BitLocker Encryption Pre-requisites

BitLocker pre-requisites are a set of criteria a computer must adhere to, before deploying a BitLocker policy to initiate encryption.

 

Supported OS

BitLocker is unavailable in certain versions of Windows Operating System. Outlined below are Windows versions with BitLocker support:

  • Windows 11 Pro, Enterprise, Education editions
  • Windows 10 Pro, Enterprise, Education editions
  • Windows 8.1 Pro and Enterprise editions
  • Windows 8 Pro and Enterprise editions
  • Windows 7 Ultimate and Enterprise editions
  • Windows 7 Vista Ultimate and Enterprise editions
  • Windows Server 2008 and above

BitLocker Availability

BitLocker feature is not automatically enabled on computers. However, you can manually enable BitLocker to initiate encryption. The subsequently mentioned are a few issues you might encounter while enabling BitLocker on a Windows machine.

BitLocker Disabled

BitLocker is disabled in Server OS computers by default. Perform the following steps to enable BitLocker feature and utilize BitLocker Recovery Key storing feature.

STEP 1 - On the Windows taskbar select Server Manager and choose Add Roles and Features to open the wizard.

Server Manager

STEP 2 - Follow the wizard installation steps. On reaching the Features pane of the Add Role and Features, select the BitLocker Drive Encryption Administration Utilities checkbox along with the underlying checkboxes, BitLocker Drive Encryption Tools & BitLocker Recovery Password Viewer.

BitLocker Drive Encryption

STEP 3 - Select Next to proceed in the installation wizard. Later select Install on the Confirmation pane to initiate BitLocker feature installation on your computer. Turning on the BitLocker feature might require enabling additional features, follow the Confirmation pane to enable these features.

Add Roles and Features Wizard

STEP 4 - Restart your computer to complete the BitLocker installation process. To confirm the installation of BitLocker feature, navigate to the Active Directory Users and Computers of computer objects, if BitLocker Recovery tab is present then installation has been successful.

BitLocker Recovery Tab

WMI Failure

Windows Management Instrumentation (WMI) is Microsoft's remote protocol for performing management tasks and obtaining instant information. A few ubiquitous errors might occur while enabling BitLocker. Perform the following steps to troubleshoot these errors.

STEP 1 - Open the Command Prompt with Administrator rights and execute the command mofcomp.exe C:\Windows\System32\wbem\win32_encryptablevolume.mof.

STEP 2 - If BitLocker WMI registration has been done successfully, you will get the below notification.

WMI Failure

TPM Ownership

Trusted Platform Module (TPM) is a microchip that encrypts computer drives using cryptographic keys to mitigate dictionary attacks. You have partial ownership of TPM. Therefore BitLocker is unable to use cryptographic keys. Full ownership is mandatory to carry out TPM-based encryption.

To get full ownership clear the TPM as explained here. Clearing TPM will trigger the OS to automatically re-initialize and acquire full TPM ownership.

NOTE - Clear TPM can cause loss of stored cryptographic keys. Refer to this link for precautionary measures before clearing TPM to safeguard your data.

BIOS Mode Compatibility

Trusted Platform Module aided BitLocker encryption is supported only for the Unified Extensible Firmware Interface (UEFI) mode of the BIOS. If you are using Legacy or CSM (Compatibility Support Mode) modes of BIOS switch to UEFI mode to facilitate TPM-based encryption as explained here.

GPO Misconfiguration

Group Policy (GPO) settings can control the preliminary actions of Microsoft BitLocker. In certain cases, the existing GPO settings of your computer can counteract Endpoint Central's BitLocker policy. Remove all the GPO configurations related to BitLocker and Encryption for seamless encryption.

Details of BitLocker Group Policy Settings for your reference.

Now you can configure a BitLocker policy for successful encryption. Refer to this document for step by step guide.

Download a 30-day free trial and try it out for yourself!

Related documents

  1. BitLocker Management
  2. BitLocker overview
  3. Complete feature list
  4. How to create a BitLocker management policy
  5. How to find BitLocker recovery keys
  6. How to automate BitLocker deployment for encryption
  7. Frequently asked questions

For more information on the new Endpoint Security suite products including BitLocker Management, refer here.