Work Smart: Protect Data With Windows 7 Bitlocker

Work Smart: Protect Data with Windows® 7 BitLocker®
Get Started
About
Windows® 7 BitLocker® Prepare to Enable BitLocker
Microsoft BitLocker Drive Encryption technology uses the strongest publicly All new systems that <<organization >>provides are ready for BitLocker
available encryption to protect your computer’s data, and prevents others enablement. However, before you enable BitLocker, you need to join your computer
to a corporate domain (if it isn’t already joined) and ensure that you are connected to
from accessing your disk drives without authorization.
the <<organization >>corporate network. For information on joining your computer
Additionally, the BitLocker To Go® feature prevents unauthorized data to a corporate domain, see the Joining a Windows 7 System to a Domain Work Smart
access on your portable storage devices, including Universal Serial Bus Guide:
(USB) flash drives, also known as “thumb drives.” << Insert Joining a Windows 7 System to a Domain Work Smart Guide file location
Topics in this guide include: or URL>>
 Prepare to Enable BitLocker Note

 Back Up and Transfer Files You will not be able to encrypt your drive unless you have a network connection.
 Turn On BitLocker
 Suspend BitLocker Protection
Back Up and Transfer Files
<<Organization >> provides several solutions for backing up your data.
 Decrypt Your Drive
• <<insert preferred methods here>>
 Encrypt a Portable Drive with BitLocker To Go
• <<insert preferred methods here>>
 Manage BitLocker To Go
 Decrypt a Portable Drive
Turn On BitLocker
Customization note: This document contains guidance and/or step-by-step After you connect to the corporate network, you can turn on BitLocker. BitLocker
installation instructions that can be reused, customized, or deleted entirely if then turns on your computer’s Trusted Platform Module (TPM) chip, which is a
they do not apply to your organization’s environment or installation microchip that enables your computer to utilize advanced security features.
scenarios. The text marked in red indicates either customization guidance or
organization-specific variables. All of the red text in this document should
either be deleted or replaced prior to distribution.
More Work Smart Content: http://microsoft.com/itshowcase

This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS
DOCUMENT. © 2012 Microsoft Corporation. All rights reserved.
 Page 1 of 7
Get Started
Start BitLocker
Initially, when you start BitLocker, you can create a personal identification number
(PIN) that you can use each time you start your computer, or you can designate a
startup key that you must enter each time that you attempt to access a USB drive.
This additional protection is optional, but is recommended. If you are going to use
DirectAccess as your remote-connectivity software solution, you must create a PIN.
To start BitLocker and create a PIN or startup key:
1 Click Start , click Control Panel, click System and Security, and then
click BitLocker Drive Encryption.
2 Ensure your computer’s TPM is turned on. To do this, look for a TPM
Administration link in the lower-left corner of the window under See
also.
Important
<<Organization >> recommends using a PIN or startup key because
it is the most secure option. You must create a PIN if you are going to
If you do not see this link, the TPM is not on. For assistance in turning it on,
use DirectAccess as your remote-connectivity software solution.
contact << helpdesk contact or technical support URL>>.
5 On the Enter a numeric startup PIN page, in the PIN field, type a number
3 Click Turn On BitLocker. that is between 5 and 20 digits in length. The longer your PIN number, the
more secure your computer will be.
6 In the Confirm PIN field, retype the number.
7 Click Set PIN.
4 On the Set BitLocker startup preferences page, click Require a PIN at every
startup.

 Page 2 of 7
Get Started
8 On the How do you want to store your recovery key? page, click one of Notes
the following options:
• Save the recovery key to a file. Microsoft IT recommends this option, • BitLocker will encrypt your hard-disk drive in approximately one to three
which enables you to save your password to a network file-share folder, hours, depending on its size. You can continue to use your computer during
such as My Site. the encryption process.
• Print the recovery key. • After BitLocker is enabled, each time that you attempt to log on to your
computer, you will need to enter your BitLocker PIN before Windows starts.
If you have any issues accessing your computer, contact
<< helpdesk contact or technical support URL>>.
Suspend BitLocker Protection

You may need to suspend BitLocker. For example, you might need to do a hardware
upgrade or basic input/output system (BIOS) updates. When you suspend BitLocker,
Windows disables protection on your system. You won’t need to enter your PIN to
start your computer, but your data will be unprotected.
You can perform all updates and system changes by suspending BitLocker protection.
You typically do not need to turn BitLocker off for any reason other than to decrypt
your drive.
9 Click Next. To suspend BitLocker:
10 On the Encrypt the drive page, select the Run BitLocker System check 1 Click Start , click Control Panel, click System and Security, and then
box, and then click Continue. click BitLocker Drive Encryption.
11 Close and save any files that you have open. (In the next step, you
13 Click Suspend Protection.
will restart the computer.)
12 Click Continue.
BitLocker restarts your computer and begins the encryption process.
Resume BitLocker Protection

