IT tutorials
 
Technology
 

Windows 8 : Managing BitLocker Drive Encryption (part 3) - Enabling BitLocker on System Volumes

10/8/2013 7:20:58 PM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

Enabling BitLocker on System Volumes

Before you can encrypt a system volume, you must remove all bootable media from a computer’s CD/DVD drives, as well as all USB flash drives. You can then enable BitLocker encryption on the system volume by completing the following steps:

  1. In File Explorer, press and hold or right-click the system volume, and then tap or click Turn On BitLocker. Windows checks the computer and the drive to ensure that BitLocker can be enabled. Tap or click Next.

    Note

    If BitLocker is already enabled, the Manage BitLocker option is displayed instead of Turn On BitLocker. As part of the setup, Windows prepares the required BitLocker partition, if necessary. If Windows RE is in this partition, Windows moves Windows RE to the system volume and then uses this additional partition for BitLocker.

    Note

    If the computer doesn’t have a TPM, the Allow BitLocker Without A Compatible TPM option must be enabled for operating system volumes in the Require Additional Authentication At Startup policy.

  2. As Figure 4 shows, you can now configure BitLocker startup preferences. Continue as discussed in the separate procedures that follow. If the computer doesn’t have a TPM, your options will be different. You’ll be able to create a password to unlock the drive, or you can insert a USB flash drive and store the startup key on the flash drive.

Configure BitLocker startup preferences.

Figure 4. Configure BitLocker startup preferences.

When a computer has a TPM, you can use BitLocker to provide basic integrity checks of the volume without requiring any additional keys. In this configuration, BitLocker protects the system volume by encrypting it. This configuration does the following:

  • Grants access to the volume to users who can log on to the operating system

  • Prevents those who have physical access to the computer from booting to an alternative operating system to gain access to the data on the volume

  • Allows the computer to be used with or without a TPM for additional boot security

  • Does not require a password or a smart card with a PIN

To use BitLocker without any additional keys, follow these steps:

  1. On the Choose How To Unlock Your Drive At Startup page, tap or click Let BitLocker Automatically Unlock My Drive.

  2. On the How Do You Want To Back Up Your Recovery Key? page, tap or click Save To A File.

  3. In the Save BitLocker Recovery Key As dialog box, choose the location of your USB flash drive or an appropriate network share, and then tap or click Save. Do not use a USB flash drive that is BitLocker-encrypted.

  4. You can now optionally save the recovery key to another location, print the recovery key, or both. Tap or click an option, and then follow the wizard steps to set the location for saving or printing the recovery key. When you have finished, tap or click Next.

  5. If allowed in Group Policy, you can elect to encrypt used disk space only or the entire drive and then tap or click Next. Encrypting the used disk space only is faster than encrypting an entire volume. It is also the recommended option for newer computers and drives (except in high-security environments).

  6. On the Encrypt The Drive page, tap or click Start Encrypting. How long the encryption process takes depends on the amount of data to encrypt and other factors.

To enhance security, you can require additional authentication at startup. This configuration does the following:

  • Grants access to the volume only to users who can provide a valid key

  • Prevents those who have physical access to the computer from booting to an alternative operating system to gain access to the data on the volume

  • Allows the computer to be used with or without a TPM for additional boot security

  • Requires a password or a smart card with a PIN

  • Optionally uses network unlock to unlock the volume when the computer joined to and connected to the domain.

You can enable BitLocker encryption for use with a startup key by following these steps:

  1. Insert a USB flash drive in the computer (if one is not already there). Do not use a USB flash drive that is BitLocker-encrypted.

  2. On the Choose How To Unlock Your Drive At Startup page, tap or click the Insert A USB Flash Drive option.

  3. On the Back Up Your Startup Key page, tap or click the USB flash drive, and then tap or click Save.

  4. Next, you need to save the recovery key. Because you should not store the recovery key and the startup key on the same medium, remove the USB flash drive and insert a second USB flash drive.

    Note

    The startup key is different from the recovery key. If you create a startup key, this key is required to start the computer. The recovery key is required to unlock the computer if BitLocker enters Recovery mode, which might happen if BitLocker suspects the computer has been tampered with while the computer was offline.

