ksagarsee

We just ordered some new Dell D830 laptops for some of our staff that have Vista Ultimate on them, and I’m experiencing the wonders that are Bitlocker for the first time.

Bitlocker is super easy to set up.

1. In BIOS turn on the TPM chip on the motherboard.
2. Do Updates (make sure to get them from Microsoft, not from your system administrator if you use SCE or something like that) and get the Ultimate Extra Bitlocker Drive Preparation Tool which will get you rolling.
3. Run the Bitlocker Drive Preparation Tool which will create a partition that won’t get encrypted so the computer has something to boot from and activates the TPM chip on the motherboard.
4. Run Bitlocker it will save the Bitlocker password for you to a USB key, and you can print it off as well. (They recommend storing it in multiple locations AWAY from your computer).
5. Do the recommended system check where it will attempt to start the computer and read the USB key’s password you just saved there. It will reboot and make sure everything is good.
6. Bitlocker will run in the systray while it encrypts your drive. This takes a LONG time. Our laptops have 160gb hard drives, and it takes around 5 hours to encrypt them. But once it’s finished, you’re done!

    
    

   Ok, here’s where I give you some added info you won’t easily find on Microsoft’s website…

   I had to swap a hard drive into a different laptop (the original laptop had some hardware issues out of the box) and when I booted it, it asked for the USB key with the password, which is fine. I put it in, and it started right up. However, I rebooted again to test it, and yet again… it asked for the USB key. The TPM chip on the motherboard didn’t match the encryption on the hard drive. Dang it. So, here’s what I did after checking microsoft.com and not really getting a clear answer.

    
    

7. Run Bitlocker again, and choose Turn off Bitlocker. It will ask what you want to do, whether you want to decrypt the drive or just disable bitlocker… decrypt that sucker. This takes a while, but not as long as encryption.
8. You guessed it, Run Bitlocker and re-encrypt the drive. Is it faster the second time around? No. Of course not. That’s dumb.

    
    

   So lesson learned, don’t encrypt the drive until you know the computer is in good working order… cuz it takes all day to re-encrypt a hard drive.

    
    

    
    

    
    

This entry was posted on Friday, November 9th, 2007 at 1:50 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.