 Page 3 of 7
Get Started
1 Click Start , click Control Panel, click System and Security, and 16 Insert the portable drive (USB drive, SC card, SD/MMC card, etc.) into the
then click BitLocker Drive Encryption. appropriate slot.
14 Click Resume Protection. 17 Click Start, click Control Panel, click System and Security, and then
18 Click Turn On BitLocker next to the portable storage device that you want
to encrypt.
Decrypt Your Drive

15 Click Turn Off BitLocker.
19 In the Choose how you want to unlock this drive dialog box, select one of
the following options.
BitLocker will decrypt your hard-disk drive in approximately 1–3 hours, depending
• If you want to use a password to unlock the drive, select the Use a
on the hard-disk size. You can continue to use your computer during the encryption
password to unlock the drive check box, enter your password twice,
process.
and then click Next.
• If you want to use a smart card to unlock the drive instead, select
Encrypt a Portable Drive with the Use my smart card to unlock the drive check box, insert your
BitLocker To Go smart card, and then click Next.
When you encrypt a portable drive with BitLocker To Go, you can set it to unlock by Important
using a password or your smart card.
Create a password with 8–12 characters. It is recommended that you use
1 Connect to the corporate network. an easy-to-remember passphrase and change certain letters to caps
or obvious special characters. Entering a password is a one-time event.
2 Decide whether you want to use password protection or smart card
You will not need to change or reset it unless you want to.
protection..

 Page 4 of 7
Get Started
20 In the BitLocker Drive Encryption dialog box, do one of the 22 Click Close.
following: 23 When the encryption is complete, remove the device. If you chose smart
• To print the recovery key, click Print the recovery key, and then card encryption, remove your smart card. Wait a few seconds and then
click Next. reinsert the device and/or smart card.
–Or– 24 Do one of the following:
a. To save the recovery key to My Site or another file share, click Save  If you chose password protection:
the recovery key to a file.
i. Enter your password.
b. In the Save BitLocker Recovery Key as dialog box, BitLocker
suggests a filename to use. You can edit this filename to distinguish it ii. If you want to have the device automatically unlocked
from recovery keys that you may acquire for additional portable when you use it with your computer, select the Automatically
devices. For example, you might want to name it “BitLocker San Disk unlock on this computer from now on check box. To use
2Gig Recovery Key DDxxxDxx….” auto-unlock, BitLocker must be enabled.
iii. Click Unlock.
• If you chose smart card protection, click Unlock, enter your PIN, and
then click OK.
c. Go to My Site or the file-share folder where you want to save the

recovery key.
d. Click Save.
21 Click Start Encrypting.

Encryption time varies but typically takes 3 minutes per GB of data. An
encryption progress dialog box will appear, followed eventually by a
completion notice.

 Page 5 of 7
Get Started
Notes 25 Click Manage BitLocker.

• BitLocker To Go can encrypt your drive in minutes or hours, depending on 26 Select one of the options in the dialog box.
your drive’s size, your connection speed, and the technology you use, such
as External Serial Advanced Technology (eSATA), FireWire, USB, or USB
2.0. You can continue to use your computer during the encryption process.
• Each time you attempt to use the drive, you will need to enter the password or
smart card unless you set up BitLocker To Go to unlock the drive
automatically. If you have any issues accessing your drive, contact the <<
helpdesk contact or technical support URL>>.
• If you want to change the password for a portable drive or change the auto-
unlock feature, click Start, click Control Panel, click System and
Security, and then click BitLocker Drive Encryption. In the BitLocker
Drive Encryption dialog box, click Manage BitLocker next to the
portable drive information.
• All recovery keys are stored in Active Directory® and can be obtained <<
selfhelp URL, helpdesk contact, technical support URL>>.
Manage BitLocker To Go
After you encrypt a portable drive, you may want to change a password, remove a Decrypt a Portable Drive
password, add a smart card to unlock the drive, save or print a recovery key again, or
turn the automatic unlock feature on or off. 1 Click Start , click Control Panel, click System and Security, and then
To make any of these changes:
3 Click Turn Off BitLocker.
click BitLocker Drive Encryption. 4 Click Decrypt Drive.

 Page 6 of 7
Get Started
For More Information

• BitLocker Drive Encryption
http://windows.microsoft.com/en-US/windows7/products/features/bitlocker

 Page 7 of 7

Work Smart: Protect Data With Windows 7 Bitlocker

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Work Smart: Protect Data With Windows 7 Bitlocker

Uploaded by

Copyright:

Available Formats

Work Smart: Protect Data with Windows® 7 BitLocker®

 Prepare to Enable BitLocker Note

More Work Smart Content: http://microsoft.com/itshowcase

More Work Smart Content: http://microsoft.com/itshowcase

Suspend BitLocker Protection

Resume BitLocker Protection

More Work Smart Content: http://microsoft.com/itshowcase

Decrypt Your Drive

More Work Smart Content: http://microsoft.com/itshowcase

iii. Click Unlock.

c. Go to My Site or the file-share folder where you want to save the

21 Click Start Encrypting.

More Work Smart Content: http://microsoft.com/itshowcase

Notes 25 Click Manage BitLocker.

More Work Smart Content: http://microsoft.com/itshowcase

For More Information

More Work Smart Content: http://microsoft.com/itshowcase

You might also like