How to enable Bitlocker is our next topic for the followers of Get IT Solutions, in today’s article. Also we are going to explain how to use TPM+PIN combination of authentication mechanism and how Bitlocker works.
What is BitLocker and how bitlocker works
BitLocker Drive Encryption works by encrypting contents of your chosen disk and then creating an encryption key. Without this key, access to the encrypted disk cannot be given. This is particularly useful for laptop owners who keep sensitive information on their computer. BitLocker is Microsoft’s easy-to-use, proprietary encryption program for Windows. Encrypting your entire drive can help protect against unauthorized changes to your system such as firmware-level malware. It is designed to protect data by providing encryption for entire volumes. By default, it uses the AES encryption algorithm in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector
BitLocker is used in conjunction with a hardware component called a Trusted Platform Module (TPM). The TPM is a smartcard-like module on the motherboard that is installed in many newer computers by the computer manufacturer. BitLocker stores its recovery key in the TPM (version 1.2 or higher). The following combinations of the above authentication mechanisms are supported, all with an optional escrow recovery key:
- TPM only
- TPM + PIN
- TPM + PIN + USB Key
- TPM + USB Key
- USB Key
- Password only
Requirements
BitLocker could not be enabled for Windows 7 Professional and it cannot be downloaded and installed. You can turn on bitlocker for Windows 7 Ultimate and Windows 7 Enterprise editions. The computers without TPMs also can use BitLocker. Computers without TPMs will not be able to use the system integrity verification that BitLocker can also provide. To use BitLocker, your computer must satisfy certain requirements. Supported operating systems:
- Windows 10 – Education, Pro, or Enterprise edition
- Windows 8 — Professional or Enterprise edition
- Windows 7 — Enterprise or Ultimate edition
- For Windows 7, the Trusted Platform Module (TPM) version 1.2 or higher must be installed. It must also be enabled and activated (or turned on).
Additional requirements:
- You must be logged in as an administrator.
- You must have access to a printer to print the recovery key.
TPM module bitlocker
If your computer meets the Windows version and TPM requirements, the process for enabling BitLocker is as follows:
Step1. Click Start, and in search bar start typing BitLocker Drive Encryption
Search for bitlocker on control panel
Step2. Click TPM Administration (You should have admin rights)
TPM module bitlocker
Step3. Start Initializing TPM by clicking Initialize TPM, in the right panel
Start TPM module bitlocker
- You need to restart your computer.
- Save the recovery key of TPM in a USB key.
- Restart your computer again
Enable bitlocker Windows 7 & Windows 10
These is the TPM+PIN combination of authentication mechanism
Step1. Open Local Group Policy Editor by typing Run and gpedit.msc
gpedit.msc
Step2. Go to Operating System Drives by following these path:
Computer Configuration > Administrative Templates > Windows Components > Bitlocker drive Encryption > Operating System Drives
Enable bitlocker gpedit
Step3. Enable Require additional authentication at startup and do the following configurations. After that click OK
Require additional authenticcation at startup
Step4. Enable Allow enhanced PINs for startup. Click OK.
Allow enhanced PINs for startup
Step5. Open command prompt and type: gpupdate /force. After that restart or log off
gpupdate
How to encrypt Windows 7 and Windows 10
Step1. Click Start, and in the search bar start typing BitLocker Drive Encryption. Start by encrypting System C or Data D by clicking Turn On Bitlocker
How to encrypt windows 7 and window 10
BitLocker scans your computer to verify that it meets the system requirements. If your computer meets the system requirements, the setup wizard continues. Click Next
Encrypt the drive
Step 2. When the BitLocker startup preferences page is displayed, click Require a PIN at every startup.
Require a PIN at every startup
Enter a PIN from 8 to 20 characters long and then enter it again in the Confirm PIN field. Click Set PIN. Note: You will need to enter your PIN each time you start your computer.
Enter a PIN at every startup
You can store your recovery key in a USB, or select Print the recovery key to print it. And then click Next. Note: Make sure your computer is connected to a printer.
Print the recovery key
You will be prompted to restart your computer to start the encryption process. Your computer can be used while your drive is being encrypted. If you want to enable Bitlocker and encrypt even the Drive D of your PC just follow the same steps (in the section How to encrypt Windows 7 and Windows 10)
Logging in
Enabling BitLocker will change the way you log in to your system. You need to enter your PIN at every startup, prior to entering your password. This is designed to provide an additional layer of security for your data.
