windows full disk encryption - university of glasgow · windows full disk encryption this guide...
TRANSCRIPT
![Page 1: Windows Full Disk Encryption - University of Glasgow · Windows Full Disk Encryption This guide takes you through the process of configuring Microsoft BitLocker full disk encryption](https://reader036.vdocuments.net/reader036/viewer/2022070905/5f74292a81e687052c4ca270/html5/thumbnails/1.jpg)
WindowsFullDiskEncryptionThisguidetakesyouthroughtheprocessofconfiguringMicrosoftBitLockerfulldiskencryptiononasystemrunningWindows7orlater.BitLockercanbeenabledonanexistingsystem–thatis,existingdataiskeptandthereshouldbenoneedtoreinstallthings.However,itishighlyrecommendedthatallimportantdatabebackedupfirst.
TPMFirst,wemustensuretheTrustedPlatformModule(TPM)chipisenabledandactive.YoushouldcheckthisinthesystemBIOS/UEFI.Ifyoufindthatyoucan’tenableBitLocker,it’sprobablyduetotheTPMnotbeingenabledoractivated.
EnableTPM
ActivateTPM
![Page 2: Windows Full Disk Encryption - University of Glasgow · Windows Full Disk Encryption This guide takes you through the process of configuring Microsoft BitLocker full disk encryption](https://reader036.vdocuments.net/reader036/viewer/2022070905/5f74292a81e687052c4ca270/html5/thumbnails/2.jpg)
BitLockerToenableBitLocker,inWindowsExplorerright-clickonthesystemdrive(oranyotherdriveyouwanttoencrypt)andselectTurnBitLockeron.
Thiswillstarttheprocessbyfirstcheckingthesystem’sconfiguration.Afterthat,thesystemwillneedtoberestarted.BitLockerwillthenbeginitssetup.
NOTE:Youmaybeaskedhowmuchofyourdriveyouwishtoencrypt.Theoptionsareusedspaceonlyorentiredrive.Ifthisisabrandnewcomputer,youcanselecttheusedspaceoption.Otherwise,it’ssafesttochooseentiredisc.
NOTE:ForWindows10youmaybeaskedanadditionalquestionduringtheprocessaboutwhetheryouwanttousethenewerXTS-AESencryption.Werecommendyouselectthisoptionforsystemdriveencryption.
RecoveryKeyYouwillthenbeaskedhowyouwouldliketostoreyourrecoverykey.Thisisanimportantstep,asthekeymayberequiredatalaterdate.Forexample,whenevercertainchangesorupgradesaremadetothehardware,BitLockermayrequiretherecoverykeytobeentered.
Werecommendthatyoustoretherecoverykeyinasecurenetworkdrive,onamemorystick,orprintacopyandkeepitinasafeplace.(Considerdoingmorethanoneofthese).Forobviousreasons,thesystemwillnotallowstoringthekeyinthedriveyouareencrypting!
![Page 3: Windows Full Disk Encryption - University of Glasgow · Windows Full Disk Encryption This guide takes you through the process of configuring Microsoft BitLocker full disk encryption](https://reader036.vdocuments.net/reader036/viewer/2022070905/5f74292a81e687052c4ca270/html5/thumbnails/3.jpg)
Oncetherecoverykeyissaved,thedriveisreadytobeencrypted.WerecommendthatyouruntheBitLockersystemcheck,toensurethatthesystemcansuccessfullyusetherecoverykey.
Thesystemwillthenneedtoberestartedagain,afterwhichtheencryptionprocessbegins.
![Page 4: Windows Full Disk Encryption - University of Glasgow · Windows Full Disk Encryption This guide takes you through the process of configuring Microsoft BitLocker full disk encryption](https://reader036.vdocuments.net/reader036/viewer/2022070905/5f74292a81e687052c4ca270/html5/thumbnails/4.jpg)
Oncethesystemhasrestarted,youwillnownoticeinWindowsExplorerthatthereisapadlockonthedrive,whichdenotesthatBitLockeristunedonforthisdrive.
IntheBitLockerDriveEncryptioncontrolpanel,you’llseethatthedriveisEncrypting.Oncecompleted,theBitLockercontrolpanelwillconfirmthatBitLockerison.
You’llbeabletousethesystemwhilstthedriveisbeingencrypted,howeverwhilstthisisinprogress,itmaybesluggish,andthenreturntonormaloncetheencryptionprocessiscomplete(whichcouldbeafewhours,orlonger,soconsiderlettingitrunovernight).Thereafter,BitLockershouldhavenonoticeableeffectonsystemperformance.
![Page 5: Windows Full Disk Encryption - University of Glasgow · Windows Full Disk Encryption This guide takes you through the process of configuring Microsoft BitLocker full disk encryption](https://reader036.vdocuments.net/reader036/viewer/2022070905/5f74292a81e687052c4ca270/html5/thumbnails/5.jpg)
AdvancedmanagementThecommandlinetoolprovidesfurtherinformationaboutthesystem’sdisksandtheirBitLockerstatus,aswellasallowingyoutocontrolotheraspectsofdiskencryption.Wecanuseittoalsomonitorthediscencryptionprogress,shownbelowviathecommand,manage-bde-status.Formorefunctionalityseetheoutputfromthecommandmanage-bde-?.
NOTE:Yourequirelocaladminrightstorunmanage-bdecommands.