Encryption: How to manually activate Bitlocker on your Windows machine


Your Windows computer comes bundled with native BitLocker encryption software. OIT recommends that you enable BitLocker with assistance from your SCAD/DCS member or OIT Desktop Support.

OIT offers a centrally managed Princeton Encryption Service that will validate BitLocker on your computer and store the encryption recovery key in an OIT system. If you forgot your password, you can retrieve the recovery key through OIT technical support. Contact your SCAD/DCS member or OIT Help Desk at 8-4357(HELP) option #1 for more information and to enroll your computer into this service. If you decide to participate, you do not need to proceed any further with the below instructions.


Overview
BitLocker Drive Encryption is a native security feature that is available in some versions of Windows. It is a whole disk encryption solution; it encrypts everything on which Windows is installed.


Requirements
To use BitLocker, your computer must satisfy certain requirements. Contact the OIT Help Desk at 8-4357(HELP) option #1 if your computer does not meet one or more of these requirements.


Backup your computer
Before proceeding with encrypting your computer, back up your data using the Princeton CrashPlan Service.


How to manually Turn on BitLocker
The following are instructions to enable your Windows computer’s BitLocker encryption software. If you lose your recovery key, your data will be lost.


turn on

If the TPM Status does not meet the system requirements listed above, the Encryption installer displays the TPM status at the point where you choose your encryption options. The image below is an example of TPM status message:

tpm status

  1. If preparations need to be made to your computer to turn on BitLocker,  they are displayed. Click Next
  2. If your computer meets the system requirements, the setup wizard continues with the BitLocker Startup Preferences
  3. BitLocker scans your computer to verify that it meets the system requirements.
  4. If prompted to do so, remove any CDs, DVDs, and USB flash drives from your computer and then click Shutdown.
  5. Turn your computer back on after shutdown. Follow the instructions in the message to continue initializing the TPM. (The message varies, depending on the computer manufacturer).
  6. If your computer shuts down again, turn it back on.
  7. The BitLocker setup wizard resumes automatically. Click Next.
  8. If the following BitLocker startup preferences page is displayed, click Use BitLocker without additional keys.
  9. To store your recovery key, select Save the recovery key to a USB flash drive and then click Next.
  10. Leave the USB key in, select Run BitLocker system check and click continue
  11. You will be prompted to restart your computer to start the encryption process. You can use your computer while your drive is being encrypted.

 


Logging in to Your Computer

 


Regenerating a copy of your recovery key