{"id":10145,"date":"2018-06-28T17:10:17","date_gmt":"2018-06-28T17:10:17","guid":{"rendered":"https:\/\/www.uvm.edu\/it\/dev\/kb\/?post_type=ht_kb&#038;p=10145"},"modified":"2024-10-14T10:03:36","modified_gmt":"2024-10-14T14:03:36","slug":"bitlocker-encryption","status":"publish","type":"ht_kb","link":"https:\/\/www.uvm.edu\/it\/dev\/kb\/article\/bitlocker-encryption\/","title":{"rendered":"BitLocker Encryption"},"content":{"rendered":"<p><a href=\"https:\/\/kb.helpline.w3.uvm.edu\/wp-content\/uploads\/2018\/06\/bitlocker-lock-icon.png\" rel=\"lightbox-0\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-10169\" src=\"https:\/\/kb.helpline.w3.uvm.edu\/wp-content\/uploads\/2018\/06\/bitlocker-lock-icon.png\" alt=\"\" width=\"100\" height=\"100\" srcset=\"https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-content\/uploads\/2018\/06\/bitlocker-lock-icon.png 300w, https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-content\/uploads\/2018\/06\/bitlocker-lock-icon-150x150.png 150w, https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-content\/uploads\/2018\/06\/bitlocker-lock-icon-50x50.png 50w, https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-content\/uploads\/2018\/06\/bitlocker-lock-icon-60x60.png 60w, https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-content\/uploads\/2018\/06\/bitlocker-lock-icon-100x100.png 100w\" sizes=\"auto, (max-width: 100px) 100vw, 100px\" \/><\/a>BitLocker is a volume encryption feature of Windows. Paired with the Microsoft BitLocker Administration and Monitoring (MBAM) software, this feature meets the requirement of the UVM Information Security policy for encryption of all laptops.<\/p>\n<h3>Prerequisites<\/h3>\n<p>To use UVM\u2019s BitLocker services, the following requirements must be met:<\/p>\n<ul>\n<li>The computer must be joined to the Campus Active Directory domain or UVM&#8217;s Microsoft Entra ID tenant.<\/li>\n<li>The operating system must be Enterprise editions of Windows 10 or Windows 11.<\/li>\n<li>The Trusted Platform Module (TPM) must be enabled.<\/li>\n<\/ul>\n<p>If the computer was set up by the Tech Team, a support hub, or the UVM Bookstore, and the above requirements were met at that time, BitLocker Drive Encryption should be enabled by default.\u00a0 If not, it can be turned on manually using the steps below.<\/p>\n    \t\t<div class=\"hts-toggle  \"  >\r\n    \t\t\t<div class=\"hts-toggle__title\"><h3>Enable\/Activate TPM<\/h3><\/div>\r\n    \t\t\t<div class=\"hts-toggle__content\">\r\n    \t\t\t\t<div class=\"hts-toggle__contentwrap\">\r\n    \t\t\t\t\t<\/p>\n<ol>\n<li>While booting, tap the\u00a0<strong>F2<\/strong>\u00a0key\u00a0(Dell machines) to enter BIOS.<\/li>\n<li>Navigate to &#8220;Security&#8221;, then select &#8220;<strong>TPM Security<\/strong>&#8220;.<\/li>\n<li>Ensure that &#8220;TPM Security&#8221; is checked, and &#8220;Activated&#8221;.<\/li>\n<li>Save any changes you made and reboot the machine.<\/li>\n<\/ol>\n<p><a href=\"http:\/\/blog.uvm.edu\/helpline-tech\/files\/2013\/11\/tpm.jpg\" rel=\"lightbox-1\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4775\" src=\"http:\/\/blog.uvm.edu\/helpline-tech\/files\/2013\/11\/tpm.jpg\" alt=\"tpm\" width=\"635\" height=\"395\" \/><\/a><\/p>\n<p>\n    \t\t\t\t<\/div>\r\n    \t\t\t<\/div><!-- \/ht-toggle-content -->\r\n    \t\t<\/div>\r\n    \t\t\n    \t\t<div class=\"hts-toggle  \"  >\r\n    \t\t\t<div class=\"hts-toggle__title\"><h3>Install the MBAM client<\/h3><\/div>\r\n    \t\t\t<div class=\"hts-toggle__content\">\r\n    \t\t\t\t<div class=\"hts-toggle__contentwrap\">\r\n    \t\t\t\t\t<\/p>\n<p>We are using the <strong>Microsoft BitLocker Administration and Monitoring<\/strong> software to provide additional capabilities for our clients and support staff. Machines imaged with LiteTouch will install the MBAM client automatically.<\/p>\n<ol>\n<li>Log in to the machine using UVM credentials. Local account credentials will not work.