In the lab, I establish an encrypted drive on the computer by using bitlocker. First, using group policy management to create GPO in the domain computer, plabwin810, this can set the security filtering on the target computer. After enable the functionality of bitlocker on the target computer, I have created a new partition on the computer for storing the recovery key.
After all the preparation jobs was finished, I have enabled the bitlocker on the target drive. To turn on the bitlocker, I have right clicked the target drive and select ‘Turn on BitLocker’ to enable the bitlocker. After that, a window pops up for you to enter the password to unlock the drive. Also, the password procedure allow user to creature a recovery key to unlock the drive while the password is forgotten. As the recover key should be saved on a different location, not on the encrypted drive. I have selected the new created diver, also we can save on the USB flash drive.
Considering the security issue, saving the recover on the same computer is not a good idea. People using bitlocker to encrypt the drive is for protecting the data on the drive could not be viewed or copy. In other words, it protects the data from unauthorized access in case of lost of computer or the computer being stolen. If we save the recover key on the same computer, people can easily to get the key to unlock the drive and get access of the data. So, saving the key on a USB drive or different computer could have a better security protection of the data.
After creating the recovery key, we can start the encrypting process. White the it was finished, a opened key shown on the drived icon which means the drive still not locked, a restart was required. After the restart, a locked key was shown on the target drive icon which means the drive is locked.
Now bitlocker encrypted the contend of the target partition. It use the integrity checking in the boot process to check that the drive content have not been altered and it is still in the original computer. If the check of the integrity is failed, the computer can not boot up to prevent data copy to another computer.
There are two ways to unlock the drive:
- use the password
- use the recover key
In normal use, double click the encrypted drive to allow a pop-up window for you to enter the password. However, if you forget the password, in the option, you can select using recover key to unlock the drive. Just find the recover key and copy and paste to the text area to unlock the drive.
Finally, to remove the encryption on the target drive, you can in the commend of:
manage-bde -off D:
to decrypted the target drive.
Albert's blog 