04. Enable Bitlocker Encryption
Bitlocker Encrytpion is the latest encryption
method available on Windows Vista Enterprise and
Ultimate. Rather than simply
encrypt a single file Bitlocker actually encrypts
the whole hard drive/partition, thus making the
system more secure.
To use Bitlocker Encryption you need one of two
components - a TPM complaint motherboard or a USB
key. If your motherboard is TPM complaint, in other
words, it has a TPM chip on the motherboard that
hold encrypted keys, Bitlocker should be enabled by
default. If your motherboard is not TMP complaint
then Bitlocker will not be enabled by default and
you will need to enable it. You will also need a USB
key to store the encrypted keys on. Incidentally,
you will need to insert the USB drive key into the
USB port every time you boot your PC.
To enable Bitlocker proceed as follows:
1/ Click the Start button
followed by All Programs.
2/ From the All Programs menu,
Click Windows Update.
3/ When the Windows Update
window opens, Click on the 'View Update
History.'
4/ Look down the update history list and ensure
that you have 'Bitlocker and EFS
enhancement' installed. Without this you
will not be able to proceed. If the 'Bitlocker and
EFS enhancements is not there use Windows Update to
obtain it.
5/ Now Close Windows Update.
6/ Next Click the Start Button
followed by Control Panel.
7/ In Control Panel, Click the
Bitlocker Drive Encryption Icon.
8/ In the Bitlocker window you may find two
warnings:
- The drive configuration is unsuitable for
Bitlocker drive encryption. To use Bitlocker,
please re-partition your hard drive according to
Bitlocker requirements.
- A TPM was not found. A TPM is required to
turn on Bitlocker. If your computer has a TPM,
then contact the computer manufacturer for
Bitlocker compatible BIOS.
9/ If you know that you have a TPM
installed on your motherboard then contact the
computer manufacturer for a Bitlocker
compatible BIOS.
10/ If you haven't got a TPM
then you will need to create a separate partition
for Bitlocker to work.
11 To do this. Click the Start button
and, in the Search box, type
'Bitlocker.'
12/ The search should show 'Bitlocker
Drive Preparation Tool.'
13/ Click on the Bitlocker Drive
Preparation Tool, Accept the UAC
Account Control) and the accept the licence
agreement.
14/ The Bitlocker Drive Preparation Tool
will now create a small (1.5GB) partition with the
drive letter 'S' on your hard
drive.
15/ During the drive preparation process
Bitlocker will transfer start up files to the new
'S' partition.
16/ Once the drive has been prepared, go back to
Control panel and turn ON
Bitlocker.
Warning:
On no account should you delete the Bitlocker
partition. Doing so will render your PC unbootable.
An alternative method of activating Bitlocker is
as follows:
1/ Click the Start Button.
2/ From the Start Menu click
Accessories and the Click
Run.
3/ In the Run Dialog box type:
gpedit.msc
4/ In the Group Policy window
click on Computer Configuration.
5/ From the list that appears click >
next to Adminstrative Templates.
6/ From the expanded menu click the >
next to Windows Components.
7/ From the expanded menu that now appears click
on Bitlocker Drive Encryption.
8/ Now look for: Control Panel Setup:
Enable advanced startup options.
9/ If you highlight this option and then look on
the left hand side of the window you will see a
description of what this does. Also you will see a
link marked 'Properties'. Click on
this link to open the properties window.
10/ In the properties window
click the radio button next to the
'Enable' option and then click
OK.
11/ Finally Go to Control Panel
and click on the Bitlocker Icon.
You should see a link now for enabling Bitlocker.