Security :: Encryption BitLocker :: Windows Vista

Printer-friendly version

Before proceeding, seek the support of your ITC.

Do not encrypt the only copy of protected data. Mobile devices have a greater exposure to damaging environments, and data on these devices, encrypted or not, can suddenly become unrecoverable.


A computer must meet the following requirements to support BitLocker

  • Windows Vista capable
  • Two system volumes (one for unencrypted boot files and another for encrypted OS and data)
  • A BIOS setting to start up first from the hard drive, not the USB or CD drives.

If you choose to use BitLocker with TPM for authentication

  • TPM chip version 1.2 or higher
  • A BIOS that is compatible with TPM and supports USB devices during startup


There is no single recommended method to install BitLocker in an enterprise environment, and the steps will vary depending on your department’s deployment tools and methods. The Microsoft “Windows BitLocker Drive Encryption Deployment Guide” outlines several example deployment scenarios with the specific steps required for each scenario.

At a minimum, BitLocker requires two NTFS drive partitions, one for the system boot volume and one for the operating system volume. The system volume partition must be at least 1.5 gigabytes (GB) and set as the active partition.

These partitions can be created prior to installing Vista using disk partition tools from a bootable CD or DVD, but Microsoft also provides an automated tool for prepping the hard drive on systems where Vista has already been installed. You may find it simpler to download and install the BitLocker Drive Preparation Tool to create the necessary drive volumes. See Microsoft’s article on the BitLocker Drive Preparation Tool for more details.

Once the necessary system partitions have been created, go to Control Panel BitLocker Drive Encryption and select “Turn On BitLocker”. The BitLocker applet will prompt for authentication method, recovery key backup, and a system check to ensure the computer can support USB devices during boot. After the system has passed the system check, BitLocker will begin to encrypt the drive. Encryption can last for several hours, but the computer can be used as normal during the encryption.