Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

At IU, how do I enable BitLocker on a Windows Vista Enterprise or Ultimate computer that has a TPM chip?

On this page:

Hardware and software requirements

  • A computer that meets the minimum requirements for Windows Vista

  • A TPM microchip, version 1.2

  • A Trusted Computing Group (TCG)-compliant BIOS

  • A BIOS setting to start up first from the hard drive, not the USB or CD drives

  • Administrative credentials on the computer on which BitLocker is being configured

  • The ability to print from the computer on which BitLocker is being configured

  • A USB thumb drive (optional but recommended)

Requirements for escrow of recovery information to the domain

Note: Before running the BitLocker Drive Preparation Tool, be sure to back up any critical data or files, as data loss is always possible when repartitioning your hard drive.

Instructions

To create a BitLocker partition and turn on BitLocker Drive Encryption, follow these steps:

  1. Download the BitLocker Drive Preparation Tool from the "Security" area on IUware.

  2. Install the BitLocker Drive Preparation Tool.

  3. Click Start and select All Programs, then Accessories, then System Tools, then BitLocker, and finally BitLocker Drive Preparation Tool.

  4. Accept the software licensing terms.

  5. On the "Preparing Drive for BitLocker" screen, click Continue.

    Note: Do this only if you are sure you have backed up critical data.

  6. Once the drive preparation is complete, click Finish.

  7. When prompted to restart, click Restart Now.

  8. Click Start and select Control Panel, then Security, and finally BitLocker Drive Encryption.

    This control panel may open automatically after the restart.

  9. On the BitLocker Drive Encryption page, click Turn On BitLocker on the operating system volume.

  10. If your TPM is not initialized, you will see the Initialize TPM Security Hardware Wizard. Follow the directions to initialize the TPM. UITS strongly recommends that you print the TPM owner password and save it on removable media.

    For more information on initializing the TPM, see the Microsoft TechNet article Windows Trusted Platform Module Management Step-by-Step Guide.

  11. On the "Save the recovery password" page, you will see the following options:

    • Save the password on a USB drive: Saves the password to a USB flash drive
    • Save the password in a folder: Saves the password to a network drive or other location
    • Print the password: Prints the password

    UITS recommends the following:

    • UITS strongly recommends that you print the password and save it on a USB drive. Saving the password to a USB drive will allow you to run the BitLocker system check on the next screen.
    • Do not store the USB drive that contains the recovery password with your laptop.

  12. For each option, make your selection and follow the steps in the wizard to set the location for saving or printing the recovery password.

  13. When you have finished saving the recovery password, click Next.

  14. Assuming you chose to save the password on a USB drive, on the "Encrypt the selected disk volume" page, confirm that the Run BitLocker System Check checkbox is selected, and click Continue.

  15. Confirm that you want to restart the computer by clicking Restart Now. The computer will restart and BitLocker will verify that the computer is BitLocker-compatible and ready for encryption. If it is not, you will see an error message alerting you to the problem.

  16. If it is ready for encryption, the "Encryption in Progress" status bar is displayed. You can monitor the ongoing completion status of the disk volume encryption by dragging your mouse cursor over the BitLocker Drive Encryption icon in the toolbar at the bottom of your screen.

By completing this procedure, you have encrypted the operating system volume and created a recovery password unique to this volume. The next time you log in, you will see no change. If the TPM ever changes or cannot be accessed, if there are changes to key system files, or if someone tries to start the computer from a disk to circumvent the operating system, the computer will switch to recovery mode until the recovery password is supplied.

Information in this document comes from the Microsoft TechNet article Windows BitLocker Drive Encryption Step-by-Step Guide, which contains much more detailed information about using Windows BitLocker in Windows Vista.

This is document aviu in domain all.
Last modified on August 27, 2012.

I need help with a computing problem

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.



Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

I have a comment for the Knowledge Base

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.