Information Technology Services
Information Technology Services

Windows 8.1 BitLocker Encryption (Desktop and laptops)

TPM + PIN Tutorial

Applies to Window 8.1 Pro and Windows 8.1 Enterprise 

Note: Your system must meet the minimum system requirements.

Congratulations! You have encrypted your hard drive. Remember to keep your recovery key safe and secure. Do not store it with your computer.

  1. To enable the use of TPM + PIN you must modify the local group policy using the Local Group Policy Editor. Go to the Start screen and type GPedit.msc then click on the icon to launch it. The following window will appear after you launch GPedit.msc.
    group policy edit window
  2. Below Computer Configuration, select Administrative Templates, Windows Components, BitLocker Drive Encryption, then click on Operating System Drives.  Now on the right side of the screen, double-click "Require additional authentication at startup".
    group policy edit window in adminitrative templates folder
  3. You are now modifying the OS BitLocker policy. Select Enabled and make sure Configure TPM startup PIN: is set to "Allow startup PIN with TPM". Ignore the rest of this policy, click Apply and OK. Close the Policy Editor.
    change policy window for TPM
  4. To turn on BitLocker:
    • Go to the Start screen and type Control Panel
    • Click the icon and the Control Panel will appear
    • From the View by: (top right) dropdown menu, select Small icons

    control panel window

  5. Click on BitLocker Drive Encryption 
    select bitlocker item in start menu
  6. BitLocker Drive Encryption will open
    • Select Turn on BitLocker
    • BitLocker will initialize and check for system requirements.
    • It may want to reboot once or twice.

    bitlocker settings window

  7. If you computer does NOT have a TPM Module, it will prompt you to use a USB flash drive or Enter a Password.
  8. If you have a TPM, you will instead have an option to Enter a PIN which is ITServices recommended setup
    • Click Enter a PIN (recommended)

    bitlocker setup wizard

  9. The Enter a PIN screen will open
    • Enter your PIN
    • Re-enter you PIN (Do not copy and paste - if you made a mistake originally, you will be confirming the mistake without knowing it)
    • Click the Set PIN button

    bitlocker wizard screen 2

  10. The How do you want to back up your recovery key? screen will open.  Very Important:  BitLocker will prompt you to save the Security Recovery Key to a USB flash drive, or to a file, or to print the recovery key.
    • Do not  save the Recovery Key to a file on your hard drive. Save it somewhere else or print it.
    • You will need the Recovery Key if your computer ever has a problem. 
    • Make your selection and click the Next button

    bitlocker wizard backup key window

  11. BitLocker will ask whether or not you want to encrypt the whole drive at once or just the used space.
    • Choose the option which best suits your situation and
    • Click Next to proceed.

    encryption options

  12. BitLocker now asks Are you ready to encrypt the drive?
    • Enable the Run BitLocker system check
    • Click the Continue button 

    confirmation window

  13. A system restart is now required,
    • Click the Restart now button and let the system reboot. 

    retart window

  14. After rebooting, the Full Hard Drive Encryption process has begun. It will take about an hour to complete this. 
    • You may use your computer while this is occurring but it will run slowly until completed.
    • The encryption process is stopped if your computer goes to sleep, hibernates or is shutdown. 
    • The encryption process will restart once you power up your computer again.
    • When BitLocker finishes encrypting the drive, it may not display any message but the hard drive light should stop flashing constantly.

    encryption tooltip