04. Enable Bitlocker Encryption
Bitlocker Encrytpion is the latest encryption method available on Windows Vista Enterprise and Ultimate. Rather than simply encrypt a single file Bitlocker actually encrypts the whole hard drive/partition, thus making the system more secure.
To use Bitlocker Encryption you need one of two components - a TPM complaint motherboard or a USB key. If your motherboard is TPM complaint, in other words, it has a TPM chip on the motherboard that hold encrypted keys, Bitlocker should be enabled by default. If your motherboard is not TMP complaint then Bitlocker will not be enabled by default and you will need to enable it. You will also need a USB key to store the encrypted keys on. Incidentally, you will need to insert the USB drive key into the USB port every time you boot your PC.
To enable Bitlocker proceed as follows:
1/ Click the Start button followed by All Programs.
2/ From the All Programs menu, Click Windows Update.
3/ When the Windows Update window opens, Click on the 'View Update History.'
4/ Look down the update history list and ensure that you have 'Bitlocker and EFS enhancement' installed. Without this you will not be able to proceed. If the 'Bitlocker and EFS enhancements is not there use Windows Update to obtain it.
5/ Now Close Windows Update.
6/ Next Click the Start Button followed by Control Panel.
7/ In Control Panel, Click the Bitlocker Drive Encryption Icon.
8/ In the Bitlocker window you may find two warnings:
- The drive configuration is unsuitable for Bitlocker drive encryption. To use Bitlocker, please re-partition your hard drive according to Bitlocker requirements.
- A TPM was not found. A TPM is required to turn on Bitlocker. If your computer has a TPM, then contact the computer manufacturer for Bitlocker compatible BIOS.
9/ If you know that you have a TPM installed on your motherboard then contact the computer manufacturer for a Bitlocker compatible BIOS.
10/ If you haven't got a TPM then you will need to create a separate partition for Bitlocker to work.
11 To do this. Click the Start button and, in the Search box, type 'Bitlocker.'
12/ The search should show 'Bitlocker Drive Preparation Tool.'
13/ Click on the Bitlocker Drive Preparation Tool, Accept the UAC Account Control) and the accept the licence agreement.
14/ The Bitlocker Drive Preparation Tool will now create a small (1.5GB) partition with the drive letter 'S' on your hard drive.
15/ During the drive preparation process Bitlocker will transfer start up files to the new 'S' partition.
16/ Once the drive has been prepared, go back to Control panel and turn ON Bitlocker.
On no account should you delete the Bitlocker partition. Doing so will render your PC unbootable.
An alternative method of activating Bitlocker is as follows:
1/ Click the Start Button.
2/ From the Start Menu click Accessories and the Click Run.
3/ In the Run Dialog box type: gpedit.msc
4/ In the Group Policy window click on Computer Configuration.
5/ From the list that appears click > next to Adminstrative Templates.
6/ From the expanded menu click the > next to Windows Components.
7/ From the expanded menu that now appears click on Bitlocker Drive Encryption.
8/ Now look for: Control Panel Setup: Enable advanced startup options.
9/ If you highlight this option and then look on the left hand side of the window you will see a description of what this does. Also you will see a link marked 'Properties'. Click on this link to open the properties window.
10/ In the properties window click the radio button next to the 'Enable' option and then click OK.
11/ Finally Go to Control Panel and click on the Bitlocker Icon. You should see a link now for enabling Bitlocker.