IT ServicesStudents

Security and Safety

Data Encryption on Windows 7 Windows BitLocker

What is BitLocker?

BitLocker Drive Encryption is a full disk encryption feature included with the Windows 7 desktop operating system. Encryption is a way to enhance the security of a message or file by scrambling the contents so that it can be read only by someone who has the right encryption key to unscramble it. For example, if you purchase something from a website, the information for the transaction (such as your address, phone number, and credit card number) is usually encrypted to help keep it safe.

BitLocker is designed to protect data by providing encryption for entire volumes. It also helps prevent a thief running a software hacking tool from breaking Windows 7 file and performing offline viewing of the files stored on the safeguarded drive.

How do I encrypt my Windows 7 Machine with BitLocker?

IMPORTANT NOTE: Before encrypting your Windows 7 Machine IT Services recommend that a Full System Backup is taken beforehand. It is also essential that the BitLocker Recovery Key is saved to a safe and secure location. If you lose your recovery key and BitLocker "Locks" there is no way to unlock the system without the recovery key. For assistance contact your Departmental Installer or IT.Services@lboro.ac.uk or telephone 01509 222333.

BitLocker is disabled by default. In order to allow the machine to be encrypted the Departmental Installer will need to contact IT Services who will initiate the process. Once this has been done the requester will receive an e-mail with the necessary instructions to encrypt the machine. We recommend that the instructions are read before anything is done.

IMPORTANT NOTE: During the encryption process a BitLocker Recovery Key should have been generated. It is essential that the BitLocker Recovery Key is saved to a safe and secure location.

Bitlocker-to-Go

USB Encryption on Windows 7 - BitLocker to Go

Introduction

Windows 7 now has the ability to encrypt USB external media. This feature is called BitLocker To Go and is only available on the enterprise version of the Operating System.

Please noteYou will not be able to encrypt your portable storage device unless your PC has been added into the 'SSPCS-Bitlocker' AD Group. Please contact the Service Desk on Ext 222333 or via e-mail at IT.Services@lboro.ac.uk so they can add your machine into this Group.

Encrypting

These instructions are intended for portable storage devices like USB flash drives, NOT LAPTOPs. To configure your machine to use Bitlocker, please click the link below:

This is a guide on how to configure and use BitLocker To Go.

1 Screen image: Computer with pop-up menu.

Turn On BitLocker

Firstly insert the USB device that needs encrypting and then from the "Start" button select "Computer". Right-click on the USB device and select the option "Turn On BitLocker".

2 Screen image: BitLocker Drive Encryption (E:).

Initialise

As soon as BitLocker To Go has been activated, it will begin initialising the USB device. This process is non-destructive; therefore data already on the drive will not be affected.

3 Screen image: Choose how you want to unlock this drive.

Set Password

Once the initialisation process is complete, BitLocker To Go will prompt you to set up a password that you will use to unlock the drive.

For guidance and advice on Passwords please see our Password Guidance page. 

4 Screen image: How do you want to store your recovery key?

Set up Recovery Key

After you set up a password, BitLocker To Go will prompt you to store a recovery key. It is advised that you store the recovery key file somewhere safe and not with the USB device. You can use the recovery key to unlock your drive in the event that you forget the password.

5 Screen image: Are you ready to encrypt this drive?

Confirm to Encrypt Drive

When you have created a password and saved your recovery key file, BitLocker To Go will prompt you begin the encryption process.

6 Screen image: Encrypting...

Encrypt Drive

During the encryption process, you'll see a standard progress monitor. The amount of time that it will take to complete the process will depend on how large the drive is. There is a "Pause" button which will allow you to temporarily halt the process should you need to perform another task. 

7 Screen image: Bitlocker Drive Encryption.

Encryption complete

Once the encryption is complete, BitLocker To Go displays a confirmation dialogue box and changes the icon associated with the encrypted drive.

Using BitLocker To Go encrypted drive in Windows 7

1 Screen image: This drive is protected by BitLocker Drive Encryption.

Enter password

When you later insert the BitLocker To Go encrypted drive in the Windows 7 system, you will immediately be prompted to enter the password. 

The Show password option will display the password while you type, this is not secure and is not recommended. The automatically unlock on this computer from now on will store the password in the Windows 7 password cache. Note you must tick the option to "Automatically unlock on this computer from now on". Since we use FIPS standards, BitLocker To Go will only work on read only mode if you try and unlock with a password. The only way around this is to save the password to the computer. Once this is done you will have full read / write access to the USB encrypted drive.

2 Screen image: AutoPlay.

Unlock. Open folder to view files

Once you click "Unlock", you'll see an AutoPlay dialogue box that prompts you to view the files. When you click the "Open folder to view files" button, you will be able to access the drive and its contents as you normally would.

Using BitLocker To Go encrypted drive in Windows Vista

1 Screen image: BitLocker To Go Reader.

Install BitLocker To Go Reader

When you insert the BitLocker To Go encrypted drive in a Windows Vista system, you will see an AutoPlay dialogue box that prompts you to install the "BitLocker To Go Reader". When you click this button, it will take just a moment to install and run the Reader.

2 Screen image: Type your password to unlock this drive.

Enter Password

You'll then see the BitLocker To Go Reader dialogue box, which will prompt you to enter your password. 

3 Screen image: BitLiocker To Go Reader.

Unlock

After you type the password and click the Unlock button, you'll see the BitLocker To Go Reader window, which essentially looks like Windows Explorer.

4 Screen image: Do you want to copy the selected files to the Desktop?

Open file - copy to desktop

If you attempt to open any file by double-clicking it in the BitLocker To Go Reader window, you'll immediately be prompted to copy the file to the desktop.

5 Screen image: You can only read and copy files from the BitLocker To Go Reader.

You can NOT write - the device is READ ONLY under Windows Vista

If you attempt to copy a file from the computer to the BitLocker To Go Reader window, you'll immediately see the error message You can only read and copy files from the BitLocker To Go Reader.