Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: What does bitlocker do for me?

01 Dec 2012   #11

Windows 7 Ultimate x64

Here are some good references for you.

My System SpecsSystem Spec
01 Dec 2012   #12

XP, 7 32/64bit

Hm.. Methinks I found the problem.

Before I started, the TPM setting in the bios was "enable".
Now, I disabled bitlocker, set TPM to "inactive", and started it again. System rebooted, and I had to hit F10 to enable TPM.. Just how it was when I did the deployment.

Alright.. Even after windows enables TPM, when it reboots, is STILL asks for the usb..

It says

The TPM was not able to unlock the drive... boot information of a pin was not provided correctly
My System SpecsSystem Spec
01 Dec 2012   #13

Windows 7 Ultimate x64

From the technet link posted above.

To suspend BitLocker Drive Encryption on an operating system drive
Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption.
Click Suspend Protection for the operating system drive.
A message is displayed, informing you that your data will not be protected while BitLocker is suspended and asking if you want to suspend BitLocker Drive Encryption. Click Yes to continue and suspend BitLocker on the drive.
By completing this procedure, you have suspended BitLocker protection on the drive by changing the decryption key to a clear key. To read data from the drive, the clear key is used to access the files. When BitLocker is suspended, TPM validation does not occur and other authentication methods, such as the use of a PIN or USB key to unlock the operating system drive, are not enforced. This allows you to make system changes such as updating the BIOS or replacing a data drive. When you are finished making changes to the computer, click Resume Protection from the BitLocker Drive Encryption Control Panel item to start using BitLocker Drive Encryption again.
To turn off BitLocker Drive Encryption
Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption.
Find the drive on which you want BitLocker Drive Encryption turned off, and click Turn Off BitLocker.
A message is displayed, informing you that the drive will be decrypted and that decryption may take some time. Click Decrypt the drive to continue and turn off BitLocker on the drive.
By completing this procedure, you have decrypted the drive and removed BitLocker protection.
My System SpecsSystem Spec

01 Dec 2012   #14

XP, 7 32/64bit

TPM is inactive in bios (if I set it to disable, bios says it won't be seen by the OS)
Boot into windows, start bitlocker
Windows says to reboot to turn on the TPM
Reboots, says "Press F10 to enable TPM". I do, boots into windows
Save recovery key to USB
Check the box to test if the system can read the key

System boot information has changed since bitlocker was enabled. Must supply recovery key to start system.
I hit enter, windows boots (this is because the key is currently still on the USB)

Upon getting back into windows: TPM was not able to unlock the drive
My System SpecsSystem Spec
01 Dec 2012   #15

Windows 7 Ultimate x64

Setup. From the link provided.

Scenario 1: Turning On BitLocker Drive Encryption on an Operating System Drive (Windows 7)

43 out of 64 rated this helpful - Rate this topic
Updated: August 9, 2010
Applies To: Windows 7
This scenario provides the procedure for turning on BitLocker Drive Encryption protection on an operating system drive of a computer with a TPM. After the drive is encrypted, the user logs on to the computer normally.
Before you start

To complete the procedure in this scenario:
You must be able to provide administrative credentials.

You must be able to configure a printer if you want to print the recovery key.

Your computer must meet BitLocker requirements. For more information, see "Requirements for BitLocker Drive Encryption" in BitLocker Drive Encryption Step-by-Step Guide for Windows 7.

To turn on BitLocker Drive Encryption on an operating system drive
Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption.
Click Turn On BitLocker for the operating system drive. BitLocker will scan your computer to make sure that it meets the BitLocker system requirements. If your computer meets the requirements, BitLocker will inform you of the next steps that need to be taken to turn on BitLocker, such as drive preparation, turning on the TPM, and encrypting the drive.
If you have a single partition for your operating system drive, BitLocker will prepare the drive by shrinking the operating system drive and creating a new system partition to use for system files that are required to start or recover the operating system and that cannot be encrypted. This drive will not have a drive letter to help prevent the storing of data files on this drive inadvertently. After the drive is prepared, the computer must be restarted.
If your TPM is not initialized, the BitLocker setup wizard will instruct you to remove any CDs, DVDs, or USB drives from the computer and restart the computer to begin the process of turning on the TPM. You will either be prompted to enable the TPM before the operating system boots or in some cases you will need to navigate to the BIOS options and enable the TPM manually. This behavior depends on the BIOS of the computer. After you confirm that you want the TPM enabled, the operating system will start and the Initializing the TPM security hardware progress indicator will be displayed.
If your computer does not have a TPM, you can still use BitLocker, but you will be using the Startup key only authentication method. All of the required encryption key information is stored on a USB flash drive, which the user must insert into the computer during startup. The key stored on the USB flash drive unlocks the computer. Using a TPM is recommended because it helps protect against attacks made against the computer's critical startup process. Using the Startup key only method only encrypts the drive; it does not provide any validation of the early boot components or hardware tampering. To use this method, your computer must support the reading of USB devices in the preboot environment and you must enable this authentication method by selecting the check box Allow BitLocker without a compatible TPM in the Group Policy setting Require additional authentication at startup, which is located in the following location in the Local Group Policy Editor: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives.
If you have configured the Group Policy settings in your organization to back up BitLocker and TPM recovery information to Active Directory® Domain Services (AD DS), the computer must be able to connect to the domain to complete this process.
After the TPM is initialized, the BitLocker setup wizard prompts you to choose how to store the recovery key. You can choose from the following options:
Save the recovery key to a USB flash drive. Saves the recovery key to a USB flash drive.

