Professional Documents
Culture Documents
BitLocker
Get Started
Backing Up Files
Turning BitLocker On
Managing BitLocker To Go
Customization note: This document contains guidance and/or step-by-step installation instructions that can be reused, customized, or
deleted entirely if they do not apply to your organizations environment or installation scenarios. The text marked in red indicates either
customization guidance or organization-specific variables. All of the red text in this document should either be deleted or replaced prior to
Page 1 of 10
distribution.
Backing Up Files
<<Organization name>> IT provides several solutions for backing up your data. Before enabling BitLocker on your computer, see the Backing
Up Your Data Work Smart Guide: << insert URL or file location >>.
Turning BitLocker On
After you join your computer to the corporate network and connect to the corporate domain, you can turn BitLocker on. BitLocker then turns on
your computers Trusted Platform Module (TPM) chip, which is a microchip that enables your computer to utilize advanced security features.
Initially, when you start BitLocker, you can create a personal identification number (PIN) that you can use each time you start your computer.
This additional protection is optional, but IT requires it if you want to use DirectAccess for remote access.
Note If youre using a Slate PC, you are not required to create a PIN.
Turn BitLocker On
1
In the Start screen, type Control Panel, and then tap or click the Control Panel app on the left side of the screen (or press
ENTER) to open it.
In the Control Panel, tap or click System and Security, and then tap or click BitLocker Drive Encryption.
In the BitLocker Drive Encryption dialog box, tap or click Turn on BitLocker.
Page 2 of 10
Note
If the Trusted Platform Module (TPM) chip on your computer hasnt been turned on, you may see additional screens that walk you
through the process of turning on the TPM chip.
In the Choose how to unlock your drive at startup screen, tap or click Enter a PIN (recommended). A PIN is required if you want
to use DirectAccess as a remote access solution.
In the Enter a PIN screen, enter a PIN, re-enter it to confirm it, and then tap or click Set PIN.
In the How do you want to back up your recovery key? screen, tap or click Save to a file.
Page 3 of 10
In the Save BitLocker recovery key as dialog box, enter <<network storage path or URL>> in the path box. After selecting the
correct folder or storage location, tap or click Save, and then tap or click Next in the How do you want to back up your recovery
key? dialog box.
In the Choose how much of your drive to encrypt screen, pick one of the options, and then tap or click Next.
Note
IT recommends that you choose the Encrypt used disk space only option for fast encryption. There is no risk of data loss.
In the Are you ready to encrypt this drive? screen, tap or click Continue.
10
When youre prompted to restart your computer, tap or click Restart now.
11
After your computer restarts, enter your BitLocker PIN, and then press ENTER.
12
Slide the Windows 8 Lock screen up, and then log on using your network password.
13
Open the Control Panel, tap or click System and Security, and then tap or click BitLocker Drive Encryption.
The BitLocker Drive Encryption dialog box shows that BitLocker is turned on (the command changes to Turn off BitLocker).
Notes
You can continue to use your computer during the encryption process.
After BitLocker is enabled, each time that you attempt to log on to your computer, you will need to enter your BitLocker PIN before
Windows starts. If you have any issues accessing your computer, contact << helpdesk contact or technical support URL>>.
If youre using a Slate PC, you are not required to create a PIN.
Page 4 of 10
Suspend BitLocker
1
Open the Control Panel, and then tap or click System and Security.
Tap or click BitLocker Drive Encryption, and then tap or click Suspend protection. When prompted to confirm, tap or click Yes.
Note
After one reboot, BitLocker is automatically turned on again.
Resume BitLocker
1
Open the Control Panel, and then tap or click System and Security.
Tap or click BitLocker Drive Encryption, and then tap or click Resume protection.
Page 5 of 10
Open the Control Panel, and then tap or click System and Security.
Tap or click BitLocker Drive Encryption, and then tap or click Turn off BitLocker.
You can continue to use your computer during the decryption process.
Page 6 of 10
Open the Control Panel, tap or click System and Security, and then tap or click BitLocker Drive Encryption.
If you havent already done so, insert the portable drive (USB drive, SC card, SD/MMC card, etc.) into the appropriate slot. The portable
drive will appear in the BitLocker Drive Encryption dialog box in the Removable data drives section.
In the Choose how you want to unlock this drive screen, select one of the following options.
If you want to use a password to unlock the drive, select the Use a password to unlock the drive check box, enter
your password twice, and then tap or click Next.
If you want to use a smart card to unlock the drive instead, select the Use my smart card to unlock the drive check
box, insert your smart card, and then tap or click Next.
Page 7 of 10
In the How do you want to back up your recovery key? screen, tap or click Save to a file.
In the Save BitLocker recovery key as dialog box, enter <<network storage path or URL>> in the path box.
Tip
BitLocker suggests a filename to use. You can edit this filename to distinguish it from any other recovery keys that you may acquire for
additional portable drives.
In the How do you want to store your recovery key screen, Windows shows that your recovery key has been saved. Tap or click
Page 8 of 10
Next.
In the Choose how much of your drive to encrypt screen, tap or click one of the options, and then tap or click Next.
Note
IT recommends choosing the Encrypt used disk space only option for fast encryption. There is no risk of data loss.
In the Are you ready to encrypt this drive? screen, tap or click Start encrypting.
An encryption progress dialog box will appear, followed eventually by a completion notice. If you remove the portable drive and then
reinsert it, you will be prompted for a password if you chose password protection. If you chose smart card protection, you will need to
insert your smart card in your smart card reader and enter your smart card PIN.
Notes
The time required to encrypt a portable drive with BitLocker To Go varies depending on the drive size, your connection speed,
and the technology you use, such as External Serial Advanced Technology (eSATA), FireWire, USB, or USB 2.0. You can continue to use
your computer during the encryption process.
Each time you attempt to use the drive, you will need to enter the password or smart card unless you set up BitLocker To Go to
unlock the drive automatically. If you have any issues accessing your drive, contact << helpdesk contact or technical support URL>>.
If you want to change the password for a portable drive or change the auto-unlock feature, see the Managing BitLocker To Go
section of this guide.
>>.
All recovery keys are stored in Active Directory and can be obtained via the self-help process in << insert URL or file location
Managing BitLocker To Go
After you encrypt a portable drive, you may want to back up or print a recovery key, change a password, remove a password, add a smart card
to unlock the drive, enable or disable the auto-unlock feature, or turn BitLocker off.
To do any of these tasks:
Open the Control Panel, tap or click System and Security, and then tap or click BitLocker Drive Encryption.
In the BitLocker Drive Encryption dialog box, select the appropriate BitLocker option.
Page 9 of 10
Note
To print this Work Smart Guide, press CTRL+P.
Windows 8
http://windows.microsoft.com/en-US/windows-8/get-started
Page 10 of 10