Enabling BitLocker to go for External Hard Drives and USB Flash Drives


Bitlocker To Go

With the increase in the use of small, large capacity USB drives, the potential for sensitive data to be lost or stolen has become a serious threat! How can you protect NMSU data from loss, theft, or cyber criminals? The answer: BitLocker.

Improved for Windows 7 Ultimate and Enterprise and Windows 8.1 Pro and Enterprise. You can also use BitLocker To Go to help protect all files stored on a removable data drive (such as an external hard drive or USB flash drive).

To enable BitLocker encryption on a USB flash drive, do the following:

  1. Insert the USB flash drive, click Start, and then click Computer.
  2. Right-click the USB flash drive, and then click Turn On BitLocker… 
  3. On the Choose How You Want To Unlock This Drive windows, choose Use a Password to Unlock This Drive.
    1. This option prompts the user for a password to unlock the drive. Passwords allow a drive to be unlocked in any location and to be shared with other people.
    2. NMSU requires having a password with at least eight characters in length and being a mixture of upper and lowercase letters, numbers, and special characters.
  4. On the How Do You Want To Store Your Recovery Key window, click Save The Recovery Key To A File.
    1. In the Save BitLocker Recovery Key As dialog box, choose a save location, such as you’re my Documents folder, and then click Save.
    2. You can also print the recovery key if you desire. With this recovery key file you can regain access to your encrypted USB flash drive in the event you forget your password!
    3. NMSU ICT warns to not store a printed copy of the Recovery Key with the USB flash drive in the same location. For example, if both the USB flash drive and recovery key are in the same bag during travel it would be very easy for access to be gained to the USB flash drive by an authorized user.
  5. On the Are You Ready To Encrypt This Drive window, click Start Encrypting. Do not remove the USB flash drive until the encryption process is complete. How long the encryption takes depends on the size of the drive. USB drive encryption take approximately 6 to 10 minutes per gigabyte to complete. The encryption process performs the following:
    1. Adds an autorin.inf file, the BitLocker To Go reader, and a ReadMe.txt file to the USB flash drive.
    2. Creates a virtual volume with the full contents for the drive in the remaining drive space.
    3. Encrypts the virtual volume with Advanced Encryption Standard (AES) 128-bit.
  6. Once the encryption process completes you will be notified by a window.
  7. When you insert the encrypted drive into a USB port on a computer running Windows 7 and above dialog box will display. When you are prompted, enter the password you created. Optionally, check Automatically Unlock On This Computer From Now On for ease of use. If you are running Windows 8 you must click on More options to check Automatically unlock on this PC.
  8. Finally, click Unlock.