BitLocker

From UMIACS
Jump to: navigation, search

Overview

BitLocker Drive Encryption is a data protection feature available from Microsoft starting in Windows 7. Having BitLocker integrated with the operating system addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.

Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software-attack tool against it or by transferring the computer's hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.

Official Microsoft documentation can be found at https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-overview

BitLocker at UMIACS

All of our Business Office desktops as well as our Enterprise supported laptops and home machines will have BitLocker enabled by UMIACS staff as part of each machine's install process.

Recovery Key Prompts

Ordinarily, no interaction should be required with BitLocker to keep it in a functional state. However, a few circumstances may lead to BitLocker detecting changes to the system boot information and prevent the computer from reaching Windows. This is by design.

Bitlocker-recovery.jpg

Some factors that may cause this (not exhaustive):

  • BIOS or firmware updates -- some manufacturer automatic driver update utilities include these by default - beware!
  • DVDs or USB drives inserted or plugged in during boot
  • Malware on the system

The first step should always be to disconnect any external devices and then power the machine off and back on. This ensures that the hardware configuration of the machine is the same as it was when UMIACS staff initially enabled BitLocker. If the prompt still pops up, please contact UMIACS staff for further troubleshooting.

Temporarily Suspending Bitlocker

In the event that you encounter the recovery screen above, after booting back into Windows, follow these steps to ensure the prompt does not appear on subsequent reboots. The first two steps can also be taken proactively if you know you will be making a change that affects BitLocker. (see above)

  1. Search for BitLocker in the Start menu and click on "Manage BitLocker".
    Bitlocker1.png
  2. Click "Suspend protection" on the Operating system drive and hit yes to the confirmation prompt.
    Bitlocker2.pngBitlocker3.png
  3. Click "Resume protection".
    Bitlocker4.png
  4. BitLocker will resume and commit the current boot configuration.
    Bitlocker2.png