Bitlocker, available only in Windows 7 Enterprise
and Ultimate enables you to securely encrypt your
hard drive and keep the contents safe from prying
eyes.
Providing you have a TPM (Trusted Platform
Module) it is a simple matter of enabling Bitlocker
via Control Panel. However, if you don't have a TPM
chip then attempting to enable Bitlocker in control
Panel will simply bring up a message telling you
that a TPM was not found and the action will then be
aborted.
If you do not have a TPM chip on your motherboard
then you have to follow an alternative path in order
to enable Bitlocker.
To do this proceed as follows:
- Click the Start Button.
- On the Start Menu type: gpedit.msc into the
Search box.
- At the top of the Search list you should see
Gpedit highlighted. Press Enter to open Gpedit.
- When Group Policy Editor opens, look in the
left hand pane for Computer Configuration.
- In the Computer Configuration list, Click
the chevron (>) to the left of the
Administrative Templates option to expand the
menu.
- In the Expanded computer configuration list,
Click on the chevron (>) next to Windows
Components.
- The Windows Component directory will now
expand.
- In the Windows Component list, Click on the
chevron (>) next to Bitlocker Drive Encryption.
- In the Bitlocker Drive Encryption list,
Click on the Operating System Drives option.
- Now look in the Right Hand pane of the
Operating System Drives options and Double Click
on Requires Authentication at Startup.
- In the Requires Authentication at Startup
window, Click the Radio button next to the
Enable option and the Click the OK button.
- Now Close down group policy.
- Once Group Policy has been closed, Click the
Start Button again followed by Control panel.
- In Control Panel, Click the Bitlocker Drive
Encryption Icon.
- When the Bitlocker Drive Encryption window
opens, Locate the drive you want to use
Bitlocker on and click on the Turn On Bitlocker
option.
- Windows will now check your PC's
configuration before displaying the Set
Bitlocker startup preferences window.
- In the Set Bitlocker Startup Preferences
window, Click the Requires a Startup key at
startup option.
- Insert a USB flash drive into your USB port
and then select it from the list of available
drives.
- Once the USB flash drive has been selected,
Click the Save button.
- You will next be asked to save the recovery
key to a USB flash drive, Save the recovery key
to a file, or Print the recovery key. The first
option you should choose is to Print the
recovery key, that way you always have a hard
copy of the key. Next select Save the recovery
key to a USB flash drive and, again, click the
Save button before finally Clicking the Next
button.
- Your key will now be saved to your USB flash
drive.
- The next window will ask if You are ready to
encrypt this drive. Click the Continue button.
- Windows now needs to reboot to enable
Bitlocker to check that your key is working
correctly, so make sure your USB flash drive is
still inserted into the USB port and then press
the Restart Now button.
- On reboot Windows will attempt to read the
key off your USB flash drive. If all goes well a
message will appear in the notification area
informing you that Bitlocker is now encrypting
your hard drive.