How to Protect Your Boot Drive with BitLocker
How to Protect Your Boot Drive with BitLocker
Posted 10/25/2011 at 2:21pm
| by Alex Castle
43
Comments
Print
When it comes to protecting the data on your computer, you can’t do better than strong encryption. Properly encrypted, your files are safe even if a ne’er-do-well gains access to your computer, either physically or through a network. In the past, we’ve discussed how to use various encryption tools to encrypt individual files or create virtual, encrypted drives. Now, we’ll look at how to get maximum security by encrypting your boot disk using the BitLocker full-drive encryption system that’s built into Windows 7 Ultimate and Enterprise.
Step 1: Assess Your System
Ideally, you have a motherboard with a Trusted Platform Module (TPM) chip. A TPM chip securely stores cryptographic keys, which BitLocker uses to access your boot drive before Windows even loads. The TPM also detects any early boot files that have been modified, protecting you from rootkits and other low-level malware. You can check with your motherboard manufacturer to see if you have a TPM, or you can just attempt to go straight to Step 3. If you don’t see a message that looks like the image below, you’re good to go. Otherwise, you don’t have a TPM and you’ll need to continue to Step 2.
You'll also need an additional, small partition on any boot drive you wish to encrypt in order to use BitLocker. Windows creates this extra partition by default during installation, but even if you don’t have one, the BitLocker software can create it for you.
Step 2: Enable USB Key Storage
By default, BitLocker requires a TPM chip to work. To change this, open the group policy editor by bringing up the Run menu (press Win + R) and then typing gpedit.msc.
Navigate through the hierarchy on the left side of the group policy editor, selecting the following folders, in order: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives (image below). Once you’ve found the right folder, double-click “Require additional authentication at startup” to edit that policy entry.
In the policy editor, all you need to do is click the radio button marked Enabled. In the bottom‑left, a checkbox labeled “Allow BitLocker without a compatible TPM” should already be checked. If it isn’t, check it. Click OK and exit the group policy editor.
Step 3: Enable BitLocker
The actual process of enabling BitLocker is straightforward: You can right-click a drive in Explorer and click Turn On BitLocker, or you can go to the BitLocker section of the control panel and enable it on any drive from there.
As long as you’ve followed the previous two steps, you should see a screen asking you for your BitLocker startup preferences. If you have a TPM, you have three options. If you select “Use BitLocker without additional keys” your startup process will be basically unchanged. Someone with access to your computer will be able to get at your data, but you’ll be protected from rootkits and from people accessing your data remotely. Alternatively, you can choose to enter a PIN every time you log in.
If you’re using the USB method, you only have access to the last option, “Require a Startup key at every startup.” With this method, you’ll only be able to boot your computer while you have a USB drive with a startup key inserted in the machine.
Once you select an option, you’ll be asked to insert a USB drive to use as the key, and you’ll choose where to store your recovery key, which you'll need if you want to decrypt your data on a different computer, or if the TPM detects a problem. It will take some time for BitLocker to encrypt your drive, but once it’s finished, your data is safe. Anyone attempting to boot from your drive without the proper key won’t even get to the Windows boot screen (image above).
More like this
43
Comments
Comments are closed on this article
johnybravo
February 06, 2012 at 2:28am
Nice article information on phlebotomy training visit my link
http://www.phlebotomytrainingexpert.com
babooo12
January 23, 2012 at 9:48pm
You can check with your motherboard manufacturer to see if you have a TPM, or you can just attempt to go straight to Step 3.
nationalsphlebotomytraining.com
total123
January 23, 2012 at 9:41pm
Despite these conflicting views on the over all nature, it is an undeniable fact that the local online advertising market has grown leaps and bounds in the past few years.
nationalsphlebotomytraining.com
total123
January 22, 2012 at 9:46pm
“Require a Startup key at every startup.” With this method, you’ll only be able to boot your computer while you have a USB drive with a startup key inserted in the machine.
deer antler velvet
total123
January 19, 2012 at 8:24am
Have a friend who has Bitlocker? Ask them polietly to encrypt the backup drive. It is definately worth encrypting those devices.
medical billing
aso chudi
January 17, 2012 at 7:44am
This is my very first time visiting here. I found numerous helpful stuff in your weblog especially the ongoing dialogue. From the tons of comments on your posts, I suppose I'm not the only person having fun in reading your website. Carry on the great work.
total123
January 17, 2012 at 7:42am
If you don’t see a message that looks like the image below, you’re good to go. Otherwise, you don’t have a TPM and you’ll need to continue to Step 2. academias ingles niños
polland
January 17, 2012 at 4:09am
The TPM also detects any early boot files that have been modified, protecting you from rootkits and other low-level malware.alfombras modulares
sahilgarg
January 17, 2012 at 3:30am
your time sharing your thoughts and ideas to a lot of readers out there.health care articles|| strategic finance articles
Campbell
February 29, 2012 at 5:17am
Your content is very useful. Thank you so much for providing plenty of useful content. I have bookmarked your site and will be without doubt coming back. Once again, I appreciate all your work and also providing a lot vital tricks for your readers. http://www.privateline88.com/
aso chudi
January 16, 2012 at 12:49pm
Great stuff from you, man. Ive read your stuff before and youre just too awesome. I love what youve got here, love what youre saying and the way you say it. You make it entertaining and you still manage to keep it smart. I cant wait to read more from you. This is really a great blog.
aso chudi
January 16, 2012 at 9:20am
I have been reading all the replies here, i had a great deal of info, some significant most are not. But i shall say it very active page.
