Securing Your Windows Device
ENCRYPTING MICROSOFT WINDOWS
皇家华人 recommends using BitLocker encryption on all current versions of Windows that support it. Home Editions of Windows do not support BitLocker and are not recommended for use at 皇家华人. Faculty, staff and students can obtain low or no cost upgrades to Windows through 皇家华人's agreements with Microsoft.
BITLOCKER ENCRYPTION
The following directions are for installing BitLocker encryption on Windows 8.
BitLocker Installation
- Begin by opening the control panel and selecting BitLocker Drive Encryption.
- When the new window opens, click on Turn on BitLocker.
- If you receive a Trusted Platform Module error as pictured below, follow the steps
in the section 鈥楨nabling Additional Authentication Method (no TPM)' below. . If no
error, proceed with the next step.
- A new window will pop-up with a green status bar. Once that completes, it will ask
how you want to save your recovery key. This recovery key is vitally important, if
you forget your password and do not have access to this key, there is no way to access
your hard drive or any files stored on it. Your 皇家华人 account is a Microsoft Account,
saving it there is suggested. If you save it to a file, make sure to copy it to a
location that is secure, but not on the BitLocker protected disk. Printing a copy
and placing it in a secure location, such as a safety deposit box, is also acceptable.
- The next window asks to choose how much of your drive to encrypt. Select Encrypt Entire Drive, then hit Next. Selecting any other option will not be compliant with 皇家华人 policy.
- The next window asks, 鈥淎re you ready to encrypt this drive?鈥. Select Run BitLocker system check and click Continue. Your computer needs to restart now, click Restart Now.
- After the computer restarts, it will automatically start encrypting the drive. This can take a few hours up to 12 or more, depending on the size of the hard drive and speed of the computer. You can check the encryption status with the System Tray icon.
Enabling Additional Authentication Method (no TPM)
If attempting to enable BitLocker results in an error that the drive cannot use a Trusted Platform Module, follow these steps to enable additional authentication, and then start over with the BitLocker installation.
- To override this error, open a search window by placing your mouse in the bottom right corner of the screen and clicking on the magnifying glass at the top of the pop-up menu.
- Enter 鈥済pedit.msc鈥 into the search bar. In the left pane, click on the application
gpedit.
- In the left pane of the gpedit window, click on the arrow to expand the Administrative Templates folder, then the arrow to expand the Windows Components folder, then the arrow to expand the BitLocker Drive Encryption folder and select the Operating System Drives folder.
- In the right pane, double the Require Additional Authentication at Startup item.
- When the settings window opens, select Enabled and then click OK.
- Close the gpedit window and return to the BitLocker Installation section at the top of this page and start over with the BitLocker Installation.