BitLocker Management

Activating and setting up BitLocker Management

• Under Computer management, activate BitLocker Management for a computer. For details, see: Activating products.
• Under Product settings | BitLocker | BitLocker settings, in the Default method drop-down, select an encryption method used by default for all computers. The method can also be selected for each computer before encryption via the Encrypt with option.
• For details, see: Available encryption methods
• The Additional Authentication work area applies when Active Directory Group Policy Objects are not used. There, specify whether a startup PIN is allowed, required or denied. If desired, change the PIN’s minimum length. A normal PIN is solely numeric, whereas an Enhanced PIN accepts digits, letters and symbols.
• In the Encryption key protection work area, click Change and define a password. This password is used by default for locking and unlocking all encrypted volumes locally on computer and can be changed individually for each volume after the volume encryption.
• Set the Store recovery password for already encrypted drives in EgoSecure database box to make the Copy recovery password option available in the context menu for all encrypted volumes.
• Click Save.

Available encryption methods

BitLocker basically supports two different methods for disk encryption or two different key lengths:

• AES 128
• AES 256

Longer keys offer a higher level of security and are more difficult, for example, by cracking by brute force attacks. However, they can lead to noticeable losses in performance and slower encryption and decryption of data. In addition to the key length, BitLocker supports the following options when selecting the encryption method:

• Diffuser algorithm
• XTS algorithm

It is recommended to enable Automatic selection as the default method. If this option is activated, the most suitable encryption method depending on the operating system is automatically selected.

Encrypting a volume

• Select a computer in Computer management | BitLocker.
• In the lower area, in the Drives tab, right-click a volume.
• To encrypt a volume:
  • Select Encrypt to encrypt with a default method defined in Product settings | BitLocker | BitLocker settings.
  • Select Encrypt with and select an encryption method from the context menu to encrypt with one of the available methods.
  • The Status column value changes from Not encrypted to Encryption in progress. Once the encryption is finished, the Fully encrypted status is displayed. Now the volume is encrypted via BitLocker encryption.
• To restrict access to encrypted disk with a password, lock a volume manually or restart a client computer once encryption is finished (the volume is locked automatically after the restart).

Locking a volume

• Select a computer in Computer management | BitLocker.
• Right-click a volume in the Drives tab.
• Select Lock from the context menu.
• The status changes to Volume is locked. When client unlocks the volume on the computer (enters the password), the status Volume is locked remains. The unlocked volume is accessed without a password till the next computer restart.

Automatically unlocking an encrypted volume

• Go to Product settings | BitLocker | BitLocker settings.
• Enable the check box Automatically unlock encrypted data volumes.
• Click Save.
• Select a computer in Computer management | BitLocker.
• Right-click an encrypted volume in the Drives tab.
• Select Enable auto-unlock from the context menu.

Decrypting a volume

• Before decrypting, make sure the drive is unlocked. If necessary, unlock it by entering the password.
• Select a computer in Computer management | BitLocker.
• Right-click a volume in the Drives tab.
• Select Decrypt from the context menu.
• The decryption starts. The status changes to Decryption in progress. Once the decryption finishes, the status changes to Not encrypted.

Viewing BitLocker encryption status

• Go to Reports | BitLocker | Encryption status.
• In the Directory service structure area, select the directory element, which contains computers.
• Select the status from the drop-down list.
• Click Group by computer to display volumes according to computers to which they belong.
• Click Show to update information.
• The drives that match the selected directory service area and the selected encryption status are displayed.

Changing a volume password

• Before changing a password, make sure the volume is unlocked.
• Go to Computer management | BitLocker and select a computer.
• In the Drives tab, right-click an encrypted volume.
• Select Change password... from the context menu.
• The Enter password dialog appears.
• Enter a new password and confirm it.
• If you have lost the drive password, you will need a recovery password to access the encrypted drive.

Saving recovery password

Recovery password is copied to restore user data in case of emergency. Recovery password is stored in the EgoSecure database and can be copied from there if Store recovery password for already encrypted drives in EgoSecure database box is enabled under Product settings | BitLocker settings | Encryption key protection work area. Recovery password can be copied from a locked or unlocked drive. See also: Setting up BitLocker Management

• Select a computer in Computer management | BitLocker.
• Under the Drives tab, right-click an encrypted drive.
• Select Copy Recovery password from the context menu.
• The Copy Recovery password dialog appears.
• Click Copy.
• The password is copied to the clipboard. Save the recovery password, e.g., to a text file.