BitLocker To Go - For Portable USB Drives
On this page:
Encrypt external storage drive
Important BitLocker To Go is NOT an additional application you need to install. It is how BitLocker is referred to when used on an external attached drive. It is not dependent on a Trusted Platform Module (TPM) being enabled on PC's that support BitLocker natively. BitLocker is available on the Ultimate and Enterprise editions of Windows Vista and Windows 7, the Pro and Enterprise editions of Windows 8 and later, and Windows Server 2008 and later. Older Windows OS's and Macintosh users can download a "BitLocker To Go Reader" utility to use with those systems. Reader Links |
With the increase in the use of small, large capacity USB drives, the potential for sensitive data to be lost or stolen has become a serious threat. How can you protect MIT data from loss or theft? The answer: BitLocker To Go.
Improved for Windows 7 Ultimate and Enterprise and Windows 8.1 Pro and Enterprise. You can use BitLocker To Go to protect all file stored on a removable data drive, such as an external hard drive or USB flash drive.
To enable BitLocker encryption on a USB flash drive, perform the following steps:
- Insert and browse to the USB flash drive.
Best Practice:
As a precaution, backup all data on the drive prior to encrypting. - Right-click the USB flash drive or external hard drive, and then click on Turn on Bitlocker…
- On the Choose how you want to unlock this drive window, choose Use a password to unlock the drive
\- This option prompts the user for a password to unlock the drive. Passwords allow a drive to be unlocked in any location and to be shared with other people.
- BitLocker To Go requires that passwords have at least eight characters. IS&T recommends that they contain a mixture of characters, numbers, and special characters.
- On the How Do You Want To Store Your Recovery Key windows, click Save The Recovery Key To A File.
- In the Save BitLocker Recovery Key As dialog box, choose a save location, such as your Documents folder, and then click Save.
Caution
Bitlocker suggests a name that is structured in the following way. The text, "BitLocker Recovery Key", then the Full Recovery Key ID. The first 8 alpha/numeric characters are what you will be shown when using the key recovery process. The file can be named anything, and saved anywhere you want, but you should be consistent. You may want to at the very least, incorporate those first 8 alpha/numeric characters into the name to help easily identify the key you need to use in recovery.
Note:
You can also print the recovery key if you desire (from here, or by opening your saved recovery key and printing). With this recovery key file you can regain access to your encrypted USB flash drive in the event you forget your password! - The message Your Recovery Key has been saved will appear in the dialog box and you can now click Next to continue.
- On the Are You Ready To Encrypt This Drive window, click Start Encrypting.
Do not remove the USB flash drive until the encryption process is complete. How long the encryption takes depends on the size of the drive. USB drive encryption take approximately 6 to 10 minutes per gigabyte to complete. The encryption process performs the following:- Creates a virtual volume with the full contents for the drive in the remaining drive space.
- Encrypts the virtual volume with Advanced Encryption Standard(AES) 128-?bit.
- Once the encryption process completes you will be notified by a window.
- Start using your encrypted drive.
Access an encrypted external storage drive
Important: BitLocker To Go is NOT an additional application you need to install. It is how BitLocker is referred to when used on an external attached drive. It is not dependent on a Trusted Platform Module (TPM) being enabled on PC's that support BitLocker natively. BitLocker is available on the Ultimate and Enterprise editions of Windows Vista and Windows 7, the Pro and Enterprise editions of Windows 8 and later, and Windows Server 2008 and later. Older Windows OS's and Macintosh users can download a "BitLocker To Go Reader" utility to use with those systems. Reader Links |
Once you have encrypted your external drive and saved a recovery key, you’re ready to go. Your drive will be unlocked for as long as it is connected to your computer, but at some point, you may reboot, or need to eject it. After this happens, you will be required to enter your password again.
Scenario 1 – Reboot
- Browse to your Computer, and you will find your external USB drive is locked. It will NOT automatically prompt you for a password.
- Double-click on the locked drive icon.
- Optionally, you can Right-click and choose Unlock Drive…
- Double-click on the locked drive icon.
- Enter your password, and click Unlock.
- Choose Open folder to view files.
- Start using your drive.
Scenario 2 – You inserted your external drive in the same/other machine
- The BitLocker Drive Encryption dialog box will automatically pop-up.
- Enter your password, and click Unlock.
- Choose Open folder to view files.
- Start using your drive.
Manage an encrypted external drive
Important: BitLocker To Go is NOT an additional application you need to install. It is how BitLocker is referred to when used on an external attached drive.It is not dependent on a Trusted Platform Module (TPM) being enabled on PC's that support BitLocker natively. BitLocker is available on the Ultimate and Enterprise editions of Windows Vista and Windows 7, the Pro and Enterprise editions of Windows 8 and later, and Windows Server 2008 and later. Older Windows OS's and Macintosh users can download a "BitLocker To Go Reader" utility to use with those systems. Reader Links |
When you have an external encrypted drive in your computer and unlocked, there are some options for managing BitLocker for this drive. Below are some examples of things you can manage.