espl06
January 16, 2012 at 4:51am
he post is written in very good manner and it entails many useful information for me. I am happy to find your distinguished way of writing the post. Lead Generation
polland
January 16, 2012 at 2:09am
I know we still have a big fight ahead of us, but it's important to take a step back every now and then and celebrate the small victories along the way.Floating Lanterns
espl06
January 15, 2012 at 5:53am
This is a fantastic website and I can not recommend you guys enough. Full of useful resource and great layout very easy on the eyes. Please do keep up this great work.wealth management
espl06
January 12, 2012 at 10:59am
India tours Geringer Global Travel are specialists in planning custom tour packages to India & beyond. They are very responsive and excellent in their service. India tours
shanwarn
January 10, 2012 at 1:06am
When looking into cruises for 2012, keep your eye out for Norway - particularly if you're after a real adventure. Norway cruises also offer the best way to experience the stunning Norwegian fjords -as you'll.. Airline Tickets
Lagos81
December 29, 2011 at 9:15am
Nice post keep up with this interesting work. It really is good to know that this topic is being covered also on this web site so thanks for taking time to discuss this! <a href="http://www.forexpromos.com/forex-broker-reviews">forex brokers</a>
kusum12
December 26, 2011 at 3:30am
This is really interesting, You’re a very skilled blogger. I’ve joined your feed and look forward to seeking more of your wonderful post. US Debt Clock
Suyesh
December 23, 2011 at 10:43pm
I ran into this page mistakenly, surprisingly, this is a great website.The site owner has carried out a superb job of putting it together, the info here is really insightful. Article Publishing
miraz
December 23, 2011 at 5:19am
Just wanted to drop a comment and say I am new to your blog and really like what I am reading. Thanks for the great content. Look forward to coming back for more......
musafir
December 23, 2011 at 4:51am
I have been visiting various blogs for my research work. I have found your blog to be quite useful. Keep updating your blog with valuable information.
satish02
December 21, 2011 at 11:16pm
I appreciate your work. This information is really cool and lot informative. Keep this work up and make us knowledgeable. sexy kostüme
musafir
December 21, 2011 at 4:38am
Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with more information? It is extremely helpful and beneficial to your readers.
miraz
December 21, 2011 at 3:26am
Hello there! You guys make this site entertaining and you still manage to keep it smart. I can’t wait to read more from you.
miraz
December 19, 2011 at 6:35am
I hate blogs with ads and publicity thing, a good blog is to inspire people and happy, make life more rich and wonderful, let more open perspective
musafir
December 19, 2011 at 5:30am
I love to surf and my initial source for information is the blogs which have always helped me in my education. This blog is one of them.
aso chudi
January 16, 2012 at 11:11am
Really I'm impressed out of this post…The one that created this post can be a genius and learns how to keep your readers connected..Thank you for sharing this with us. I uncovered it informative and interesting. Excited for much more updates.
satish02
December 13, 2011 at 6:33am
This article gives the light in which we can observe the reality. This is very nice one and gives indepth information.Government Credit Report
sahilgarg
December 12, 2011 at 1:27am
Good points has been discussed here.Its an useful information about the boot drive bitlocker,those who are looking for such kind of information can take help from here.High PR backlinks
poonam12
November 30, 2011 at 10:56pm
This was very interesting to me and I am glad that we are talking about this problem. There are so many people suffering to stay afloat. This is just not American. Hopefully I can do my part. permanent makeup
ghost446
October 26, 2011 at 2:02am
Wouldn't simply dragging those "Bitlocked" files on to a HD formatted for FAT32 make them readily accessible??
Vano
October 25, 2011 at 9:59pm
On of mine BitLocker-encrypted hard drive's controller died, what are the chances by replacing the controller I'll be able recover the data?
Engelsstaub
October 26, 2011 at 3:51am
I lost over a half-hour of sleep dwelling on your avatar. I hate you.
std error
October 25, 2011 at 3:27pm
What are the advantages of using Bitlocker over Truecrypt?
I know of one disadvantage: The price of Win 7 Ultimate vs. Home Premium
Engelsstaub
October 25, 2011 at 4:27pm
Second. OSX Lion comes with full-disk encryption and Lion is a thirty dollar upgrade from SnoLeo.
Truecrypt works well on nearly any platform. Sometimes it's rebranded in Linux repositories, but it's exactly the same.
I tried Bitlocker when Win 7 was still RC. It worked pretty well. Just not "130 bucks to Redmond-well."
Also Fedora Linux has FDE. Ubuntu can be set up as such, but you have to know what you're doing.
MrBlueCheese
October 25, 2011 at 9:58pm
The only reason you would get Ultimate is A) need some type of encryption or B) needed the language support. However, if you do manage to snag Ultimate for a good price, then that's another possibility.
benicoletti
October 25, 2011 at 2:59pm
My question is this an internal hd is encrypted and removed and put in on another system as an additional drive on another system can the files be accessed?
MrBlueCheese
October 25, 2011 at 9:55pm
The files cannot be accessed even if that happened. However, the strength of the encryption would be more if the encryption was set up on a TPM computer versus a non-TPM computer.
MrBlueCheese
October 25, 2011 at 2:31pm
The cool thing about BitLocker is that you can encrypt external storage devices.
Worried about your backups being taken? Have a friend who has Bitlocker? Ask them polietly to encrypt the backup drive. It is definately worth encrypting those devices.
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy2 days 10 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj2 days 10 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E4 days 8 hours ago
