X
Business

BitLocker for dummies (...students)

Students need security; it's a paramount element of university life. Without security, our laptops can go missing (or stolen, depending on which university you go to), and a good proportion of your life you can say goodbye to.
Written by Zack Whittaker, Contributor
bitlocker-padlock.png
Students need security; it's a paramount element of university life. Without security, our laptops can go missing (or stolen, depending on which university you go to), and a good proportion of your life you can say goodbye to.

This came in the form of BitLocker, a hardware enabled solution which allows only you access to your entire computer. If your computer is stolen, the perpetrator will not be able to decrypt the contents, as the encryption key is just as secure, if not more secure than the SSL sequence.

However, getting the damn thing working has been a nightmare for as many Google searches of people I can find. Whilst I may not be able to give a sound solution to the problem, at least Windows 7 is making headway with a portable encryption solution. For those interested in BitLocker-to-Go, which enables easy encryption of flash and portable drives in Windows 7, skip straight to page 4.

First things first

If you have a new-ish Intel processor, great! You've probably got a TPM chip. If you've got an AMD processor, the chances are you don't.

You're also meant to do this before you get your files, folders, settings and applications sorted. If you haven't, you will need to re-partition your hard drives and this is hardly user friendly.

Just to screw you over even more, BitLocker is only available on Windows Vista Ultimate and Enterprise editions, the two editions which aren't on DreamSpark or MSDNAA. However, if you are using Windows Server 2008 like I've previously suggested, bingo, you can use BitLocker. It just seems to Microsoft that home users aren't as important as the rest of us...

WARNING!
In case of a massive boot failure, such as "BOOTMGR is missing" which I unfortunately suffered, these can be fixed with these two handy links. Print them out so you've got them offline, and keep your Vista DVD to hand just in case.
WARNING!
And finally, this is at your own risk. Backup everything first, because knowing your luck, if it could go wrong, it absolutely 100% will go wrong.

Getting the messy big bit out of the way -->

Getting the messy big out of the way

If you have a TPM, you should be fine. If you don't:

  1. Go to Start > Run (or hold the Windows key + R), and type in gpedit.msc. Accept any UAC prompts you may encounter.
  2. Go through the left hand view to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption.
  3. In the right hand view, double click the Enable advanced startup options.
  4. In the dialog, select Enabled at the top, and then tick the box saying Allow BitLocker without a compatible TPM.
  5. Press Apply, OK then close the console window.

Now we need to sort out the drive partitions. This bit scares me, to be honest, because it's a little too close to my files for my own comfort. If you've backed up and are ready to accept any mistakes as your own:

  1. Go to Start > Run (or hold the Windows key + R), and type in compmgmt.msc. Accept any UAC prompts you may encounter.
  2. Under Storage, select the Disk Management option. In the right hand side, select a partition you feel most comfortable with (or the only one visible), right click and select Shrink Volume.
  3. Shortly afterwards, you'll have a block of unallocated space left. Right click, select New Simple Volume, go through the dialog but select Do not assign a drive letter or drive path. This will keep your "Computer" nice and clean. Hit Next.
  4. Select Format this volume with the following settings, with the file system as NTFS, the allocation unit as Default and call the volume "BitLocker".
  5. This will format, and once it has finished, right click and select Mark Partition as Active. Ignore the warning, but remember to have your Vista DVD spare just in case boot fails.
  6. Restart the computer.

Setting up the BitLocker encryption -->

Setting up the BitLocker encryption

bitlocker-tpm.png
If you got through all that hassle, you should be on track for the next bit. Depending on whether you have a TPM or not, the options will change and some many not be enabled. Either way, they're all very much the same.

  1. Go to Start > Control Panel > BitLocker Drive Encryption.
  2. You should have no yellow boxes (if you do, revise the previous steps), and click Turn On BitLocker for your selected partition.
  3. Select the startup type you wish:
    • Use BitLocker without additional keys: the computer will startup with no user interaction, but if the system hardware is changed, it will presume it is stolen and lock up.
    • Require PIN at every startup: a simple PIN will be required by the user every time the system boots up.
    • Require startup USB key at every startup: a flash drive will need to be inserted every time the computer boots up; a bit like a key in a lock.

  4. Insert the flash drive, or enter in a PIN, and select Save/Next.
  5. You will then have the option to save or print the recovery password. Do all three and save them onto another computer, a flash drive kept in a safe place, or print and keep the key safe. Select Next.
  6. Make sure you enable the box saying Run BitLocker system check, to make sure it's all working hunky-dorey, and select Continue.
  7. Restart the computer, and BitLocker will be enabled on boot.

BitLocker-to-Go on Windows 7 -->

BitLocker-to-Go on Windows 7

win7logo.png
As previously mentioned in my other article, BitLocker has now been ported to Windows 7, and begun supporting portable and flash drives. For those running Windows 7 now, or soon to be running the public beta software, this is how you get BitLocker-to-Go working on your flash drive.

WARNING!
It's important to note, while Windows 7 machines will recognise the security on the flash/portable device, previous versions of Windows will not, even though it says so.
  1. Go to Start > Control Panel > BitLocker Drive Encryption.
  2. Under "BitLocker to Go", select the flash drive you wish to encrypt, and select Turn on BitLocker.
  3. Depending on the hardware available to your system, you can select a biometric fingerprint, a smart card, or most common on all systems, a password. Select the type you wish, and hit Next.
  4. You will then have the option to save or print the recovery password. Do both and save them onto another computer, and print and keep the key safe. Select Next.
  5. Now, select Start Encryptingand this will take anything from 5 minutes to half an hour, depending on capacity of the portable device.

I would recommend a password, as other machines may not have biometric or smart card support. Let me know how you found this guide; I do hope I've helped some spotty little student out there.

Editorial standards