Sunday, April 3, 2016

Windows 10 BitLocker

I normally focus on troubleshooting with my blog posts, but this one is an exception. I wrote up a section for course manual on BitLocker in Windows 10 that includes a couple of short activities enabling BitLocker. However, I'm concerned that that activities could take an extended period of time. So, this blog post is providing screenshots of what those activities look like.

Before I start with the steps, I was pleasantly surprised that I was easily able to get BitLocker going in a VM without doing anything goofy. Once upon a time, to get BitLocker going, we needed to use a virtual floppy to store the startup key. There is now an option to use a password instead. I haven't looked at this in a while and this is probably not a new option. I'm going to guess that Windows 8.1 at least probably had the same.

There are three nice things about a startup password for BitLocker:
  • You don't need a TPM in your computer to make it work. Many computers don't have a TPM so that requirement is a deal breaker for many people.
  • You don't need a USB key to startup. Before, the alternative to a TPM was a USB key with the startup key. The idea that I needed to keep a USB key with my laptop seemed inherently fragile.
  • The behavior mimics what other drive encryption products do. Many other full drive encryption products require a password to startup the system. Users that are used to this process like to continue using it.
With no further ado, here are the screenshots...

Enabling BitLocker in Windows 10

Turn on Bitlocker

Select an unlock method

Enter the password to unlock the drive

Save the key to a location that is not the drive being encrypted.

In my VM, I printed using the built in PDF printer since the VM only had the C: drive.
I'm not planning to access this drive from anything but Windows 10 build 1511 or later. So, new encryption mode was good.

Click Continue to make it so.

After a reboot, enter the password to startup

Check encryption status with manage-bde.exe

Testing BitLocker Recovery with a Recovery Key

On the BitLocker startup screen press Esc to access BitLocker recovery

Enter the recovery key from the PDF (you printed that before you got to this point right?)

Once you're in you can change the password or turn off BitLocker

No comments:

Post a Comment