BitLocker

From UMIACS
Jump to navigation Jump to search

See also: BitLocker/PersonalUse if you want to secure an external hard drive with BitLocker.

Overview

BitLocker Drive Encryption is a data protection feature available in all modern versions of Windows. Having BitLocker integrated with the operating system addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.

Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software-attack tool against it or by transferring the computer's hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.

Official Microsoft documentation can be found at https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-overview

BitLocker at UMIACS

All of our supported personal office workstations as well all enterprise or base-supported laptops and home machines will have BitLocker enabled by UMIACS staff as part of each machine's install process.

Recovery Key Prompts

Ordinarily, no interaction should be required with BitLocker to keep it in a functional state. However, a few circumstances may lead to BitLocker detecting changes to the system boot information and prevent the computer from reaching Windows. This is by design.

Bitlocker-recovery.jpg

Some factors that may cause this (not exhaustive):

  • BIOS or firmware updates -- some manufacturer automatic driver update utilities include these by default - beware!
  • DVDs or USB drives inserted or plugged in during boot
  • Malware on the system

The first step should always be to disconnect any external devices and then power the machine off and back on. This ensures that the hardware configuration of the machine is the same as it was when UMIACS staff initially enabled BitLocker. If the prompt still pops up, please contact UMIACS staff for further troubleshooting.

Temporarily Suspending Bitlocker

In the event that you encounter the recovery screen above, after booting back into Windows, follow these steps to ensure the prompt does not appear on subsequent reboots. The first two steps can also be taken proactively if you know you will be making a change that affects BitLocker. (see above)

  1. Search for BitLocker in the Start menu and click on "Manage BitLocker".
    Bitlocker1.png
  2. Click "Suspend protection" on the Operating system drive and hit yes to the confirmation prompt.
    Bitlocker2.pngBitlocker3.png
  3. If you are doing something to the computer that would ordinarily trigger BitLocker recovery, perform that operation now. Then after you boot back into Windows, click "Resume protection".
    Bitlocker4.png
  4. BitLocker will resume and commit the current boot configuration.
    Bitlocker2.png