Difference between revisions of "Bitlocker"
| [quality revision] | [quality revision] |
| Line 6: | Line 6: | ||
| − | + | Bitlocker is a Windows feature that encrypts data on disks. At DTU Compute only local (internal) disks will be encrypted (i.e. C :). Encryption protects your data against unauthorized access in the event of theft or loss of hardware. | |
| − | =Which computers are | + | =Which computers are encrypted with Bitlocker?= |
| − | Only laptops installed at DTU Compute IT support will have Bitlocker | + | Only laptops installed at DTU Compute IT support will have Bitlocker enabled. Laptops installed before February XX, 2021 will not automatically have Bitlocker enabled. |
| − | If "DTU Software Center" is found in the Start menu, | + | If "DTU Software Center" is found in the Start menu, Bitlocker can be manually enabled by IT support on demand. If there is no "DTU Software Center", the laptop must be reinstalled before Bitlocker can be enabled. |
| − | =How | + | =How to check if Bitlocker is enabled or encrypting?= |
| − | If Bitlocker encryption has not | + | If the Bitlocker encryption has not been completed when the laptop is received from the IT support staff, the encryption should start within 2 hours, but only if you log in on campus or connect to the DTU network via VPN. |
| − | The encryption process | + | The encryption process starts automatically without user interaction. You should not experience any changes, but you may see a temporary message in a pop-up window or in the Message Center. |
The encryption does not require the laptop to be connected to the network once it has commenced. | The encryption does not require the laptop to be connected to the network once it has commenced. | ||
| Line 28: | Line 28: | ||
| − | + | During Bitlocker encryption, you will be able to work normally. If the computer is powered off or enters sleep mode during the encryption process, the next time you turn on the computer and log in, the process will resume. | |
| − | If you | + | If you don't know if Bitlocker is already enabled on your laptop, you can open "This PC" and check the padlock icon on the C: drive. If it exists, it means the drive is encrypted. |
| Line 36: | Line 36: | ||
| − | You can check the status of the encryption process in | + | You can check the status of the encryption process in Control Panel → Bitlocker Drive Encryption. |
| Line 44: | Line 44: | ||
| − | If | + | If when you start your laptop, you are prompted with the "Bitlocker Recovery" screen and the message "Enter the recovery key for this drive" is displayed, then you need to contact IT support to obtain the recovery password. |
| − | After entering the password, you should be able to boot normally. After booting and logging in, | + | After entering the password, you should be able to boot normally. After booting and logging in, the computer should be restarted to ensure that the Bitlocker Recovery screen does not appear the second time. |
If it does, this could indicate a problem with your laptop's configuration that should be addressed by IT support. | If it does, this could indicate a problem with your laptop's configuration that should be addressed by IT support. | ||
==Recovery screen instructions== | ==Recovery screen instructions== | ||
| − | # Contact DTU Compute IT support from another device or phone. You will be asked | + | # Contact DTU Compute IT support from another device or phone. You will be asked to provide the first 8 charactersof the Recovery Key ID displayed on the screen and your DTU login name. |
| − | # IT support will retrieve the 48 | + | # IT support will retrieve the 48-character recovery key, which must be typed in the text box on the "Recovery" screen. |
| − | # You should be able to | + | # You should be able to start Windows. Restart the laptop to ensure that the Bitlocker recovery screen does not appear a second time. |
| − | + | ||
| − | # After logon go to Control Panel | + | In some cases, these steps are also required, but it's best to follow them every time just to be sure: |
| − | # Click "Suspend | + | # After logon go to Control Panel → BitLocker Drive Encryption |
| − | # Click "Yes" to the "Do you want to suspend BitLocker protection?" | + | # Click on "Suspend Protection" |
| − | # Click | + | # Click "Yes" to the "Do you want to suspend BitLocker protection?" Now wait a few minutes |
| + | # Click on "Resume protection" to update BitLocker TPM. | ||
| Line 64: | Line 65: | ||
| − | =What causes Bitlocker to | + | =What causes Bitlocker to request the recovery key?= |
| − | + | There may be many reasons, such as hardware changes, BIOS changes (i.e. disabling secure boot), motherboard replacement, malware attacks, hard drive crashes, system crashes, or the program believes that data may be attacked. | |
[[Category:DTU]] | [[Category:DTU]] | ||
Revision as of 11:29, 18 February 2021
UNDER CONSTRUCTION
Bitlocker is a Windows feature that encrypts data on disks. At DTU Compute only local (internal) disks will be encrypted (i.e. C :). Encryption protects your data against unauthorized access in the event of theft or loss of hardware.
Contents
Which computers are encrypted with Bitlocker?
Only laptops installed at DTU Compute IT support will have Bitlocker enabled. Laptops installed before February XX, 2021 will not automatically have Bitlocker enabled.
If "DTU Software Center" is found in the Start menu, Bitlocker can be manually enabled by IT support on demand. If there is no "DTU Software Center", the laptop must be reinstalled before Bitlocker can be enabled.
How to check if Bitlocker is enabled or encrypting?
If the Bitlocker encryption has not been completed when the laptop is received from the IT support staff, the encryption should start within 2 hours, but only if you log in on campus or connect to the DTU network via VPN.
The encryption process starts automatically without user interaction. You should not experience any changes, but you may see a temporary message in a pop-up window or in the Message Center.
The encryption does not require the laptop to be connected to the network once it has commenced.
During Bitlocker encryption, you will be able to work normally. If the computer is powered off or enters sleep mode during the encryption process, the next time you turn on the computer and log in, the process will resume.
If you don't know if Bitlocker is already enabled on your laptop, you can open "This PC" and check the padlock icon on the C: drive. If it exists, it means the drive is encrypted.
You can check the status of the encryption process in Control Panel → Bitlocker Drive Encryption.
Bitlocker recovery screen
If when you start your laptop, you are prompted with the "Bitlocker Recovery" screen and the message "Enter the recovery key for this drive" is displayed, then you need to contact IT support to obtain the recovery password.
After entering the password, you should be able to boot normally. After booting and logging in, the computer should be restarted to ensure that the Bitlocker Recovery screen does not appear the second time.
If it does, this could indicate a problem with your laptop's configuration that should be addressed by IT support.
Recovery screen instructions
- Contact DTU Compute IT support from another device or phone. You will be asked to provide the first 8 charactersof the Recovery Key ID displayed on the screen and your DTU login name.
- IT support will retrieve the 48-character recovery key, which must be typed in the text box on the "Recovery" screen.
- You should be able to start Windows. Restart the laptop to ensure that the Bitlocker recovery screen does not appear a second time.
In some cases, these steps are also required, but it's best to follow them every time just to be sure:
- After logon go to Control Panel → BitLocker Drive Encryption
- Click on "Suspend Protection"
- Click "Yes" to the "Do you want to suspend BitLocker protection?" Now wait a few minutes
- Click on "Resume protection" to update BitLocker TPM.
What causes Bitlocker to request the recovery key?
There may be many reasons, such as hardware changes, BIOS changes (i.e. disabling secure boot), motherboard replacement, malware attacks, hard drive crashes, system crashes, or the program believes that data may be attacked.
