Step 4: Start the BitLocker encryption process

To start the encryption process:

1. Click Start and type BitLocker in the Search box. Select BitLocker Drive Encryption. (You can also launch BitLocker from the Control Panel.)

2. You should at this point see a list of all available volumes (typically C:) that can be encrypted with BitLocker. If you see a warning in yellow -- for instance, a warning that there is no TPM hardware present -- then go back and make sure you did the previous setup steps correctly.

3. Click Turn on BitLocker for the system drive (again, typically C:) to begin configuring BitLocker for that drive.

4. You'll next be presented with a series of options: Use BitLocker without additional keys, Require PIN at every startup and Require Startup USB Key at every startup. Only the last item (Require Startup USB Key) should be highlighted, so click it to begin.

5. The Save your Startup Key window should appear. Insert the USB removable drive you will use to store the TPM key and wait for its drive letter to show up in the window. (If no drive letter shows up, it may not be formatted.)

6. Click Save to save the startup key.

7. You'll then have the option to save the BitLocker recovery password to different places: a folder, a USB drive or as a printed document. Save at least two copies of the recovery password for now; you can always make more backups later, or delete some of the ones you've made now.

   Note: You can save the recovery password to the same USB drive you use to store the startup key, but it isn't a good idea. If someone else comes across the drive, the person doesn't even need to boot your machine with the drive anymore to know how to compromise it.

   Note #2: Don't use the startup key for anything other than starting up Vista if you can help it. I believe it is possible to write-protect the startup key once it's been created and use it that way with no ill effects. That should further discourage you from using it for something else and then possibly damaging it.

8. On the next page you'll be given the option of running a BitLocker Check. This reboots the system and insures that the BitLocker startup key can be read at boot time. If you're not sure if your system supports booting via USB, run this test. The system will reboot, and if the test is unsuccessful, you'll get a warning the next time Vista starts up. If that happens, the only way you'll be able to boot the system after it's encrypted is with the recovery password.

   Note: If you fail the BitLocker check and want to encrypt the drive anyway, you'll need to go through the steps in this section again and opt out of running the BitLocker Check. Also, make sure the drive has been connected via a USB port that can be read at boot time in the first place.

9. At this point you'll be given the option to actually start the encryption process. When you do, you'll see a progress bar, and you can pause and resume the encryption process if you need to. Don't shut down or reboot the system until the encryption process is finished.

10. When the encryption process finishes, you can then reboot the machine. On each subsequent boot, you must have the BitLocker USB key plugged in and visible to the computer at boot time or you'll be prompted to type the recovery password to continue.

Using BitLocker on a non-TPM system

 Introduction
 Step 1: Know your hardware
 Step 2: Configure the drives
 Step 3: Edit the local policy
 Step 4: Start the BitLocker encryption process

About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Vista security issues, updates and alerts Managing single sign-on security burdens in Windows Top 10 ways to improve Windows Vista security A Windows security checklist for IT managers Unauthenticated vs. authenticated security testing Does Vista's strong security make it better than XP? Enhancing patch management with NAP Why Windows Vista is superior to XP How to exploit two common Windows vulnerabilities The 10 most common Windows security vulnerabilities Hacking Exposed Windows: Windows security features and tools Windows passwords and permissions management Build secure computer password policies Remote user security checklist Reduce resistance to creating strong computer passwords Unauthenticated vs. authenticated security testing Step 1: Know your hardware Step 2: Configure the drives Step 3: Edit the local policy Top network security tips of 2006 Top client security tips of 2006 Password security FAQs

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary drive-by download  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary