Using BitLocker to encrypt a Windows 8 device
1. Before BitLocker can be used to encrypt the portable device, the
Trusted Platform Module must be turned on via the BIOS. Boot the
device and press F2, F10, or the Del button (depending upon the BIOS manufacturer) before Windows launches. This will launch the BIOS. 2. Once the BIOS opens,
expand the Security tab in
the left-hand pane.
3. Select TPM Security from the Security submenu. The right-hand pane will now display the option to change the TPM Security setting to Off or On. Change it to On and hit the Enter key.
4. Select TPM Activation from the Security submenu. The right-hand pane will now display the option to change the TPM Activation setting to Deactivate or Activate.
Change it to Activate and
hit the Enter key.
5. Hit the ESC key to advance to the Exit screen. Change the Exit setting to Save/Exit and hit the Enter key.
Windows 8 will begin to boot.
6. Log in to Windows 8 using the device’s local administrator account. Once the Start screen is displayed, move the cursor into the top or
bottom right-hand corner to bring up the Search icon. Click on the Search icon.
Steps 2-4: In the BIOS, expand the Security tab and locate the TPM Security and the TPM Activation options.
Step 6: Place the cursor in a right-hand corner of the screen to open the toolbar, and then select Search.
7. The Search window pane will open. Type BitLocker in the Search Field. The search should return two hits on the Settings tab just below the Search field. Clicking on the Settings tab will display two options for BitLocker in the left-hand pane. Click on the BitLocker Drive
Encryption option.
Step 7: Type BitLocker in the Search field, then click on the Settings tab below the Search field. The BitLocker Drive Encryption option will appear in the left-hand pane. Click on it.
8. The BitLocker Drive Encryption console will open. Click the Turn On
BitLocker icon. BitLocker will check to see if the device meets its system
Step 8: Once the BitLocker Drive Encryption console opens, click the Turn on BitLocker button.
9. Once the verification is complete, the BitLocker Drive Encryption setup screen will open. Click Next.
10. Since BitLocker requires two partitions on the device’s hard drive, a notification will appear informing you that a second partition will be
created during this process. Click Next.
11. BitLocker will begin creating a second partition and preparing it for the encryption process. Once this process is complete, the device must be restarted. Click the Restart Now button.
12. Once the device reboots, log in to Windows 8 using the Administrator account. Click on the Desktop icon on the Start screen. You should now see the BitLocker console on the Desktop. Click the Next button to
advance to the Recovery Key screen.
Step 12: Once the device has restarted, click the Desktop icon on the Start screen. You will find that BitLocker has automatically resumed the setup process. Click Next.
13. A prompt will ask where a backup of the recovery key should be saved. Select the option that you prefer. It is recommended that the recovery key should be backed up on a USB thumb drive (You
SHOULD NOT print the recovery key). Insert a thumb drive into the
Step 13: Select the method that you prefer for backing up the recovery key. It is recommended that the backup recovery key is saved as a file on a USB thumb drive.
14. A Save As window will open and display the available drives on the device. Double-click on the thumb drive to open it. Clicking Save will
save a text file containing the recovery key on the thumb drive.
15. Important: Before you proceed, open the USB drive and confirm that
a text file was created with the recovery key. If the recovery key
backup is not successfully created there (or the USB drive is lost), you might be unable to access your encrypted device in the future.
Step 15: Before the encryption process begins, verify that the backup recovery key was successfully created on the USB thumb drive.
16. Once you have confirmed that a successful backup key was created on the USB drive, return to the BitLocker console and click Next. 17. Whole-disk encryption is recommended, so click the Encrypt entire
drive radio button and click Next.
18. Read the brief explanation of the encryption process. Be sure to place a
check in the box next to Run BitLocker system check. Click Continue
to begin the encryption process.
Step 18: Place a check in the "Run BitLocker system check" box and then click Continue to begin the encryption process.
19. A message will appear that says a restart is required to begin the encryption process. Restart the device and log into Windows 8 using the Administrator account.
20. Once the Start screen appears, click on the Desktop icon to go to the Desktop. A message will appear at the bottom of the desktop, stating that the encryption process has started. This process could take several hours, depending on the size of the hard drive being encrypted.
Step 20: After the device has been restarted, return to the Desktop. You will receive a notification that the encryption process has begun.
21. To check the progress of the encryption process, repeat Step 7 to open the BitLocker Drive Encryption console. If the device is still in the process of being encrypted, you will see a BitLocker Encrypting message in the middle of the console. Once the encryption process is over, this message will change to BitLocker On.