<\/li>\n<li>The MBAM client is available at the following UNC path:\u00a0<strong><span class=\"s1\">\\\\files.uvm.edu\\shared\\software\\management\\BitLocker\\MBAMClient<\/span><\/strong><\/li>\n<li>Install the 32-bit or 64-bit version as appropriate. When the installer completes, reboot the machine.<\/li>\n<li>Make sure the machine has an active network connection. Within 90 minutes of reboot, you should be prompted to encrypt your drive.\n<div class=\"hts-messages hts-messages--info   hts-messages--withicon \"   >\n<p>\n    \t\t\t\t\tIf you want to jump-start the process, navigate to &#8220;C:\\Program Files\\Microsoft\\MDOP MBAM\\&#8221;, and launch the\u00a0&#8220;<strong>MBAMClientUI.exe<\/strong>&#8221; program.    \t\t\t\t<\/p>\n<\/p><\/div>\n<p><!-- \/.ht-shortcodes-messages -->\n    \t\t<\/li>\n<li>Accept the licensing terms.<a href=\"http:\/\/blog.uvm.edu\/helpline-tech\/files\/2013\/11\/How-to-BitLocker-installation1.jpg\" rel=\"lightbox-2\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4733\" src=\"http:\/\/blog.uvm.edu\/helpline-tech\/files\/2013\/11\/How-to-BitLocker-installation1.jpg\" alt=\"How-to - BitLocker installation1\" width=\"563\" height=\"398\" \/><\/a><\/li>\n<li>&#8220;<strong>Start<\/strong>&#8221; the encryption process.<a href=\"http:\/\/blog.uvm.edu\/helpline-tech\/files\/2013\/11\/How-to-BitLocker-installation2.jpg\" rel=\"lightbox-3\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4734\" src=\"http:\/\/blog.uvm.edu\/helpline-tech\/files\/2013\/11\/How-to-BitLocker-installation2.jpg\" alt=\"How-to - BitLocker installation2\" width=\"508\" height=\"357\" \/><\/a><\/li>\n<li>The drive will begin encrypting and display the progress. This window may be closed without disrupting the encrypting process.<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4735\" src=\"http:\/\/blog.uvm.edu\/helpline-tech\/files\/2013\/11\/How-to-BitLocker-installation3.jpg\" alt=\"How-to - BitLocker installation3\" width=\"660\" height=\"511\" \/><\/li>\n<li>Once encryption has begun, you can put your computer to sleep, shut it down, or restart it; the encryption process will resume when you restart or wake the device. When encryption has finished, the icon for the encrypted volume will change in Windows Explorer:<a href=\"http:\/\/blog.uvm.edu\/helpline-tech\/files\/2013\/11\/How-to-BitLocker-installation4.jpg\" rel=\"lightbox-4\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4736\" src=\"http:\/\/blog.uvm.edu\/helpline-tech\/files\/2013\/11\/How-to-BitLocker-installation4.jpg\" alt=\"How-to - BitLocker installation4\" width=\"526\" height=\"72\" \/><\/a><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<div class=\"hts-messages hts-messages--alert   hts-messages--withicon \"   >\n<p>\n    \t\t\t\t\tDuring the encryption process your hard drive may display as full. This is normal behavior, the available space of your hard drive will return to normal when the encryption process completes.    \t\t\t\t<\/p>\n<\/p><\/div>\n<p><!-- \/.ht-shortcodes-messages -->\n    \t\t<\/p>\n<p>\n    \t\t\t\t<\/div>\r\n    \t\t\t<\/div><!-- \/ht-toggle-content -->\r\n    \t\t<\/div>\r\n    \t\t\n    \t\t<div class=\"hts-toggle  \"  >\r\n    \t\t\t<div class=\"hts-toggle__title\"><h3>Patch the MBAM Client <\/h3><\/div>\r\n    \t\t\t<div class=\"hts-toggle__content\">\r\n    \t\t\t\t<div class=\"hts-toggle__contentwrap\">\r\n    \t\t\t\t\t<\/p>\n<p>Starting with Windows 10 version 1909 and later, a MBAM client patch may be required for it to work correctly. If you are consistently getting a message stating that your drive failed to encrypt, follow the instructions below.