!to!be! saved).! !
! Once!BIOS!settings!are!properly!set,!(should!not!require!another!restart),!allow! Windows!to!start.! ! ! !
! ! ! 5!
!
!
Start!Bitlocker!Encryption!
! Log!on!to!Windows!using!an!NAU!domain!account!with!administrator!privileges!on! the!computer.!!Go!to!Start!Q>!Control!Panel!Q>!System!and!Security!Q>!Bitlocker!Drive! Encryption.! !
!
! Click!“Turn!on!Bitlocker”.! ! !
! ! ! 6!
! Windows!will!check!your!computer’s!configuration!to!make!sure!it!is!compatible! with!Bitlocker!(this!will!fail!if!the!TPM!was!not!previously!activated).!!Then!it!will! initialize!the!TPM!module.!!Before!beginning!to!encrypt!the!drive,!you!will!be!given! the!opportunity!to!save!the!recovery!key.!!The!recovery!key!will!automatically!be! sent!to!Active!Directory!as!part!of!Group!Policy,!but!making!a!local!copy!might!be!a! good!idea!as!well.!!Three!options!are!available!for!saving!the!key:!saving!to!USB!flash! drive,!saving!to!a!file,!and!printing!the!key.!!Any!and!all!options!may!be!selected.!! Before!choosing!whether!you!want!to!save!a!local!copy!of!the!key,!or!how!to!do!it,! you!should!consider!how!you!intend!to!safeguard!the!key.!!If!it!is!stored!on!the!drive! you!are!about!to!encrypt,!you!will!not!be!able!to!use!it!to!recover!the!drive!unless!it! is!copied!elsewhere,!since!it!will!be!inaccessible!from!that!drive!in!a!recovery! scenario.!!If!it!is!to!be!stored!on!a!USB!flash!drive!or!printed,!the!key!should!be! hidden!away!in!a!safe!location.!!It!should!NOT!be!kept!with!the!system!that!it! recovers.!!Doing!this!would!be!like!keeping!a!key!inside!the!keyway!of!the!lock.!!It! would!effectively!invalidate!the!protection!to!the!encrypted!drive.!!Once!you!have! secured!a!local!copy!of!the!key,!click!the!Next!button!to!proceed.!!! ! You!will!see!the!following!screens!as!Windows!begins!the!process.! ! !
! ! !
! ! ! ! 7!
! ! !
!
!
! ! ! 8!
!
!
! ! ! 9!
! If!you!saved!the!recovery!key!to!a!USB!flash!drive,!the!drive!will!contain!files!such!as! the!following.!!A!copy!of!your!recovery!key!will!be!automatically!saved!to!the!NAU! domain!Active!Directory!server.!!ITS!can!recover!this!key!in!the!event!of!loss.!!You!do! not!need!the!key!to!use!your!computer.!!It!is!only!necessary!if!your!hard!drive!is! moved!to!another!system.!!!
Now!you!are!ready!to!start!the!encryption!process.!!As!an!added!safeguard,!you!are! given!the!option!to!verify!the!integrity!of!a!recovery!key!if!you!stored!one!on!a!USB! flash!drive.!!Check!the!box!on!the!“Are!you!ready!to!encrypt!this!drive?”!screen!if!you! would!like!to!do!this.!!If!you!did!not!verify!that!the!HDD!will!boot!before!a!USB! attached!device,!then!this!may!not!work,!and!will!require!restarting!the!process,! including!generating!a!new!recovery!key.!!!
! If!you!decided!to!verify!the!recovery!key,!you!will!need!to!reboot!with!the!USB!flash! drive!inserted!in!the!computer.!!The!verification!does!not!take!long.! ! ! ! 10!
!
After!you!reboot,!you!will!see!a!message!originating!in!the!system!tray!area!of!the! screen!(typically!the!lower!right)!indicating!encryption!is!in!progress.!!You!can! verify!this!by!going!to!the!system!tray!and!clicking!on!the!icon![get!screen!shot].!!You! will!see!a!window!like!this.!
Encryption!will!take!place!in!the!background!and!the!system!can!be!used!while!this! is!taking!place.!!There!will!be!a!slight!degradation!in!performance,!but!may!not!be! that!noticeable!depending!on!the!activities!you!perform.!!!
! ! ! 11!
!
The!system!may!take!up!to!eight!hours!or!more!to!encrypt.!!Factors!which!affect!this! time!are!size!of!the!hard!disk,!speed!of!the!CPU,!and!whether!it!is!being!used!while! encryption!is!taking!place.!!If!the!system!is!shut!down!encryption!will!resume!after!it! is!restarted.!!Be!sure!to!check!the!system!tray!to!ensure!encryption!is!running!after!a! restart.!!Once!the!hard!disk!is!encrypted,!success!can!be!verified!by!going!to!Control! Panel,!System!and!Security,!Bitlocker!Drive!Encryption.!!This!screen!will!indicate! that!Bitlocker!is!turned!on!for!the!hard!drive.!
! ! ! 12!
!
Once!this!process!is!completed,!your!hard!drive!will!be!encrypted!and!your!data! only!visible!after!a!valid!Windows!login.!!If!your!computer!is!lost!or!stolen,!your!data! will!remain!protected.!!Please!note!that,!although!your!hard!drive!is!now!encrypted,! your!system!backups!will!not!be!encrypted.!!If!you!back!up!a!system!containing! sensitive!information,!you!must!secure!and!protect!your!backup!media!to!prevent! exposure!of!your!data.! !
! ! ! 13!
