Windows comes with a built-in security feature known as Microsoft BitLocker that encrypts every file on the Windows drive. Your hard drive will be given a recovery key by BitLocker so that each time you turn on your computer, a unique pin code will be required to log in. This recovery key can also be used to access the drive if you forget your password. Also, your files and information will be protected using full encryption so that only those with the correct encryption key can decrypt and access them.
Now you can view the BitLocker status of your Windows assets from SuperOps. But first, let's look at how Windows BitLocker can be configured on an asset.
Setting up BitLocker for a Windows Workstation
Navigate to Control Panel > Systems and Security > BitLocker Drive Encryption > Manage BitLocker.
Select “Turn on BitLocker”.
Note: BitLocker isn’t available for Windows 10 Home Edition.
3. You will be prompted to select a password before the encryption process starts.
4. You will also be asked to set up a recovery key in case you can’t log in using the pin.
5. Click “Next” and select the portion of your drive that you want to encrypt. You can encrypt “used disk space only” or “whole drive”.
6. By clicking the "Run BitLocker system check" option, Windows will make sure to inspect your system before encrypting it.
7. Once you are done, restart your computer manually and enter the password to start the encryption process.
8. That’s it! You’ve successfully set up BitLocker on your PC.
Note: If you no longer need BitLocker, you can easily disable the feature by clicking on “Turn off BitLocker” under BitLocker Drive Encryption.
Setting up BitLocker for a Windows Server
Note: Bitlocker for servers will be available to use only if your SuperOps agent is on the latest version. We roll-out agent updates in a staggered manner over the course of a few days to ensure stability and to avoid issues. If you would like to use this feature immediately, please reach out to us and we will enable it for you.
Using Server Manager:
Open Server Manager. Navigate to Manage > Add Roles and Features.
Click Next until you reach the Features section.
Find and check BitLocker Drive Encryption.
Follow the prompts to install BitLocker.
Once installed, Restart the server.
Using PowerShell:
Open PowerShell with administrative privileges.
Run the following command to install BitLocker:
Install-WindowsFeature -Name BitLocker -IncludeAllSubFeature -Restart
BitLocker Status in SuperOps
Navigate to Modules > Assets.
Select a Windows asset that is online and scroll down to Disk Info under Summary.
Here, you’ll be able to see the disk space available in each drive and the BitLocker status of each.
4. Click “more info” and you’ll be taken to the BitLocker Encryption status page.
5. On this page, you’ll be able to see the drives of the asset, their encryption status, their encryption method, their lock status, and their recovery key, if any.
💡 SuperTip:
The encryption status indicates the status of the encryption or decryption of the drive.
The encryption method indicates the encryption algorithm and key size used on the drive.
The lock status indicates if the contents of the drive are accessible from Windows or not.