<br \/>\n<a href=\"https:\/\/www.uvm.edu\/it\/kb\/wp-content\/uploads\/2018\/06\/MBAM_failed_to_encrypt.jpg\" rel=\"lightbox-5\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-21539\" src=\"https:\/\/www.uvm.edu\/it\/kb\/wp-content\/uploads\/2018\/06\/MBAM_failed_to_encrypt.jpg\" alt=\"\" width=\"454\" height=\"251\" srcset=\"https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-content\/uploads\/2018\/06\/MBAM_failed_to_encrypt.jpg 765w, https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-content\/uploads\/2018\/06\/MBAM_failed_to_encrypt-300x166.jpg 300w, https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-content\/uploads\/2018\/06\/MBAM_failed_to_encrypt-50x28.jpg 50w, https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-content\/uploads\/2018\/06\/MBAM_failed_to_encrypt-60x33.jpg 60w, https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-content\/uploads\/2018\/06\/MBAM_failed_to_encrypt-100x55.jpg 100w\" sizes=\"auto, (max-width: 454px) 100vw, 454px\" \/><\/a><\/p>\n<ol>\n<li>Login to the machine using DOMAIN credentials. Local account credentials will not work.<\/li>\n<li>The MBAM patch is available at the following UNC path: <strong><span class=\"s1\">\\\\files.uvm.edu\\shared\\software\\management\\BitLocker\\May 2019 Servicing Release<\/span><\/strong><\/li>\n<li>Install the 32-bit or 64-bit version as appropriate. When the installer completes, reboot the machine.<\/li>\n<\/ol>\n<p>\n    \t\t\t\t<\/div>\r\n    \t\t\t<\/div><!-- \/ht-toggle-content -->\r\n    \t\t<\/div>\r\n    \t\t\n    \t\t<div class=\"hts-toggle  \"  >\r\n    \t\t\t<div class=\"hts-toggle__title\"><h3>BIOS updates on BitLocker Encrypted drives<\/h3><\/div>\r\n    \t\t\t<div class=\"hts-toggle__content\">\r\n    \t\t\t\t<div class=\"hts-toggle__contentwrap\">\r\n    \t\t\t\t\t<\/p>\n<p>It is recommended that you backup data before attempting BIOS updates. Please ensure data has been backed up before proceeding.<\/p>\n<ol>\n<li>Login to the machine as an Administrator. (Use a *.tech account or other local Administrator)<\/li>\n<li>Open a PowerShell window as Administrator.<\/li>\n<li><strong>Disable<\/strong>\u00a0BitLocker protectors with the following command:\n<pre>manage-bde -protectors c: -disable<\/pre>\n<\/li>\n<li>Install the BIOS update.<\/li>\n<li>When the BIOS update completes, log in to the machine as an administrator and run the following command to re-enable the BitLocker protectors:\n<pre>manage-bde -protectors c: -enable<\/pre>\n<\/li>\n<li>You can confirm that the protectors have been re-enabled by running:\n<pre>manage-bde \u2013protectors c: -get<\/pre>\n<\/li>\n<\/ol>\n<p>\n    \t\t\t\t<\/div>\r\n    \t\t\t<\/div><!-- \/ht-toggle-content -->\r\n    \t\t<\/div>\r\n    \t\t\n","protected":false},"excerpt":{"rendered":"<p>BitLocker is a volume encryption feature of Windows. Paired with the Microsoft BitLocker Administration and Monitoring (MBAM) software, this feature meets the requirement of the UVM Information Security policy for encryption of all laptops. Prerequisites To use UVM\u2019s BitLocker services, the following requirements must be met: The computer must be&#8230;<\/p>\n","protected":false},"author":41,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","meta":{"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","footnotes":""},"ht-kb-category":[278,270],"ht-kb-tag":[],"class_list":["post-10145","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-for-it-professionals","ht_kb_category-security"],"_links":{"self":[{"href":"https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-json\/wp\/v2\/ht-kb\/10145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-json\/wp\/v2\/comments?post=10145"}],"version-history":[{"count":36,"href":"https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-json\/wp\/v2\/ht-kb\/10145\/revisions"}],"predecessor-version":[{"id":30083,"href":"https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-json\/wp\/v2\/ht-kb\/10145\/revisions\/30083"}],"wp:attachment":[{"href":"https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-json\/wp\/v2\/media?parent=10145"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-json\/wp\/v2\/ht-kb-category?post=10145"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/www.uvm.edu\/it\/dev\/kb\/wp-json\/wp\/v2\/ht-kb-tag?post=10145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}