Versions Compared

Version Old Version 6 New Version 7
Changes made by

Courtney Burkett

Courtney Burkett

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

What is BitLocker?

BitLocker Drive Encryption is a security feature that encrypts everything on the hard drive. Device encryption helps protect your data by encrypting it. Only someone with the correct encryption key can decrypt it.

How Does BitLocker work?

BitLocker is used in conjunction with a piece of hardware called a Trusted Platform Module (TPM). The TPM is a smartcard-like module on the motherboard that is installed in many newer computers. When you enable BitLocker, a recovery key is generated.

BitLocker Requirements

To use BitLocker, your computer must meet certain requirements and be logged in as an administrator.

  • Operating systems:
    • Windows 10 - Education, Pro, or Enterprise edition
    • Windows 8 — Professional or Enterprise edition
    • Windows 7 — Enterprise or Ultimate edition (Trusted Platform Module (TPM) version 1.2 or higher must be installed and activated.)

 

Store BitLocker Information on AD

In order for a computer with TPM to store BitLocker information to AD, the OS drive has to be a GPT partition. Follow the steps below to convert the MBR drive to GPT drive. You will then need to turn on UEFI boot in the BIOS menu.

  1. Log on to your computer with an administrative user account.
  2. Run Command Prompt (as Administrator) or Powershell (as Administrator).
  3. Run MBR2GPT /convert /disk:0 /AllowFullOS 
  4. Restart your computer, press F2 to get to the BIOS menu, and change to UEFI boot. Optional: Uncheck "Allow Legacy Boot" and enable "Secure Boot". Click Exit and Save. Your computer will reboot. 
  5. After your computer restarts, log on with an administrative user account.
  6. Run Command Prompt (as Administrator) and run "gpupdate /force" to force Group Policy update. Optional: Run RSoP.msc, check GP settings on BitLocker.

 

How Do I Enable BitLocker?

If your computer meets the Windows version and TPM requirements, the process for enabling BitLocker is as follows:

  1. Click Start > Control Panel > System and Security > BitLocker Drive Encryption.
  2. Click Turn on BitLocker.
  3. BitLocker scans your computer to verify that it meets the system requirements.
    • If your computer meets the system requirements, the setup wizard continues with the BitLocker Startup Preferences.
    • If preparations need to be made to your computer to turn on BitLocker, they are displayed. Click Next.
  4.  If If prompted to do so, remove any CDs, DVDs, and USB flash drives from your computer and then click Shutdown.
  5. Turn your computer back on after shutdown. Follow the instructions in the message to continue initializing the TPM.
  6. If your computer shuts down again, turn it back on.
  7. The BitLocker setup wizard resumes automatically. Click Next.
  8. You will be prompted to restart your computer to start the encryption process. You can use your computer while your drive is being encrypted.

...