Scenario 2: Turning On BitLocker Drive Encryption on a Fixed or Removable Data Drive (Windows 7)
Updated: August 26, 2009
Applies To: Windows 7
This scenario provides the procedure for turning on BitLocker Drive Encryption protection on a fixed or removable data drive on a computer.
|When encrypting a removable drive, do not suddenly remove the drive. If you need to remove a drive before encryption is complete, pause the encryption process and then use either the Safely Remove Hardware icon from the notification area or the Eject command from Windows Explorer to remove the drive. Removing the drive during the encryption process without pausing and intentionally removing the device can cause the data on the drive to be corrupted.|
Before you start
To complete the procedure in this scenario:
You must be able to provide administrative credentials to turn on BitLocker for fixed data drives. Standard user accounts can turn on BitLocker To Go on removable data drives.
You must be able to configure a printer if you want to print the recovery key.
Your computer must meet BitLocker requirements. For more information, see "Requirements for BitLocker Drive Encryption" in BitLocker Drive Encryption Step-by-Step Guide for Windows 7.
To turn on BitLocker Drive Encryption on a fixed or removable data drive
Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption.
Click Turn On BitLocker for the fixed or removable data drive that you want to encrypt.
Note If you have configured the Group Policy settings in your organization to back up BitLocker recovery information to Active Directory Domain Services (AD DS), the computer must be able to connect to the domain to complete this process.
The BitLocker setup wizard will ask you how you want to unlock this drive. Fixed data drives can be configured to automatically unlock when the operating system drive is encrypted, to unlock after a password is supplied, or to unlock after a smart card is inserted. Removable data drives can be configured to unlock after a password is supplied or to unlock after a smart card is inserted. If you want the removable data drive to automatically unlock, you can specify that option after encryption has occurred by clicking Manage BitLocker from the BitLocker Drive Encryption Control Panel item or by selecting the Automatically unlock on this computer from now on check box when you unlock the drive.
Before BitLocker encrypts the drive, the BitLocker setup wizard prompts you to choose how to store the recovery key. You can choose from the following options:
Save the recovery key to a USB flash drive. Saves the recovery key to a USB flash drive. This option cannot be used with removable drives.
Save the recovery key to a file. Saves the recovery key to a network drive or other location.
Print the recovery key. Prints the recovery key.
Use one or more of these options to preserve the recovery key. For each option that you select, follow the wizard steps to set the location for saving or printing the recovery key. When you have finished saving the recovery key, click Next.
Important The recovery key is required when a BitLocker-protected fixed data drive configured for automatic unlocking is moved to another computer, or the password or smart card associated with unlocking the fixed or removable drive is not available, such as when a password is forgotten or a smart card is lost. You will need your recovery key to unlock the encrypted data on the drive if BitLocker enters a locked state. This recovery key is unique to this particular drive. You cannot use it to recover encrypted data from any other BitLocker-protected drive. For maximum security, you should store recovery keys apart from the drives they are associated with.
- Save the recovery key to a USB flash drive. Saves the recovery key to a USB flash drive. This option cannot be used with removable drives.
The BitLocker setup wizard asks if you are ready to encrypt the drive. Click Start Encrypting.
The Encrypting status bar is displayed. You can monitor the ongoing completion status of the drive encryption by moving the mouse pointer over the BitLocker Drive Encryption icon in the notification area, at the far right of the taskbar.
By completing this procedure, you have encrypted a fixed or removable data drive, associated a key protector with an unlock method for the drive, and created a recovery key that is unique to this drive.