De La Salle University

Information Technology Services Office

Windows 10 Bitlocker Encryption (User Guide for Personally-Owned Computers) Overview BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. Requirement 1. Windows 10 Professional or Enterprise edition. Not available on Windows Home edition. 2. Computer must be equipped with a Trusted Platform Module (TPM) chip. 3. For computers that does not support TPM. See additional guide to enable Bitlocker without TPM

Procedure I. Check if device has a TPM chip 1. In the search box on the taskbar, type Device Manager and then select it from the list of results 2. Expand Security devices. If you have a TPM chip, one of the items should read Trusted Platform Module with the version number. If this is not available in the Device Manager, try to look in the BIOS and enable it. 3. If your device has TPM, proceed to Procedure III. 4. If not, do the additional configuration on Procedure II.

1

De La Salle University

Information Technology Services Office

II. Enable Bitlocker without a compatible TPM 1. Use the Windows key + R keyboard shortcut to open the Run command 2. Type gpedit.msc, and click OK. 3. Under Computer Configuration, expand Administrative Templates. 4. Expand Windows Components. 5. Expand BitLocker Drive Encryption and Operating System Drives. 6. On the right side, double-click Require additional authentication at startup. 7. Select Enabled.

2

De La Salle University

Information Technology Services Office

8. Make sure to check the "Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)" option. 9. Click OK to complete this process.

3

De La Salle University

Information Technology Services Office

III. Turn on Bitlocker on the Operating System drive 1. In the search box on the taskbar, type Manage BitLocker and then select it from the list of results 2. Under BitLocker Drive Encryption, click Turn on BitLocker

4

De La Salle University

Information Technology Services Office

3. Choose Enter a password to unlock your drive during startup.

5

De La Salle University

Information Technology Services Office

4. Enter a password that you'll use every time you boot Windows 10 to unlock the drive, and click Next to continue. (To create a strong password mix uppercase, lowercase, numbers, and symbols on your password)

6

De La Salle University

Information Technology Services Office

5. You will be given the choices to save a recovery key to regain access to your files in case you forget your password. Click Save to a file.

7

De La Salle University

Information Technology Services Office

6. Locate your Google Drive File Stream to back up your recovery key. Save it inside My Drive folder.

8

De La Salle University

Information Technology Services Office

7. Select the encryption option that best suits your scenario. For this guide, we will assume that the device is new and will be use for the first time. a. Encrypt used disk space only (faster and best for new PCs and drives) b. Encrypt entire drive (slower but best for PCs and drives already in use)

9

De La Salle University

Information Technology Services Office

8. Choose between the two encryption options: a. New encryption mode (best for fixed drives on this device) b. Compatible mode (best for drives that can be moved from this device) 9. Click Next to continue.

10

De La Salle University

Information Technology Services Office

10. Make sure to check the Run BitLocker system check option, and click Continue.

11

De La Salle University

Information Technology Services Office

11. Finally, restart your computer to begin the encryption process. 12. On reboot, BitLocker will prompt you to enter your encryption password to unlock the drive. Type the password and press Enter.

12

De La Salle University

Information Technology Services Office

13. After rebooting, you'll notice that your computer will quickly boot to the Windows 10 desktop. However, if you go to Manage Bitlocker, you'll see that BitLocker is still encrypting your drive. Depending on the option you selected and the size of the drive, this process can take a long time, but you'll still be able to work on your computer.

13

De La Salle University

Information Technology Services Office

14. Once the encryption process completes, the drive level should read BitLocker on.

You can also apply Bitlocker encryption on your partition drive (if any) and on your external storage devices like flash drive and external HDD.

Last Update: July2020

14