Understanding and Implementing Bit Locker drive in Windows 10

windows10Bit locker is a new security feature introduced by Microsoft since the release of Windows Vista. It works in integration with TPM (Trusted Platform Module). Bit locker works in integration with TPM to protect the operating system and data even if the computer is lost or stolen.

TPM (Trusted Platform Module)

TPM is a chip that is built into the computer. This chip stores the information like encryption keys and other cryptographic info. You can also use bit locker without TPM by configuring a group policy to store the required encryption keys on a USB flash drive or other media. The USB flash drive or the media can then be used to unlock the drive.

How Does Bit locker work?

When the computer boots up a POST (Power On Self Test) is carried out to check the functionality of the computer components. After POST, the startup process begins and the TPM shows the encrypted partition only after comparing the encrypted values with a previously taken snapshot. This process verifies the integrity of the startup process and finds out if the installation process is tampered in any way. The key is not shown if the hard disk is attached with another computer or the installation of windows is tampered.

Requirements for configuring Bit locker drive Encryption in Windows 10:
1. A TPM chip built on the computer that is compatible with the version of windows 10 (Version 1.2 or higher).
2. TPM compatible BIOS.
3. NTFS drive partitions.
4. BIOS must be set up to boot from hard drive and not from removable drives.

Steps to Turn ON Bit locker

1. To set up bit locker drive encryption, click on ‘Start Menu’. Type ‘Bit locker’ in the search box. Click on ‘Manage Bit locker’.
2. Right click on the drive that you want to encrypt, and click ‘Turn ON Bit locker’.
3. You can select how you want to encrypt your drive. Either by password or by smart card.
4. Select the location where you want to save the recovery key in case you forget your password.
5. You can also select if you want to encrypt the whole drive or just the utilized space. Click on ‘Start Encryption’.

The encryption will take some time depending on the options you selected. Once it is complete a message will be displayed that says, “Encryption of C: is complete.” Click on ‘Close’.

You can now remove the Hard disk from this particular computer and attach it to another computer. Start the computer and check the message displayed. It will ask you to type the encryption key to unlock the Operating system. If you do not have the encryption key than you will not be able to boot the computer.

Bit locker is an important feature that helps in blocking hackers from accessing the important files, passwords or any confidential data from your storage device. When you save any new file on an encrypted device with bit locker, it will encrypt them automatically. You must also know that the files will remain encrypted as long as they remain on the same drive. If the files are copied to another drive then they won’t remain encrypted. If the files are shared with other Windows 10 users on the network they still remain encrypted on the same drive on Windows 10 operating system. The other authorized users on the Windows 10 network will still be able to access them normally. In windows 10 you can also decrypt the hard disk in the same way you encrypted it. To decrypt a windows 10 hard drive follow the below steps:

  1. Right click on the drive which is encrypted. Select ‘Decrypt drive
  2. It will ask you to type the decrypting password. Type the password you used while encrypting the drive. And select ‘Decrypt drive’. It will take some time to decrypt this hard disk. It may also ask you to restart the computer after it is done.

BitLocker is one of many new features in Windows 10. Paul Brown Training and QA offer a range of Microsoft courses at venues in London and right across the UK, aimed at gaining practical skills quickly.  There are various courses available, including both public classroom based and onsite IT training.