Join James Gonzalez for an in-depth discussion in this video Additional BitLocker features, part of Windows 10: Configure, Secure, and Manage Data.
- In the previous lesson, I demonstrated how to encrypt a drive using BitLocker. In this lesson, let me continue showing you how to manage your drives after they've been encrypted and also introduce you to BitLocker To Go, the new encryption service for encrypting data on USB portable drives. After the encryption is complete, go ahead and click on the Manage BitLocker link in the dialogue. That'll bring you back to the BitLocker Drive Encryption dialogue, but notice now that you've encrypted a drive you'll have additional options here for managing that encryption, including you can back up your recovery key if you forgot to do this earlier or maybe you only backed it up to one location, you can backup your recovery key by printing it, saving it to a USB disk, saving it to the Microsoft cloud or actually saving it to another place on the computer.
You can change the password to access your encrypted data. You can remove a password, add a smart card. So, you'd actually put a smart card in the computer to then decrypt that without having to use a password. You can turn on the auto unlock feature. With this feature, your computer will automatically grab the encryption keys from the TPM and then decrypt the drive for you, and lastly, you can turn off BitLocker completely. Let me demonstrate BitLocker To Go by encrypting a USB drive that I've placed, Drive H: on my computer.
So, click on the drive and then simply choose the Turn on BitLocker option. BitLocker will initialize the drive. Next choose how you want to unlock this drive. I'm going to go ahead and just use a password to unlock the drive. By the way, passwords should contain uppercase and lowercase letters, numbers, spaces and symbols. If you don't use that rule there, force you to go back and add uppercase and lowercase letters, numbers, spaces and symbols. Click on the Next button and then choose how you want to back up your recovery key. Just in case you forget your password or lose your smart card, you can then use your recovery key to access your drive.
I recommend doing two of these at least, saving to your Microsoft account, saving to a file or printing the recovery key. For this demonstration, let's just save it to a file here, and notice you can't save it to the same disk. I'm going to save it to a temp folder on my main hard drive. So, once you've backed up the recovery key click Next. Now you choose how much of your drive to encrypt. If you're setting up BitLocker on a new drive or a new PC, you'll only need to encrypt the part of the drive that's currently being used and then BitLocker will encrypt new data automatically as you add it.
Now, if you're enabling BitLocker on a PC or drive that's already in use, consider encrypting the entire drive. This ensures that all the data is protected, even data that you deleted, but that might still contain retrievable info. If you encrypt the used space only, it's faster and is the best for new PCs. If you encrypt the entire drive, this will be slower, but it's best for PC and drives already in use. In this case, it's a brand new USB drive so I'm just going to choose the faster first option. Encrypt used disk space only, click on Next.
It prompts me if I'm ready to encrypt the drive. Go ahead and click on Start encrypting and BitLocker will proceed to encrypt your USB drive. This is pretty fast, faster than doing a connected drive or your system drive. Notice you can also pause the encryption and then when you're done you'll get this Manage BitLocker link again to take you back to your BitLocker drive encryption dialogue.
Using the tools that come with a standard Windows build, James Gonzalez shows how to configure data storage (on client devices and on OneDrive), secure data with good authentication practices, encrypt data with EFS and BitLocker, and manage data access to shared folders, printers, and hard drives. He also shows how to set up file sharing for an organization using HomeGroup networks and NTFS permissions.
This course is also part of a series designed to help you prepare for the Microsoft exam 70-697: Configuring Windows Devices.
- Identify which storage usage category you should select to check how much space your downloads folder is using on your Windows drive.
- Name the type of storage space resiliency you should select to turn two physical drives into one logical drive.
- Describe the steps needed to access the NTFS permissions for a specific folder.
- List the actions required to share a printer with users on the same network.
- State how to use file explorer to open your PC instead of quick access.
- List the steps to add folder permissions for a specific folder.