ITS

Information Technology Services
Information Technology Services

Windows 7 BitLocker Encryption (Desktop and laptops)

TPM + PIN Tutorial

Applies to Window 7 Pro and Windows 7 Enterprise 

Note: Your system must meet the minimum system requirements.


Congratulations! You have encrypted your hard drive. Remember to keep your recovery key safe and secure. Do not store it with your computer.

  1. To enable the use of TPM + PIN you must modify the local group policy using the Local Group Policy Editor. Go to the start screen and type GPedit.msc then click on the icon to launch it. The following window will appear after you launch GPedit.msc.
    GPedit001
  2. Below Computer Configuration, select Administrative Templates, Windows Components, BitLocker Drive Encryption, then click on Operating System Drives.  Now on the right side of the screen, double-click "Require additional authentication at startup".
    new-seven.png
  3. You are now modifying the OS BitLocker policy. Select Enabled and make sure Configure TPM startup PIN: is set to "Allow startup PIN with TPM". Ignore the rest of this policy, click Apply and OK. Close the Policy Editor.
    GPedit005-2
  4. To turn on BitLocker:
    • Click Start
    • Select Control Panel
    • From the View by: (top right) dropdown menu, select Small icons

    control panel

  5. Click on BitLocker Drive Encryption 
    control panel select bitlocker
  6. BitLocker Drive Encryption will open
    • Select Turn on BitLocker
    • BitLocker will initialize and check for system requirements.
    • It may want to reboot once or twice.

    bitlocker settings

  7. If you computer does NOT have a TPM Module, it will prompt you to use a USB flash drive.
  8. If you have a TPM, you will instead have an option to Enter a PIN which is ITServices recommended setup
    • Click Enter a PIN (recommended)

    bitlocker wizard screen

  9. The Enter a PIN screen will open
    • Enter your PIN
    • Re-enter you PIN (Do not copy and paste - if you made a mistake originally, you will be confirming the mistake without knowing it)
    • Click the Set PIN button

    bitlocker wizard pin

  10. The How do you want to back up your recovery key? screen will open.  Very Important:  BitLocker will prompt you to save the Security Recovery Key to a USB flash drive, or to a file, or to print the recovery key.
    • Do not  save the Recovery Key to a file on your hard drive. Save it somewhere else or print it.
    • You will need the Recovery Key if your computer ever has a problem. 
    • Make your selection and click the Next button

    bitlocker wizard

  11. BitLocker now asks Are you ready to encrypt the drive?
    • Enable the Run BitLocker system check
    • Click the Continue button 

    bitlocker key

  12. A system restart is now required,
    • Click the Restart now button and let the system reboot. 

    restart computer

  13. After rebooting, the Full Hard Drive Encryption process has begun. It will take about an hour to complete this. 
    • You may use your computer while this is occurring but it will run slowly until completed.
    • The encryption process is stopped if your computer goes to sleep, hibernates or is shutdown. 
    • The encryption process will restart once you power up your computer again.
    • When BitLocker finishes encrypting the drive, it may not display any message but the hard drive light should stop flashing constantly.

    tooltip