Enabling BitLocker Drive Encryption
By default, BitLocker is
configured to use a Trusted Platform Module. To recap, however,
BitLocker’s full functionality will not be witnessed unless the system
being used is compatible with the TPM chip and BIOS. This next section
looks at how to enable BitLocker Drive Encryption with TPM. Microsoft
recognizes that many laptops and computers do not have TPM chips (or are
not “TPM enabled”). If you are in this situation, don’t despair because
you can use BitLocker
without a compatible TPM chip and BIOS. As such, this section also
covers information on how to enable BitLocker without TPM.
Enabling BitLocker Drive Encryption with TPM
The first step to enabling BitLocker with TPM is to turn ON the TPM. Use the following steps to complete this task:
1. | Go into the system’s BIOS setup and set TPM Security to ON.
|
2. | Next, save the changes in the BIOS setup, and reboot the system.
|
3. | Lastly, reenter the system’s BIOS setup and activate the TPM.
|
Once the TPM has been enabled, the next step is to enable BitLocker. Use the following steps to complete this task:
1. | Click Start, Control Panel, and double-click BitLocker Drive Encryption.
|
2. | Enable
BitLocker Drive Encryption for the operating system volume by clicking
Turn On BitLocker on the BitLocker Drive Encryption page. This is
displayed in Figure 2.
Note
The Initialize TPM
Security Hardware screen will be displayed if the TPM is not
initialized. Launch the wizard to initialize the hardware and then
restart your computer.
|
3. | Review
the message on the BitLocker Drive Encryption Platform Check page, and
then click Continue with BitLocker Drive Encryption to start the
BitLocker process.
|
4. | Because
TPM hardware is present on this system, select the option to Use
BitLocker Without Additional Keys, and then click Next. This option can
be found on the Set BitLocker Startup Preferences page, as displayed in Figure 3.
Additional keys such as a PIN or USB are not required as BitLocker
stores both encryption and decryption keys within the TPM chip.
|
5. | The
Save the Recovery Password page is invoked. The administrator has the
ability to save the BitLocker recovery password on a USB drive or to a
folder on the system. In addition, the third option allows for printing
of the password. Choose the desired storage alternative for saving the
recovery password, and then click Next to continue.
|
6. | On
the Encrypt the Volume page, ensure the Run BitLocker System Check
option is enabled, and then click Continue. The system check guarantees
that BitLocker can access and read the recovery and encryption keys
before encrypting the volume.
|
7. | The Encryption in Progress status bar is displayed. Restart the system when the encryption process is finalized. |