Security and Safety
Data Encryption on Windows 7 Windows BitLocker
What is BitLocker?
BitLocker Drive Encryption is a full disk encryption feature included with the Windows 7 desktop operating system. Encryption is a way to enhance the security of a message or file by scrambling the contents so that it can be read only by someone who has the right encryption key to unscramble it. For example, if you purchase something from a website, the information for the transaction (such as your address, phone number, and credit card number) is usually encrypted to help keep it safe.
BitLocker is designed to protect data by providing encryption for entire volumes. It also helps prevent a thief running a software hacking tool from breaking Windows 7 file and performing offline viewing of the files stored on the safeguarded drive.
How do I encrypt my Windows 7 Machine with BitLocker?
IMPORTANT NOTE: Before encrypting your Windows 7 Machine IT Services recommend that a Full System Backup is taken beforehand. It is also essential that the BitLocker Recovery Key is saved to a safe and secure location. If you lose your recovery key and BitLocker "Locks" there is no way to unlock the system without the recovery key. For assistance contact your Departmental Installer or IT.Services@lboro.ac.uk or telephone 01509 222333.
BitLocker is disabled by default. In order to allow the machine to be encrypted the Departmental Installer will need to contact IT Services who will initiate the process. Once this has been done the requester will receive an e-mail with the necessary instructions to encrypt the machine. We recommend that the instructions are read before anything is done.
IMPORTANT NOTE: During the encryption process a BitLocker Recovery Key should have been generated. It is essential that the BitLocker Recovery Key is saved to a safe and secure location.
USB Encryption on Windows 7 - BitLocker to Go
Windows 7 now has the ability to encrypt USB external media. This feature is called BitLocker To Go and is only available on the enterprise version of the Operating System.
Please note: You will not be able to encrypt your portable storage device unless your PC has been added into the 'SSPCS-Bitlocker' AD Group. Please contact the Service Desk on Ext 222333 or via e-mail at IT.Services@lboro.ac.uk so they can add your machine into this Group.
Once the initialisation process is complete, BitLocker To Go will prompt you to set up a password that you will use to unlock the drive.
For guidance and advice on Passwords please see our Password Guidance page.
During the encryption process, you'll see a standard progress monitor. The amount of time that it will take to complete the process will depend on how large the drive is. There is a "Pause" button which will allow you to temporarily halt the process should you need to perform another task.
The Show password option will display the password while you type, this is not secure and is not recommended. The automatically unlock on this computer from now on will store the password in the Windows 7 password cache. Note you must tick the option to "Automatically unlock on this computer from now on". Since we use FIPS standards, BitLocker To Go will only work on read only mode if you try and unlock with a password. The only way around this is to save the password to the computer. Once this is done you will have full read / write access to the USB encrypted drive.