Common method for All Scenario’s below -- Access the Manage BitLocker… dialog box.
- Right click on your unlocked encrypted drive and select Manage BitLocker…
- Select options to manage
Scenario A – Change password to unlock the drive
- Select Change password to unlock the drive.
- Type in your new password and click Next.
- You will receive the following confirmation. Click OK.
- You will be returned to the Select options to manage dialog box. Click Close if you have no other options to manage.
Scenario B – Remove password from this drive
- Select Remove password from this drive.
\- If you do have Automatically unlock this drive on this computer previously set, you will receive the following message.
Note:
The Change password to unlock the drive option goes away, and you can click Close now. - If you don’t have another unlocking method, you will receive the following message. Click OK.
- If you do have Automatically unlock this drive on this computer previously set, you will receive the following message.
- You will be returned to the Select options to manage dialog box.
- You will now have to set Automatically unlock this drive on this computer, for this to work. (See Scenario E below to see how to do this)
- Return to Step 1 to remove the password now.
Scenario C – Add a smart card to unlock the drive (NOT Supported )
- Select Add a smart card to unlock the drive.
- Without a Smart Card reader, you get the following error.
- You will still be in the Select options to manage dialog box, so you can click Close if you have no other options to manage.
Scenario D – Save or print recovery key again
- Select Save or print a recovery key again.
- Select Save the recovery key to a file.
- Save the file locally.
\- In the Save BitLocker Recovery Key As dialog box, choose a save location, such as your Documents folder, and then click Save. BitLocker suggests a name but you can name this anything you will remember. It would be nice to at least leave the first alphanumeric series of 8 numbers as this will be useful in the recovery process.
- You will be returned to the Select options to manage dialog box. Click Close if you have no other options to manage.
- Select Print the recovery key.
- Choose a Printer, then click Print.
- Click Close if you have no other options to manage.
Scenario E – Automatically unlock this drive on this computer
- Select Automatically unlock the drive on this computer.
- You will see the option now reads Turn off automatic unlocking for this drive on this computer.
- You can click Close if you have no other options to manage.
Recover from key to an encrypted external storage drive
Important: BitLocker To Go is NOT an additional application you need to install. It is how BitLocker is referred to when used on an external attached drive. It is not dependent on a Trusted Platform Module (TPM) being enabled on PC's that support BitLocker natively. BitLocker is available on the Ultimate and Enterprise editions of Windows Vista and Windows 7, the Pro and Enterprise editions of Windows 8 and later, and Windows Server 2008 and later. Older Windows OS's and Macintosh users can download a "BitLocker To Go Reader" utility to use with those systems. Reader Links |
When you forget your password, and need to gain access to your encrypted drive, you can gain access with your recovery key.
- Insert the external drive, and click on I forgot my password.
- The clue to finding your key file is in Your recover key can be identified by:. Make note of this.
- Find and open the recovery key file on your computer.
- Confirm that the id matches.
- Copy the BitLocker Recovery Key.
- Confirm that the id matches.
- Return to the Unlock this drive using your recovery key dialog box (see step 2), click on Type the recovery key. Pasted the recovery key in the Type your BitLocker recovery key: box, and click Next.
- You are now have Temporary access to the drive and must reset the password. Click on Manage BitLocker.
- Chose Change password to unlock the drive.
- Type in your new password, then click Next.
- You will receive a conformation that your password had been changed. Click OK to close this dialog box.
- You will be returned to the dialog box in step 6. Click on Close now.
- You will be returned to the dialog box in step 5. Click on Finish now.
- You will now be presented with your open drive in a new explorer window. You can now work with the contents.
Decrypt an external storage drive
Important: BitLocker To Go is NOT an additional application you need to install. It is how BitLocker is referred to when used on an external attached drive. It is not dependent on a Trusted Platform Module (TPM) being enabled on PC's that support BitLocker natively. BitLocker is available on the Ultimate and Enterprise editions of Windows Vista and Windows 7, the Pro and Enterprise editions of Windows 8 and later, and Windows Server 2008 and later. Older Windows OS's and Macintosh users can download a "BitLocker To Go Reader" utility to use with those systems. Reader Links |
At some time, you may want to turn off the encryption on your external encrypted drive. Here's the step on how to do that.
Turn Off BitLocker to Decrypt Removable Drive
- Connect the removable hard drive or USB flash drive.
- Type in your password, and click on the Unlock button.
- Open the Control Panel (icons view), and click on the BitLocker Drive Encryption icon.
- Click on Turn Off BitLocker for the drive letter for the removable hard drive or USB flash drive that you want to decrypt. (See screenshot below)
- Click on the Decrypt Drive button. (See screenshot below)
Note:
This may take a while to finish.
- BitLocker will now start decrypting the drive. (See screenshot below)
- When finished, click on the Close button. (See screenshot below)
- The Control Panel and Computer will now have the Turn On BitLocker option again.
- You're done. The drive is now decrypted with BitLocker To Go turned off, and your data intact.