Join Martin Guidry for an in-depth discussion in this video Administering BitLocker, part of Windows 10 Administration.
- View Offline
- In this section, we're going to talk about using the BitLocker technology to help secure your data in Windows 10. The easiest way to get to the BitLocker interface is just to go to the Start Menu and start typing in BitLocker, and we'll see it matches the item, Manage BitLocker. i'll click on that, we'll see that I have two drives, C and E. My C drive is not compatible with BitLocker, so I should receive an error when I click on Turn on BitLocker, and in fact it does say, your device does not use a trusted platform module.
BitLocker is reliant on a technology called TPM or Trusted Platform Module, and basically what that does, it stores the encryption key some place other than the drive. So BitLocker is going to encrypt our entire drive, but if we store the encryption key on the same drive on which we did the encryption, that would lower the overall security. It's much more secure to store the encryption key somewheres else. And that technology that allows us to do that is called Trusted Platform Module.
I believe my other drive is compatible with that, so I'll go ahead and click on Turn On BitLocker, and it's asking if I would like to use a password or a smart card, I'm going to select Password, and then I'll have to type in a complex password. I'll hit Next. It's asking where I would like to back up the recovery key to. I'll go ahead and do that to a file, and I'll just put a file on the C drive, and I'll keep the default name for the file name.
And it's giving me an error saying it's a good idea to store your recovery key someplace other than the PC, so in other words, a removable media, like a floppy drive, or a flash drive, and I agree that is the best practice, but just for this demonstration I'll go ahead and save it to the C drive. I'll hit Next. Are you ready to encrypt this drive? Yes, start encrypting. My drive was a relatively small drive so it encrypted very quickly, so I'll go ahead and hit Close.
I then have a few new options now that BitLocker is installed. I can change the password, remove the password, add smart card authentication, turn on auto-unlock, or turn off BitLocker. Most of those self-explanatory, so for example, Change password would require me to type in my old password and then a new password. Adding smart card authentication would allow me to instead of require a password to instead decrypt this drive using a smart card.
I don't have a smart card connected to this computer currently, so I doubt this is going to be very successful. And yes, I do. in fact, get the error A certificate suitable for BitLocker cannot be found on your smart card. Now that I've implemented the BitLocker functionality, I can lock and unlock the E drive. Normally any time the machine is rebooted, it would automatically lock all of my BitLocker drives and then when I wanted to access the drive I would have to provide the password.
Once a drive has been unlocked, if you would like to lock it again, you will have to use the command line. So from the Start Menu I'm going to pull up a command prompt by typing in C-M-D. Then you'll want to right-click on the desk-top app and say Run as administrator in the UAC. Go ahead and click Yes. And the command is manage dash B-D-E, then the drive letter you would like to lock, which for me is E, and then dash lock, L-O-C-K, and it will say Volume E is now locked.
So I'll look at that in my File Explorer and yes, local disk E is showing the locked icon. I'll double click on that, and it will ask me to enter a password to unlock the drive. This will be the same password I used when I set up BitLocker. I'll enter that again, and now E should be unlocked. I'll double-click on it, and yes, I can see the files on my E drive. If I go back, yes, the icon has updated, now showing an unlocked icon.
So E will be unlocked for the remainder of this session, until I either reboot the machine or go into the command prompt and issue the command to lock the drive.
Martin first reviews the various editions of both the desktop and mobile versions of Windows 10. This section covers the special features included with the Enterprise edition, and the hardware requirements for some of the new Windows 10 features. Martin also explains installing and updating drivers and configuring and optimizing the OS, including system properties and power options. Then it's a deep dive into Group Policy, including working with local groups, configuring preferences, and troubleshooting Group Policy. Martin also looks at Windows security—authentication and encryption—as well as the boot process, and concludes the course with a brief look at virtualization, networking, and backup and recovery.
- Understanding the different versions of Windows 10
- Installing and updating drivers
- Administering multitasking
- Working with Windows Group Policy
- Adding domain users and accounts to a Windows 10 PC
- Administering BitLocker and EFS
- Understanding the boot process
- Installing Client Hyper-V for Windows virtualization
- Managing Windows Firewall
- Backing up and restoring Windows 10
- Troubleshooting Windows 10