Vista includes two encryption technologies: Encrypting File System (EFS) and BitLocker Drive Encryption. In this series of articles, you will learn how to set up both technologies in Vista.

To use BitLocker Drive Encryption (assuming you are not using hardware cryptography) you need to first configure the local computer policy to allow you to use USB key mode. Within the local computer policy, navigate to the following location: Computer Configuration Administrative Templates Windows Components BitLocker Drive Encryption. Open Control Panel Setup: Enabled advanced startup options. Select the Enabled option and the Allow BitLocker Without a Compatible TPM option.

To turn on BitLocker Drive Encryption:

  1. Open the Control Panel, select Security and click BitLocker Drive Encryption.
  2. Click the Turn On BitLocker option for the operating system volume.
  3. Choose one of the available options to save the recovery password. The recovery password can be saved to a USB drive, in a folder or it can be printed. This password is required to move the drive to another computer or if changes are made to system start up. Therefore, it is crucial that it is kept in a secure location.
  4. Once you have selected the password recovery option, click Next to continue encrypting the operating system volume.
  5. Next, verify that the Run BitLocker System Check option is selected. Click Continue.

The computer will restart and proceed with the volume encryption.

Additional settings for configuring BitLocker Drive Encryption are available through the local computer policy. You can find these settings under the following container: Computer Configuration Administrative Templates Windows Components BitLocker Drive Encryption.

Once BitLocker Drive Encryption is enabled, it will lock the drive that Windows is installed on in specific situations that include:

  • A possible security risk is detected on start-up.
  • The computer is operational but the BitLocker startup key or pin is lost or the startup key is damaged.
  • The computer is not operational and you have transferred the hard drive to another computer.

In these cases, you have to unlock the drive using the BitLocker recovery password to gain access to you files.