Save the recovery key to a file. Saves the recovery key to a network drive or other location.

Print the recovery key. Prints the recovery key.

Use one or more of these options to preserve the recovery key. For each option that you select, follow the wizard steps to set the location for saving or printing the recovery key. When you have finished saving the recovery key, click Next.
The recovery key is required if the encrypted drive is moved to another computer or changes are made to the system startup information. This recovery key is so important that it is recommended that you make additional copies of the key and store the key in safe places so that you can readily find the key if needed to recover access to the drive. You will need your recovery key to unlock the encrypted data on the drive if BitLocker enters a locked state. This recovery key is unique to this particular drive. You cannot use it to recover encrypted data from any other BitLocker-protected drive.
For maximum security, you should store recovery keys apart from the computer.
The BitLocker setup wizard asks if you are ready to encrypt the drive. Confirm that the Run BitLocker system check check box is selected, and then click Continue.
Confirm that you want to restart the computer by clicking Restart now. The computer restarts, and BitLocker checks if the computer meets BitLocker requirements and is ready for encryption. If it is not, you will see an error message alerting you to the problem after you have logged on.
One of the items that BitLocker checks is the configuration of the system partition. BitLocker requires a minimum system partition size of 100 MB, and the Windows Recovery Environment requires 200 MB. When the operating system is installed, the system partition is automatically created by the setup process with a default size of 300 MB. However, this default partition size can be changed by computer manufacturers or system administrators when they install the operating system. If the system partition is exactly 100 MB, BitLocker setup assumes that you have a Windows Recovery DVD for use with your computer and the system check is completed without any errors. However, if you have a system partition size between 101 MB and 299 MB, the following error message will be displayed: "You will no longer be able to use Windows Recovery Environment unless it is manually enabled and moved to the system drive." If you have a Windows 7 DVD that contains the Windows Recovery Environment or you have another system recovery process in place, you may disregard this message and continue with BitLocker setup. Otherwise, you should check your system partition and verify that you have at least 200 MB of free space on your system partition so that the Windows Recovery Environment can be retained on the system drive along with the BitLocker Recovery Environment and other files that BitLocker requires to unlock the operating system drive. For more information about the Windows Recovery Environment, see Windows Recovery Environment.
If it is ready for encryption, the Encrypting status bar is displayed, which shows the progress of the drive encryption. You can monitor the ongoing completion status of the disk drive encryption by moving the mouse pointer over the BitLocker Drive Encryption icon in the notification area, at the far right of the taskbar. Encrypting the drive will take some time. You can use your computer during encryption, but performance might be slower. A completion message is displayed when encryption is finished,
By completing this procedure, you have encrypted the operating system drive and created a recovery key that is unique to this drive. The next time you log on, you will see no change. If the TPM ever changes or cannot be accessed, if there are changes to key system files, or if someone tries to start the computer from a disk to circumvent the operating system, the computer will switch to recovery mode and prevent Windows from starting.
My System SpecsSystem Spec
01 Dec 2012   #16

XP, 7 32/64bit

I've followed those steps, and at step 5, after I do the Run BitLocker system check the error comes up..
My System SpecsSystem Spec
01 Dec 2012   #17

XP, 7 32/64bit

Attached is an image of the error

Attached Images
What does bitlocker do for me?-bitlocker.png 
My System SpecsSystem Spec
01 Dec 2012   #18

Windows 7 Ultimate x64

Attempt to suspend then resume bitlocker. Directions are posted above.

My phone is about to die so post and I will get back to you asap.
My System SpecsSystem Spec
01 Dec 2012   #19

XP, 7 32/64bit

No way to suspend or resume it at that stage.. After that window is closed, need to restart from the beginning.
My System SpecsSystem Spec
01 Dec 2012   #20

Windows 7 Ultimate x64

So you have yet to get bitlocker setup?
My System SpecsSystem Spec

 What does bitlocker do for me?

Thread Tools

Similar help and support threads
Thread Forum
BitLocker Drive Encryption - BitLocker To Go - Turn On or Off
How to Turn Windows 7 BitLocker To Go On or Off for Removable Drives BitLocker To Go is used to encrypt and password protect any removable external hard drives and USB flash drives. The drives must be formatted using either the exFAT, FAT16, FAT32, or NTFS file system and must be at least...
BIOS flash error, BITLOCKER on? No bitlocker installed, Win 7 Pro
I tried using HP BIOS Flashing utility on my HP Z400 Workstation, and it says it can't continue because I have Bitlocker enabled, but I don't have bitlocker on Win 7 Professional 32bit. I don't see it on the control panel or in context menus. I do see it set to manual in "Services" but the service...
General Discussion
Bitlocker: BitLocker could not be enabled
I am trying to enable BitLocker on a Windows 7 Ultimate x32 system with TPM. I follow the Wizard and when asked to encrypt the drive I select 'Run BitLocker system check' and 'Continue' (see attached sreenshot). The USB is inserted and contains the recovery key (.txt and .tpm). During reboot I...
System Security
Bitlocker and the FBI
Went to the New Efficiency thing today and one of the MS presenters said that the FBI asked MS if there would be a backdoor for Bitlocker. MS said no. According to the MS guy, the FBI then said to MS: you can't include it on 7 consumer versions. Maybe this been discussed here or elsewhere, but that...
System Security
What is BitLocker?
When i right click on my hard disks i have the Turn on Bitlocker... option. I will like to know what EXACTLY is that. OS Win7 Ultimate 64bit
General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 01:55.
Twitter Facebook Google+