none
Bitlocker Basics for Surface

    Question

  • Never used BitLocker. Help me out.

    1. From what I understand BitLocker needs to be configured (even on the Surface tablets). Is that correct or are tablets automatically configured with BitLocker? 

    2. Can BitLocker be installed on drive "c" (where the OS is located?) or only on another drive (e.g. "D").

    3. I read that the drives where BitLocker is installed need to be formatted with NTFS. Is that correct?

    4. How is BitLocker actually installed on a drive? (URL would be helpful. I've seen articles showing steps using Group Policy. There must be an easier way  for the average user to enable BitLocker.)

    5. I gather that once BitLocker is active, rebooting the tablet will cause a "bitlocker key" dialog box to appear. The user needs to enter the encryption key or the tablet won't work. Is that right?

    TIA,

    edm2

    Monday, January 28, 2013 7:47 AM

Answers

    1. BitLocker must be manually turned on in the machine's Control Panel.
    2. BitLocker can be activated for any NTFS formatted drive. However, by encrypting the C: drive, you will be presented with a dialog box to input the BitLocker password (different from your account password) when you turn on the machine.
    3. Yes, BitLocker only works on NTFS partition.
    4. Go to the BitLocker Drive Encryption applet in the Control Panel. There's nothing to download or install, it's already there.
    5. Correct. Without either the BitLocker Password or the recovery key, you will not be able to access the contents of the drive. If this drive is the C: drive, you won't be able to boot the machine. If you lose the BitLocker password and the recovery key, you'll have to completely wipe the machine and reinstall.
    • Marked as answer by edm2 Wednesday, January 30, 2013 2:44 PM
    Monday, January 28, 2013 7:15 PM
  • No Windows 8 machine will have BitLocker enabled by default. It's an action that must be deliberately done by the user.
    • Marked as answer by edm2 Thursday, January 31, 2013 12:19 AM
    Wednesday, January 30, 2013 3:04 PM

All replies

    1. BitLocker must be manually turned on in the machine's Control Panel.
    2. BitLocker can be activated for any NTFS formatted drive. However, by encrypting the C: drive, you will be presented with a dialog box to input the BitLocker password (different from your account password) when you turn on the machine.
    3. Yes, BitLocker only works on NTFS partition.
    4. Go to the BitLocker Drive Encryption applet in the Control Panel. There's nothing to download or install, it's already there.
    5. Correct. Without either the BitLocker Password or the recovery key, you will not be able to access the contents of the drive. If this drive is the C: drive, you won't be able to boot the machine. If you lose the BitLocker password and the recovery key, you'll have to completely wipe the machine and reinstall.
    • Marked as answer by edm2 Wednesday, January 30, 2013 2:44 PM
    Monday, January 28, 2013 7:15 PM
  • Entegy,

    Great help! Thank you very much.

    The question I forgot to ask: I presume the Surface supports Bitlocker but is it not enabled by default. Correct?

    edm2

    Tuesday, January 29, 2013 12:57 AM
  • Hi,

    More about the question about Surface, I suggest to contact Surface Forum for further help:

    http://www.microsoft.com/surface/en-us/support

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.  Thank you for your understanding


    Leo Huang
    TechNet Community Support

    Wednesday, January 30, 2013 5:56 AM
    Moderator
  • No Windows 8 machine will have BitLocker enabled by default. It's an action that must be deliberately done by the user.
    • Marked as answer by edm2 Thursday, January 31, 2013 12:19 AM
    Wednesday, January 30, 2013 3:04 PM
  • Hi Entegy,

    That isn't quite accurate. Device encryption (which uses BitLocker) is enabled by default on all Windows RT devices--including the Surface--when you sign in with a Microsoft account. See http://windows.microsoft.com/en-US/windows-8/using-bitlocker-drive-encryption-arm for details.

    --Mike

    Friday, February 01, 2013 5:31 PM
  • Thanks for telling me this Mike. Good to know this although I'm technically still correct as I said Windows 8 and not Windows RT ;)

    Although I get what you mean as edm2 never specified Surface RT or Surface Pro.

    Tuesday, February 05, 2013 2:34 PM