Use BitLocker to encrypt your PC

BitLocker helps prevent unauthorized access to documents and other important data stored on your startup disk.

About BitLocker

BitLocker is Microsoft's full-disk encryption system built into Windows. BitLocker uses AES encryption with a 128-bit or longer key. To use this feature, you need a Professional, Enterprise, or Education edition of Windows 8 or above. This tutorial will focus on computers already on our ADS Windows domain, as the process will be more complicated for machines without domain membership.

This method requires a computer with an enabled and active TPM (Trusted Platform Module). A TPM is a chip in your computer that is dedicated to processing encrypted cryptographic keys. Once BitLocker is fully enabled, your disk will not be accessible unless Windows can find and utilize your specific TPM to access the encrypted disk. If you attempt to enable BitLocker and Windows tells you it can't detect a TPM, you either don't have one, or it needs to be enabled in the BIOS. Please submit a Help Request on the LSCG website for further assistance. For reference, most Dell desktop and laptop computers on the UCSB campus include a TPM.

Turn on BitLocker

Note that enabling BitLocker will require local administrator privileges on the computer. If your account does not have sufficient privileges, please contact LSCG for assistance.

Click on the Start Button (or press the Windows key on your keyboard) to open the Start Menu or Start Screen. Type BitLocker and choose the Manage BitLocker option.

Choose Turn on BitLocker.

Please choose a method of backing up your recovery key. This key is required to rescue your encrypted data if something happens that prevents your computer from successfully starting up in the future. This key will be backed up to another ADS location automatically, so simply pick a convenient and safe method to save a copy of the key.

Choose how much of your drive to encrypt. As suggested by Windows, choosing to encrypt only the used disk space is ideal for new PCs and new Windows installations. This allows the process to finish quickly, and all new data created later will be encrypted automatically. Choosing to encrypt the entire drive takes longer, but is more efficient in the long run for computers and drives that you have already started using. If you have questions, please contact LSCG.

Lastly, check the box that reads Run BitLocker system check. This will restart the computer and check your disk and TPM thoroughly before encryption begins. It may take a little while, but it could prevent unwanted complications down the road.

After you click Continue and restart your computer, BitLocker will perform the system check, start Windows back up, and begin encrypting your disk right away. All necessary configuration for BitLocker has been set by LSCG through ADS, so nothing else is required. If you have any further questions or concerns, please contact LSCG and we'll help out however we can.