BitLocker: Difference between revisions

From UMIACS
Jump to navigation Jump to search
(Created page with "==Overview== BitLocker Drive Encryption is a data protection feature available from Microsoft starting in Windows 7. Having BitLocker integrated with the operating system addr...")
 
No edit summary
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
''See also'': [[BitLocker/PersonalUse]] if you want to secure an external hard drive with BitLocker.
==Overview==
==Overview==
BitLocker Drive Encryption is a data protection feature available from Microsoft starting in Windows 7. Having BitLocker integrated with the operating system addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
BitLocker Drive Encryption is a data protection feature available in all modern versions of Windows. Having BitLocker integrated with the operating system addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.


Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software-attack tool against it or by transferring the computer's hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.
Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software-attack tool against it or by transferring the computer's hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.
Line 7: Line 9:


==BitLocker at UMIACS==
==BitLocker at UMIACS==
All of our Business Office desktops as well as our [[Windows/LaptopSupport#UMIACS_Enterprise_Laptop_Support | Enterprise supported laptops]] will have BitLocker enabled by UMIACS staff as part of each machine's install process.
All of our Business Office desktops as well as our [[Windows/LaptopSupport#UMIACS_Enterprise_Laptop_Support | Enterprise supported laptops and home machines]] will have BitLocker enabled by UMIACS staff as part of each machine's install process.


===Recovery Key Prompts===
===Recovery Key Prompts===
Ordinarily, no interaction should be required with BitLocker to keep it in a functional state. However, a few circumstances may lead to BitLocker detecting changes to the system boot information and prevent the computer from reaching Windows. This is by design.
Ordinarily, no interaction should be required with BitLocker to keep it in a functional state. However, a few circumstances may lead to BitLocker detecting changes to the system boot information and prevent the computer from reaching Windows. This is by design.
[[File:Bitlocker-recovery.jpg|400px]]


Some factors that may cause this (not exhaustive):
Some factors that may cause this (not exhaustive):
* BIOS updates -- '''some manufacturer automatic driver update utilities include these by default - beware!'''
* BIOS or firmware updates -- '''some manufacturer automatic driver update utilities include these by default - beware!'''
* External DVD or USB drives plugged in during boot
* DVDs or USB drives inserted or plugged in during boot
* Malware on the system
* Malware on the system


The first step should always be to disconnect any external devices and then power the machine off and back on. This ensures that the hardware configuration of the machine is the same as it was when UMIACS staff initially enabled BitLocker. If the prompt still pops up, please contact UMIACS staff for further troubleshooting.
The first step should always be to disconnect any external devices and then power the machine off and back on. This ensures that the hardware configuration of the machine is the same as it was when UMIACS staff initially enabled BitLocker. If the prompt still pops up, please contact UMIACS staff for further troubleshooting.
===Temporarily Suspending Bitlocker===
In the event that you encounter the recovery screen above, after booting back into Windows, follow these steps to ensure the prompt does not appear on subsequent reboots. The first two steps can also be taken proactively if you know you will be making a change that affects BitLocker. (see above)
# Search for BitLocker in the Start menu and click on "Manage BitLocker".
#: [[File:Bitlocker1.png|300px]]
# Click "Suspend protection" on the Operating system drive and hit yes to the confirmation prompt.
#: [[File:Bitlocker2.png|300px]][[File:Bitlocker3.png|300px]]
# If you are doing something to the computer that would ordinarily trigger BitLocker recovery, perform that operation now. Then after you boot back into Windows, click "Resume protection".
#: [[File:Bitlocker4.png|300px]]
# BitLocker will resume and commit the current boot configuration.
#: [[File:Bitlocker2.png|300px]]

Revision as of 18:27, 9 September 2020

See also: BitLocker/PersonalUse if you want to secure an external hard drive with BitLocker.

Overview

BitLocker Drive Encryption is a data protection feature available in all modern versions of Windows. Having BitLocker integrated with the operating system addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.

Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software-attack tool against it or by transferring the computer's hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.

Official Microsoft documentation can be found at https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-overview

BitLocker at UMIACS

All of our Business Office desktops as well as our Enterprise supported laptops and home machines will have BitLocker enabled by UMIACS staff as part of each machine's install process.

Recovery Key Prompts

Ordinarily, no interaction should be required with BitLocker to keep it in a functional state. However, a few circumstances may lead to BitLocker detecting changes to the system boot information and prevent the computer from reaching Windows. This is by design.

Bitlocker-recovery.jpg

Some factors that may cause this (not exhaustive):

  • BIOS or firmware updates -- some manufacturer automatic driver update utilities include these by default - beware!
  • DVDs or USB drives inserted or plugged in during boot
  • Malware on the system

The first step should always be to disconnect any external devices and then power the machine off and back on. This ensures that the hardware configuration of the machine is the same as it was when UMIACS staff initially enabled BitLocker. If the prompt still pops up, please contact UMIACS staff for further troubleshooting.

Temporarily Suspending Bitlocker

In the event that you encounter the recovery screen above, after booting back into Windows, follow these steps to ensure the prompt does not appear on subsequent reboots. The first two steps can also be taken proactively if you know you will be making a change that affects BitLocker. (see above)

  1. Search for BitLocker in the Start menu and click on "Manage BitLocker".
    Bitlocker1.png
  2. Click "Suspend protection" on the Operating system drive and hit yes to the confirmation prompt.
    Bitlocker2.pngBitlocker3.png
  3. If you are doing something to the computer that would ordinarily trigger BitLocker recovery, perform that operation now. Then after you boot back into Windows, click "Resume protection".
    Bitlocker4.png
  4. BitLocker will resume and commit the current boot configuration.
    Bitlocker2.png