Scenario 10: Configuring the BitLocker Identification Field (Windows 7)

  • Article

Applies To: Windows 7

BitLocker in Windows 7 can use identification fields to determine whether or not a BitLocker-protected drive belongs to your organization and can use a secondary identification field to determine if the drive belongs to a trusted external organization. Identification fields are validated when data recovery agents are enabled and when BitLocker To Go is turned on.

Data recovery agents will be updated as necessary to ensure that the drive can be recovered by authorized individuals and the BitLocker To Go Reader application will be updated as necessary on a removable drive. If the identification field is not configured, the drive is treated as if it belongs to your organization. If the identification field is configured on a drive, it must match the identification field or allowed identification field specified in this policy before BitLocker can update data recovery agent information or the BitLocker To Go Reader on the drive.

Before you start

To complete the procedure in this scenario:

  • You must be able to provide administrative credentials.

To configure the BitLocker identification field

  1. Click Start, type gpedit.msc in the Search programs and files box, and then press ENTER.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

  3. In the console tree under Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components, click BitLocker Drive Encryption.

  4. In the details pane, double-click the Provide the unique identifiers for your organization policy setting, and then click Enabled.

    • In Identification field, type the unique identifier for your organization.

    • In Allowed identification field, type the unique identifiers for any trusted external organizations that may have BitLocker-protected removable drives that are accessed by computers in your organization.

  5. If you do not want to use identification fields, set this policy to Disabled or Not Configured. After you have made your choices, click Apply to apply the settings, and then close the dialog box.

  6. Close the Local Group Policy Editor.

  7. To force Group Policy to apply the changes immediately, you can click Start, type gpupdate.exe /force in the Search programs and files box, and then press ENTER. Wait for the process to finish.

Note

Identification fields are added to BitLocker-protected drives when BitLocker is turned on. If you have already deployed BitLocker and you want to add an identification field, you can use the following Manage-bde command to associate an identifier with the drive, replacing Volume with the letter of the drive:
manage-bde -SetIdentifier Volume:

By completing this procedure, you have configured the identification field that will be applied to drives in your organization when BitLocker is turned on.