BitLocker

BitLocker

BitLocker is an encryption feature available in Ultimate and Enterprise versions of Windows 7 and Vista.

Enable BitLocker

You can use BitLocker to encrypt an entire fixed drive, such as the local drive Windows is installed on or an internal data drive.

To encrypt an entire drive, simply right-click on the drive and select Turn on BitLocker from the context menu.

If you get a TPM security error, please scroll down the page to see how to overcome this

Next you’ll need to choose a secure password that will be used to access the drive



You’re prompted to store the recovery key which is used in the event you lose your password or smartcard. If you store it as a file make sure that it’s not on the same drive that you’re encrypting



You’re prompted to store the recovery key which is used in the event you lose your password or smartcard. If you store it as a file make sure that it’s not on the same drive that you’re encrypting



You’re prompted to store the recovery key which is used in the event you lose your password or smartcard. If you store it as a file make sure that it’s not on the same drive that you’re encrypting



The drive icon will change to show it’s encrypted with BitLocker, where the gold lock indicates it’s locked up and the grey lock is displayed after you have unlocked it



Use BitLocker on a Drive Without TPM

What happens if you get this error…and what is a TPM anyway? TPM stands for Trusted Platform Module which is a microchip in a computer that supports advanced security features. It’s where BitLocker stores the encryption key. If you have a drive that doesn’t have a compatible TPM then you’ll need to use the following steps and have a flash drive



Enter in gpedit.msc in the search box of the Start menu and hit Enter



Under Local Computer Policy navigate to Computer Configuration Administrative Templates Windows Components Bit Locker Drive Encryption Operating System Drives and double click on Require additional authentication at startup



Enable the feature and check the box next to Allow BitLocker without a compatible TPM, click Apply and Ok, and close out of Local Group Policy Editor



Go back to the hard drive you want to encrypt and turn on BitLocker. A restart will be required to prepare the disk, and at this point make sure the flash drive is plugged in



After the restart you’re prompted to use the startup key on the flash drive every time you start the computer



After the restart you’re prompted to use the startup key on the flash drive every time you start the computer



After that the process is as we showed above. This method may not be as convenient but at least you don’t have to go out and buy a new system that includes a TPM