Digital Meld

What is BitLocker?
Microsoft BitLocker Drive Encryption is a data protection feature in Microsoft Windows Vista Enterprise and Ultimate editions (and also Windows 7) that protects data when a computer is in unauthorized hands or is running an exploiting operating system. BitLocker does this by preventing an unauthorized user who boots another operating system or runs a software hacking tool from breaking Windows Vista file and system protections, or even viewing the files that make up the operating system itself. The same technology also cryptographically secures the hibernation file, which contains all programs and documents that were open when the computer hibernated.

Why use BitLocker?
BitLocker helps protect your data by encrypting the entire volume that holds the operating system and all of your data. This ensures that the data on that volume can only be accessed only by the live OS that is protected by your username/password or by the appropriate recovery key. For example, if your laptop is stolen the thief cannot simply remove the hard drive and attach it to another computer and view your files.

Hard Drive Preparation
For BitLocker to be enabled your hard drive must contain at least two partitions; your primary partition and the BitLocker partition. The BitLocker partition should be 1.5GB. The BitLocker Drive Preparation Tool will create this partition for you by shrinking your system drive.

Process of Enabling BitLocker

The process begins with a user who has completed the installation of Vista. This user then completes these process steps, resulting in a BitLocker encrypted laptop. 

Supported Hardware
Not all hardware models support BitLocker. To enable BitLocker your desktop or notebook must contain a TPM (Trusted Platform Module) chip. The chip is on the motherboard of your device and stores the cryptographic key that BitLocker and Windows Vista uses. For this process we are using a Lenovo X61s. Please refer to your machine’s documentation to verify that your system is indeed BitLocker compliant.

Requirements

• Windows Vista Enterprise or Ultimate editions.
• A TPM (Trusted Platform Module), version 1.2, enabled via the BIOS.
• A TCG (Trusted Computing Group) – compliant BIOS.
• If the system is a laptop it must be plugged-in either via a docking station or the standard power supply during drive encryption for BitLocker to function.
• Two NTFS disk partitions created during deployment: the system volume partition – 2.0GB and the operating system partition – remaining space is used by C:.

NOTE: The BitLocker recovery information may be saved locally, to do so it is recommended that you have a USB drive available although you may also print out the password instead. For computers on an Active Directory domain the recovery password can be backed up to AD, but only if it has been upgraded with the TPM Schema Extension (which we will cover in a future article).

Steps to Enable BitLocker
Enabling BitLocker is a multi-step process that will require several reboots and a significant amount of time so take that into consideration before beginning. The actual drive encryption portion can take up to six hours depending on your machine’s specifications and hard drive size, however you can still work on your computer as normal as the drive encrypts.

1. Enable the Trusted Platform Module (TPM)

- How you enable the TPM varies greatly depending on manufacturer due to the various BIOS types of BIOS software. Your BIOS may differ from the one shown but it shouldn’t be too difficult to navigate around and locate the TBM options. If you are unable to locate the TPM options please see your system’s support manuals for further details.

- The following image is a screen capture of the TPM option on a Lenovo X61s notebook:

2. Download and install the BitLocker Drive Preparation Tool.

- Visit the following link and download the tool. Note there are two versions, one for x86 and one for 64-bit.

- Install the tool by hitting okay and then accepting the license agreement.

3. Once the BitLocker Drive Preparation Tool is installed you need to run it. Navigate through the Start Menu or just type BitLocker into the Start Search bar like the image below.

4. Hit the I Accept to agree with the Microsoft Software License Terms and continue.

- After accepting the terms of use you are prompted to back up your critical data as the Drive Preparation Tool will automatically shrink your C: drive by 1.5GB and create the S: partition for BitLocker. Hit Continue to move on. For more information on how this is done you can view our HOW TO Shrink/Extend Partitions in Windows Vista.

- The actual shrinking of the C: drive and creating of the S: partition will only take 30-45 seconds on most machines. On the 146GB drive in the Lenovo X61s I used for this article, it took about 25 seconds to complete.

- After the Drive Preparation Tool completes hit Finish to restart the computer.

5. After the reboot the BitLocker Drive Encryption snap-in should automatically popup.

- Select Turn On BitLocker to continue.

- If for some reason it doesn’t automatically popup simply navigate to the Control Panel and open the BitLocker Drive Encryption snap-in as seen below.

- The TPM security initialization will take a few seconds to complete.

- After the TPM security initializes you will be prompted to either save your recovery password to a USB drive, a Network Folder or print your password. In this case we chose to print our password.

NOTE: If you lose your recovery password you can always re-print or re-save it from the BitLocker Control Panel snap-in.

- After printing or saving your password you can begin the drive encryption. You have the option to run a system check but I generally skip this step. Either check or uncheck the option depending on your choice and hit Encrypt to being the process.

- After starting the encryption process a progress bar will appear letting you know how far into the process you are. Once this progress bar comes up you may navigate around on your computer and resume working or browsing the web; the process can run in the background.

- The length of the encryption process will vary greatly depending on certain variables with your machine. The larger your drive is the longer the encryption will take, and the speed of the encryption process can be effected by your available systems resources. So, for the fastest results just leave your machine be and head to lunch. The 144GB drive used in the Lenovo X61s took roughly two hours to complete, although I’ve seen the process take as little as one hour and as long as four hours.

 - After BitLocker is complete you can turn it off or manage your BitLocker Keys from the BitLocker Drive Encryption control snap-in.

- As you can see from an overview of My Computer, there is now a 1.46GB S: drive where the BitLocker files are stored.

And there you have it; the entire BitLocker Drive Encryption process. From initial review of this article it may seem like a daunting task, but in all actuality the process is extremely easy… just make sure you give yourself a few hours to complete it.

No related posts.