IT tutorials
 
Windows
 

Windows 7 : BitLocker (part 2) - How to Enable BitLocker Encryption

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
1/4/2014 8:39:37 PM

2. How to Enable the Use of BitLocker on Computers without TPM

If TPM hardware is not available, BitLocker can store decryption keys on a USB flash drive instead of using a built-in TPM module. Using BitLocker in this configuration can be risky, however, because if the user loses the USB flash drive, the encrypted volume is no longer accessible and the computer cannot start without the recovery key. Windows 7 does not make this option available by default.

To use BitLocker encryption on a computer without a compatible TPM, you need to change a computer Group Policy setting by performing these steps:

  1. Open the Group Policy Object Editor by clicking Start, typing gpedit.msc, and pressing Enter. Respond to the UAC prompt that appears.

  2. Navigate to Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives.

  3. Enable the Require Additional Authentication At Startup setting. Then select the Allow BitLocker Without A Compatible TPM check box. Click OK.

If you plan to deploy BitLocker in an enterprise using USB flash drives instead of TPM, you should deploy this setting with domain-based Group Policy settings.

3. How to Enable BitLocker Encryption

Individual users can enable BitLocker from Control Panel, but most enterprises should use AD DS to manage keys.

Note

MORE INFO CONFIGURING AD DS TO BACK UP BitLocker

For detailed instructions on how to configure AD DS to back up BitLocker and TPM recovery information, read "Configuring Active Directory to Back up Windows BitLocker Drive Encryption and Trusted Platform Module Recovery Information" at http://go.microsoft.com/fwlink/?LinkId=78953.

To enable BitLocker from Control Panel, perform these steps:

  1. Perform a full backup of the computer, and then run a check of the integrity of the BitLocker partition using ChkDsk.

  2. Open Control Panel. Click the System And Security link. Under BitLocker Drive Encryption, click the Protect Your Computer By Encrypting Data On Your Disk link.

  3. On the BitLocker Drive Encryption page, click Turn On BitLocker.

  4. On the BitLocker Drive Encryption Setup page, click Next.

  5. If the Preparing Your Drive For BitLocker page appears, click Next. If you are required to restart your computer, do so.

  6. If the Turn On The TPM Security Hardware page appears, click Next, and then click Restart.

  7. If the volume is the system volume and the choice has not been blocked by a Group Policy setting, in the Set BitLocker Startup Preferences dialog box (shown in Figure 2), select your authentication choice. The choices vary depending on whether the computer has a built-in TPM chip.

    Startup options in BitLocker

    Figure 2. Startup options in BitLocker

    The choices include the following:

    • Use BitLocker Without Additional Keys Uses the TPM to verify the integrity of the operating system at every startup. This option does not prompt the user during startup, providing completely transparent protection.

    • Require PIN At Every Startup Uses the TPM to verify the integrity of the operating system at startup and requires the user to type a PIN to verify the user's identity. This option provides additional protection but can inconvenience the user. If you choose to use a PIN, the Enter A Startup Pin page appears. Type your PIN and then click Set PIN.

    • Require Startup USB Key At Every Startup Does not require TPM hardware. This option requires the user to insert a USB key containing the decryption key at startup. Alternatively, users can type a recovery key to gain access to the encrypted system partition. If you choose to use a USB key, the Save Your Startup Key page appears. Select the startup key and then click Save.

      Note

      REQUIRING BOTH A STARTUP USB KEY AND A PIN

      The BitLocker wizard allows you to choose either a PIN or a startup USB key. If you want to use both, use the Manage-bde command-line tool. For example, to protect the C:\ drive with both using a startup key located on the E:\ drive, you would run the command manage-bde –protectors –add C: -TPMAndPINAndStartupKey –tsk E:.

  8. On the Save The Recovery Password page, choose the destination (a USB drive, a local or remote folder, or a printer) to save your recovery password. The recovery password is a small text file containing brief instructions, a drive label and password ID, and the 48-digit recovery password. Save the password and the recovery key on separate devices and store them in different locations. Click Next.

  9. On the Encrypt The Volume page, select the Run BitLocker System Check check box and click Continue if you are ready to begin encryption. Click Restart Now. Upon rebooting, BitLocker ensures that the computer is fully compatible and ready to be encrypted.

  10. BitLocker displays a special screen confirming that the key material was loaded. Now that this has been confirmed, BitLocker begins encrypting the C:\ drive after Windows 7 starts, and BitLocker is enabled.

BitLocker encrypts the drive in the background so that you can continue using the computer.
 
Others
 
- Windows 7 : BitLocker (part 1) - How to Use BitLocker with TPM Hardware
- Windows 7 : Encrypting File System (part 3) - How to Recover to an EFS-encrypted File Using a Data Recovery Agent
- Windows 7 : Encrypting File System (part 2) - How to Grant an Additional User Access to an EFS-encrypted File , How to Import Personal Certificates
- Windows 7 : Encrypting File System (part 1) - How to Encrypt a Folder with EFS, How to Create and Back Up EFS Certificates
- Windows 7 : How to Troubleshoot Authentication Issues (part 3) - How to Troubleshoot an Untrusted Certification Authority
- Windows 7 : How to Troubleshoot Authentication Issues (part 2) - How to Use Auditing to Troubleshoot Authentication Problems
- Windows 7 : How to Troubleshoot Authentication Issues (part 1) - Identifying Logon Restrictions
- Windows 7 : Authenticating Users - How to Use Credential Manager
- Windows 7 : Changing the Default Connection, Managing Multiple Internet Connections
- Windows 7 : Configuring a High-Speed Connection (part 2) - Setting Up a Fixed IP Address
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us