Encryption: How to manually activate Bitlocker on your Windows machine
Your Windows computer comes bundled with native BitLocker encryption software. OIT recommends that you enable BitLocker with assistance from your SCAD/DCS member or OIT Desktop Support.
OIT offers a centrally managed Princeton Encryption Service that will validate BitLocker on your computer and store the encryption recovery key in an OIT system. If you forgot your password, you can retrieve the recovery key through OIT technical support. Contact your SCAD/DCS member or OIT Help Desk at 8-4357(HELP) option #1 for more information and to enroll your computer into this service. If you decide to participate, you do not need to proceed any further with the below instructions.
BitLocker Drive Encryption is a native security feature that is available in some versions of Windows. It is a whole disk encryption solution; it encrypts everything on which Windows is installed.
- A recovery key is generated and you can use it to gain access to your computer if you forget your password. You should save the recovery key to a USB drive in a safe place apart from your computer. After the recovery key is generated you will be prompted to restart your computer. The encryption process starts when the computer reboots.
- BitLocker is used in conjunction with a hardware component called a Trusted Platform Module (TPM). The TPM is a smartcard-like module on the motherboard that is installed in many newer computers by the computer manufacturers. BitLocker stores its recovery key in the TPM (version 1.2 or higher).
To use BitLocker, your computer must satisfy certain requirements. Contact the OIT Help Desk at 8-4357(HELP) option #1 if your computer does not meet one or more of these requirements.
- Supported operating systems
- Windows 10 - Professional or Enterprise edition
- Windows 8 - Professional or Enterprise edition
- Windows 7 - Enterprise or Ultimate edition
- Trusted Platform Module (TPM)
- For Windows 7, the Trusted Platform Module (TPM) version 1.2 or higher must be installed. It must also be enabled and activated (or turned on).
- You must be logged in as an administrator.
- You must have a USB key.
Backup your computer
Before proceeding with encrypting your computer, back up your data using the Princeton CrashPlan Service.
How to manually Turn on BitLocker
The following are instructions to enable your Windows computer’s BitLocker encryption software. If you lose your recovery key, your data will be lost.
If the TPM Status does not meet the system requirements listed above, the Encryption installer displays the TPM status at the point where you choose your encryption options. The image below is an example of TPM status message:
- If preparations need to be made to your computer to turn on BitLocker, they are displayed. Click Next
- If your computer meets the system requirements, the setup wizard continues with the BitLocker Startup Preferences
- BitLocker scans your computer to verify that it meets the system requirements.
- If prompted to do so, remove any CDs, DVDs, and USB flash drives from your computer and then click Shutdown.
- Turn your computer back on after shutdown. Follow the instructions in the message to continue initializing the TPM. (The message varies, depending on the computer manufacturer).
- If your computer shuts down again, turn it back on.
- The BitLocker setup wizard resumes automatically. Click Next.
- If the following BitLocker startup preferences page is displayed, click Use BitLocker without additional keys.
- To store your recovery key, select Save the recovery key to a USB flash drive and then click Next.
- Leave the USB key in, select Run BitLocker system check and click continue
- You will be prompted to restart your computer to start the encryption process. You can use your computer while your drive is being encrypted.
Logging in to Your Computer
- Log in with your normal Windows username and password.
Regenerating a copy of your recovery key
- Click Start, click Control Panel, click System and Security (if the control panel items are listed by category), and then click BitLocker Drive Encryption
- In the BitLocker Drive Encryption control panel, click Manage BitLocker
- Follow the instructions on the screen