The BitLocker Drive Encryption can be used to Encrypt Data that is stored on the System Drive or other mass storage.
The encryption of the Data Drive is especially recommended for mobile end devices, since they are vulnerable to theft or beeing lost.
In those cases the Drive Encryption can be the last provision to prevent unauthorized access to the data.
Before you can start with the implementation of an BitLocker encryption you need to check if the computersystem is part of the NWZ domain.
To do so, use the Powershell command
wmic computersystem get domain
If the console doesnt return
nwz.wwu.de
then the computer is not part of the domain.
For an efficient encryption the computersystem should be equipt with an TPM in the Version 2.0.
To check if the system is equipt with an TPM you can use the Powershell command
tpm.smc
The "Trusted Platform Module"-Management console offers informations about the installed module of the computer.
The TPM version can be seen under the producer informations.
Should the console not be able to provide Informations, then there is no TPM installed or the system is not able to communicate with the module.
In order for the computersystem to receive the necessery informations about the encryption the Group Policy Object (GPO) for the BitLocker encryption has to be associated with the organisational unit (OU) of the computer object.
The GPO can be associated with an OU in the Pre Stagging Console.
After the implementation of the GPO the computer needs to be restarted for the changes to take effect.
To start the encryption process you need to login with your administration account.
Open the system settings and choose the BitLocker Drive Encryption.
Here you can see the encryption settings for all drives.
Choose activate system Drive BitLocker Encryption.
Follow the wizard for the BitLocker Drive Encryption.
To initialize the BitLocker Drive Encryption the computer needs to be restarted.
Once the computer reboots, you will be prompted with the BitLocker Drive Encryption.
Input the password that you set during the initialization.
Choose the option input password.
The following window propts for the password input.
Input the password that is going to be used to unlock the drive.
Make sure that the option Run BitLocker System Check is checked and start the encryption by clicking Next
After the encryption process has been finished the computer needs to be restarted.
The recovery informations that are needed if the password for the drive has been lost are stored within the computer object in the Active Directory.
To receive these informations please start the Pre-Stagging Console that can be accessed within Citrix.
Navigate the the Organisational Unit (OU) where the affected computer object is located.
Choose the Properties of the Computer Object.
The Recovery Informations can be seen on the BitLocker-Recovery tab.
