BitLocker’d up

To the famous Diana Ross tune I’m Coming Out*

I’m BitLocker’d up,

I want the world to know,

Got to let it show,

I’m BitLocker’d up,

I want the world to know,

Got to let it show…

I don’t know why it took me so long to get started. My new laptop has a TPM chip in it, and even though it doesn’t contain any customer data on it, it deserves to be encrypted. And so, this morning I went into Control Panel and set BitLocker encryption. It was an incredibly easy process. To demonstrate, here’s the four things I had to do:

  • imageIn Control Panel, go into Security

  • Then I chose BitLocker Drive Encryption

  • I then had to reboot and tell my PC that I really did want BitLocker to control my TPM chip (ie press “Y”)

  • And then finally to store my BitLocker “password” on a USB stick (which is now carefully locked away, and not stored in my laptop bag!)

imageAnd for four hours, this message moved across my screen while I continued working

And that’s it. I’ve now got a fully encrypted laptop, with an encryption system certified by the CESG (The Govt’s National Technical Authority for Information Assurance).

Having read that last week’s data loss could be up to 1.7 million people’s records (is anybody keeping a count?), then I will sleep easier..

Want to use BitLocker yourself?

  1. Make sure you’ve got Windows 7 Enterprise (or Windows Vista Business or Enterprise version)

  2. Preferably choose a computer with a TPM chip

  3. Prepare the machine (there’s a techie stage involved, which all of our laptops have done to them before they leave the Lenovo factory)

  4. Get BitLocker’d up… (catchy tune still in your head?)

(And if you just want to BitLocker an USB memory stick, to protect some data being transported, read Jerry’s BitLocker instructions here)

* Note to self: If Diana Ross song leads in wrong direction, I might have to disable comments on this post!

Comments (2)

  1. ThomMck says:

    As far as I’m aware Bitlocker is not available to Vista Business user, only Ultimate & Enterprise (

    I wholeheartedly agree with you though. It is such a simple process I can’t understand why it isn’t more commonplace to do this within any business (government or otherwise)as standard rollout procedure

  2. Ray Fleming says:

    Hi Thommck

    The trick is to buy the right licence at the point you get your computer, or upgrade, as BitLocker is part of Software Assurance.

    I’ve tried to simplify the steps on this blog post:

    (And I agree entirely with the comment about the fact that this should just be standard practice on a rollout – it is much easier to do it at install time – mainly because it saves time, and you can be absolutely sure you’ve got secure laptops all over the school)