  5. On the How Do You Want To Back Up Your Recovery Key? page, tap or click Save To A File.

  6. In the Save BitLocker Recovery Key As dialog box, choose the location of your USB flash drive, and then tap or click Save. Do not remove the USB drive with the recovery key.

  7. You can now optionally save the recovery key to a network folder, print the recovery key, or both. Tap or click an option, and then follow the wizard’s steps to set the location for saving or printing the recovery key. When you have finished, tap or click Next.

  8. If allowed in Group Policy, you can elect to encrypt used disk space only or the entire drive and then tap or click Next. Encrypting the used disk space only is faster than encrypting an entire volume. It is also the recommended option for newer computers and drives (except in high-security environments).

  9. On the Encrypt The Volume page, confirm that Run BitLocker System Check is selected, and then tap or click Continue.

  10. Confirm that you want to restart the computer by tapping or clicking Restart Now. The computer restarts, and BitLocker ensures that the computer is BitLocker-compatible and ready for encryption. If the computer is not ready for encryption, you will see an error and need to resolve the error status before you can complete this procedure. If the computer is ready for encryption, the Encryption In Progress status bar is displayed. You can monitor the status of the disk volume encryption by pointing to the BitLocker Drive Encryption icon in the notification area. By double-tapping or double-clicking this icon, you can open the Encrypting dialog box and monitor the encryption process more closely. You also have the option to pause the encryption process. Volume encryption takes approximately 1 minute per gigabyte to complete.

    By completing this procedure, you have encrypted the operating system volume and created a recovery key unique to that volume. The next time you turn on your computer, either the USB flash drive with the startup key must be plugged into a USB port on the computer or the computer must be connected to the domain network and using network unlock. If the USB flash drive is required for startup and you do not have the USB flash drive containing your startup key, you will need to use Recovery mode and supply the recovery key to gain access to the data.

You can enable BitLocker encryption for use with a startup PIN by following these steps:

  1. On the Choose How To Unlock Your Drive At Startup page, select the Enter A PIN option.

  2. On the Enter A PIN page, type and confirm the PIN. The PIN can be any number you choose and must be 4 to 20 digits in length. The PIN is stored on the computer.

  3. Insert a USB flash drive on which you want to save the recovery key, and then tap or click Set PIN. Do not use a USB flash drive that is BitLocker-encrypted.

  4. Continue with steps 5 to 9 in the previous procedure.

When the encryption process is complete, you have encrypted the entire volume and created a recovery key unique to this volume. If you created a PIN or a startup key, you are required to use the PIN or startup key to start the computer (or the computer must be connected to the domain network and using network unlock). Otherwise, you will see no change to the computer unless the TPM changes or cannot be accessed, or if someone tries to modify the disk while the operating system is offline. In this case, the computer enters Recovery mode, and you need to enter the recovery key to unlock the computer.
 
Others
 
- Windows 8 : Managing BitLocker Drive Encryption (part 2) - Enabling BitLocker on USB Flash Drives
- Windows 8 : Managing BitLocker Drive Encryption (part 1) - Enabling BitLocker on Nonsystem Volumes
- Windows Server 2012 : Continuous availability (part 8) - Easy conversion between installation options
- Windows Server 2012 : Continuous availability (part 8) - Windows NIC Teaming
- Windows Server 2012 : Continuous availability (part 7) - SMB Transparent Failover, Storage migration
- Windows Server 2012 : Continuous availability (part 6) - Failover Clustering enhancements - Guest clustering, Configuring Fibre Channel from the guest
- Windows Server 2012 : Continuous availability (part 5) - Failover Clustering enhancements - Node drain, Cluster-Aware Updating
- Windows Server 2012 : Continuous availability (part 4) - Failover Clustering enhancements - Virtual machine monitoring
- Windows Server 2012 : Continuous availability (part 3) - Failover Clustering enhancements - VM priority
- Windows Server 2012 : Continuous availability (part 2) - Failover Clustering enhancements - Simplified cluster management, Active Directory integration
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us