How To Use BitLocker To Encrypt Win7 Drives - InformationWeek
IoT
IoT
Cloud // Cloud Storage
News
6/21/2011
05:35 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%
RELATED EVENTS
Bug Bounty Programs: The 7 Myths, Hackers, & Impact
Dec 07, 2016
Despite thousands of large and small organizations running bug bounty programs, there is still a l ...Read More>>

How To Use BitLocker To Encrypt Win7 Drives

Here’s how to encrypt your PC's system drives with the BitLocker tool, included with Windows 7 Enterprise and Ultimate editions.

The nice thing about BitLocker, bundled with Microsoft’s Windows 7 Enterprise and Ultimate editions, is it allows for the full encryption of the system drive of a PC.

BitLocker's default requires it to be installed in a system with a trusted Platform Module (TPM). If you're not dealing with a computer that has such hardware installed, you'll need to make a couple of changes to BitLocker behaviors via Group Policy.

Click Start and type gpedit.msc in the Search box. Press Enter. Navigate to Local Computer Policy >> Computer Configuration >> Administrative Templates >> Windows Components >> BitLocker Drive Encryption >> Operating System Drives.

Here is what you'll see.


Double click on Require additional authentication at startup and select Enabled. Then, check the box next to Allow BitLocker without a compatible TPM. (The other options should each be set to Allow.) Click OK.


To start the encryption process, right click on your system drive and select Turn on BitLocker.


BitLocker will scan your system to make sure the setup process can proceed. It might inform you that a new system drive will be created from free space on drive C:, which is where BitLocker’s boot-time components will be stored. After this is done, the system must reboot before you can continue.


The next phase of BitLocker's setup is configuring the startup, or decryption, key. If TPM is not present, you need to plug in a USB drive with the decryption key on it at boot time. (You can also require a PIN to be supplied at startup for additional security. To make this a requirement, scroll back up this page to the Require additional authentication at startup screen. Change Allow startup PIN with TPM to Require.)


When you select Require a Startup Key at every startup, the system will prompt you to insert a USB flash drive. This will store the decryption key. It will also prompt you to save a separate copy, called a recovery key, so you can still decrypt the drive in case your Startup key is ever lost or damaged.

NOTE: Don't save the recovery key to the same place as your Startup key. It's like putting your spare house key on the same keyring as the master key!



Before starting the encryption process, BitLocker will offer to run a system check. This ensures the Startup key is readable at boot time and that decryption works. The whole process shouldn't take more than a couple of minutes, and I strongly recommend you do this. You will then need to restart your computer.



When your system boots with the Startup key plugged in, you might see a message that says Remove disks or other media. Press any key to restart.

CAUTION: Do not remove the startup key when you see this message. If you take the key out at this time, the startup check will fail and you'll have to begin again from a much earlier step. So just press a key and continue the boot process.

Once the startup check succeeds, BitLocker will begin encrypting the system drive in the background. The encryption process might take several hours. During this time the computer will still be usable; in fact, you can even suspend, shut down or restart the PC while encryption is taking place. That said, the system will be slower to respond than usual. Don't expect to get a great deal done at this time. If you double-click on the tray icon for BitLocker, you will see a progress window for the encryption process.


Drives encrypted by BitLocker will have a lock icon. Drives you did not encrypt, such as drives for auxiliary user data (downloads, etc.), will not have the lock icon. If you decide to protect them, you can encrypt them with BitLocker as well, separately.


Based in Long Island, NY Serdar Yegululp is managing editor of reviews at BYTE. Follow him @syegulalp, or email him at Serdar.Yegulalp@BYTE.com.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll