Professional Documents
Culture Documents
Work Smart: Protect Data With Windows 7 Bitlocker
Work Smart: Protect Data With Windows 7 Bitlocker
Get Started
About
Windows® 7 BitLocker® Prepare to Enable BitLocker
Microsoft BitLocker Drive Encryption technology uses the strongest publicly All new systems that <<organization >>provides are ready for BitLocker
available encryption to protect your computer’s data, and prevents others enablement. However, before you enable BitLocker, you need to join your computer
to a corporate domain (if it isn’t already joined) and ensure that you are connected to
from accessing your disk drives without authorization.
the <<organization >>corporate network. For information on joining your computer
Additionally, the BitLocker To Go® feature prevents unauthorized data to a corporate domain, see the Joining a Windows 7 System to a Domain Work Smart
access on your portable storage devices, including Universal Serial Bus Guide:
(USB) flash drives, also known as “thumb drives.” << Insert Joining a Windows 7 System to a Domain Work Smart Guide file location
Topics in this guide include: or URL>>
Start BitLocker
Initially, when you start BitLocker, you can create a personal identification number
(PIN) that you can use each time you start your computer, or you can designate a
startup key that you must enter each time that you attempt to access a USB drive.
This additional protection is optional, but is recommended. If you are going to use
DirectAccess as your remote-connectivity software solution, you must create a PIN.
To start BitLocker and create a PIN or startup key:
1 Click Start , click Control Panel, click System and Security, and then
click BitLocker Drive Encryption.
2 Ensure your computer’s TPM is turned on. To do this, look for a TPM
Administration link in the lower-left corner of the window under See
also.
Important
<<Organization >> recommends using a PIN or startup key because
it is the most secure option. You must create a PIN if you are going to
If you do not see this link, the TPM is not on. For assistance in turning it on,
use DirectAccess as your remote-connectivity software solution.
contact << helpdesk contact or technical support URL>>.
5 On the Enter a numeric startup PIN page, in the PIN field, type a number
3 Click Turn On BitLocker. that is between 5 and 20 digits in length. The longer your PIN number, the
more secure your computer will be.
6 In the Confirm PIN field, retype the number.
7 Click Set PIN.
4 On the Set BitLocker startup preferences page, click Require a PIN at every
startup.
8 On the How do you want to store your recovery key? page, click one of Notes
the following options:
• Save the recovery key to a file. Microsoft IT recommends this option, • BitLocker will encrypt your hard-disk drive in approximately one to three
which enables you to save your password to a network file-share folder, hours, depending on its size. You can continue to use your computer during
such as My Site. the encryption process.
• Print the recovery key. • After BitLocker is enabled, each time that you attempt to log on to your
computer, you will need to enter your BitLocker PIN before Windows starts.
If you have any issues accessing your computer, contact
<< helpdesk contact or technical support URL>>.
1 Click Start , click Control Panel, click System and Security, and 16 Insert the portable drive (USB drive, SC card, SD/MMC card, etc.) into the
then click BitLocker Drive Encryption. appropriate slot.
14 Click Resume Protection. 17 Click Start, click Control Panel, click System and Security, and then
click BitLocker Drive Encryption.
18 Click Turn On BitLocker next to the portable storage device that you want
to encrypt.
19 In the Choose how you want to unlock this drive dialog box, select one of
the following options.
BitLocker will decrypt your hard-disk drive in approximately 1–3 hours, depending
• If you want to use a password to unlock the drive, select the Use a
on the hard-disk size. You can continue to use your computer during the encryption
password to unlock the drive check box, enter your password twice,
process.
and then click Next.
• If you want to use a smart card to unlock the drive instead, select
Encrypt a Portable Drive with the Use my smart card to unlock the drive check box, insert your
BitLocker To Go smart card, and then click Next.
When you encrypt a portable drive with BitLocker To Go, you can set it to unlock by Important
using a password or your smart card.
Create a password with 8–12 characters. It is recommended that you use
1 Connect to the corporate network. an easy-to-remember passphrase and change certain letters to caps
or obvious special characters. Entering a password is a one-time event.
2 Decide whether you want to use password protection or smart card
You will not need to change or reset it unless you want to.
protection..
20 In the BitLocker Drive Encryption dialog box, do one of the 22 Click Close.
following: 23 When the encryption is complete, remove the device. If you chose smart
• To print the recovery key, click Print the recovery key, and then card encryption, remove your smart card. Wait a few seconds and then
click Next. reinsert the device and/or smart card.
–Or– 24 Do one of the following:
a. To save the recovery key to My Site or another file share, click Save If you chose password protection:
the recovery key to a file.
i. Enter your password.
b. In the Save BitLocker Recovery Key as dialog box, BitLocker
suggests a filename to use. You can edit this filename to distinguish it ii. If you want to have the device automatically unlocked
from recovery keys that you may acquire for additional portable when you use it with your computer, select the Automatically
devices. For example, you might want to name it “BitLocker San Disk unlock on this computer from now on check box. To use
2Gig Recovery Key DDxxxDxx….” auto-unlock, BitLocker must be enabled.
• If you chose smart card protection, click Unlock, enter your PIN, and
then click OK.
d. Click Save.
Manage BitLocker To Go
After you encrypt a portable drive, you may want to change a password, remove a Decrypt a Portable Drive
password, add a smart card to unlock the drive, save or print a recovery key again, or
turn the automatic unlock feature on or off. 1 Click Start , click Control Panel, click System and Security, and then
click BitLocker Drive Encryption.
To make any of these changes:
3 Click Turn Off BitLocker.
1 Click Start , click Control Panel, click System and Security, and then
click BitLocker Drive Encryption. 4 Click Decrypt Drive.