Share via


Configuring bitlocker

I thought of giving everyone feel of how easy it is to configure bitlocker on your machine. I picked a test Lenovo T60p machine and opened bitlocker drive encryption applet from control panel. You will get option to turn on bitlocker but before you do that you first need to prepare your machine for bitlocker i.e. it should have a separate system partition which has to be NTFS and at least 1.5GB. For this you will get bitlocker drive preparation tool by calling Microsoft PSS. You may also do it manually but it is easier from the tool.

Once you get this tool and extract it on desktop and run it you will see what is shown in pic 1. It will shrink your C drive if there is no unallocated space on hard drive and then create a new active system partition and prepare it for bitlocker.

1

                                         pic 1

Once that is done… open bitlocker drive encryption applet from control panel and if you turn on bitlocker then you will see option as shown in pic2. You can also see that it says machine does not have TPM. Actually till now I have not turned on TPM from bios.

2

                                                               pic 2

So I went to TPM.msc and I see what is shown in pic3 …it does not detect my TPM as expected.

3

                                                                pic 3

I went to bios and turned on my TPM device…once I booted back to OS and opened TPM.msc, it asks me to initialize my TPM. You can see that in pic 4

4

                                                                                        pic 4

I tried to initialize and got error message as shown in pic 5..reason I am not on network and unable to communicate with AD. This group policy is enabled by default as I mentioned last time that it tries to backup TPM owner password information.

clip_image001

                                        pic 5

I connected to network and was able to initialize. Now as you see in pic 6 it says TPM is on and ownership has been taken...it will allow you to backup TPM password too. It also gives you the option to reset the TPM in GUI interface as shown.

clip_image001[6]

                                             pic 6

Now I went back to bitlocker drive encryption control panel applet and turned it on…and it started encrypting my C drive. You may turn off your machine and it will resume conversion process as soon as you start next time. You may pause conversion too. Generally the conversion rate is 1GB/min but it varies depending on various factors including the hardware. Pic 7 shows same.

clip_image001[8]

                                                   pic 7

On the same window if you click on “manage bitlocker keys” you will get an option to reset the pin (if you have configured) and also to duplicate your recovery password I.e. save password as shown in pic 8

You can save it on a non bitlocker encrypted partition or USB or print it.

clip_image001[10]

                                     pic 8

Gaurav Anand

------------------------------

This posting is provided "AS IS" with no warranties, and confers no rights.

Comments

  • Anonymous
    October 17, 2007
    The comment has been removed
  • Anonymous
    October 21, 2007
    I've not seen the tool as a download for Vista Enterprise and at any length it doesn't make much sense if you're deploying Bitlocker in any volume. I'm currently trying to source the tool from PSS for our vista enterprise licensing, it's proving to be the most difficult and frankly painful support experience I've had in a very long time... PSS aren't aware of the tool (or not the agents I've spoken to and despite what the KBID says they refer me to the Select and SA folk who in turn refer me back to PSS. It really shouldn't be this difficult. I'm still curious why it's not included in the 2007 SA benefits bundle also...