Enabling/Resuming of BitLocker Guide V2.

Amendment History:

Version # 1.0 2.0

Approval Date 10 March 2011 25 March 2011

Modified By Sze Yenn Sze Yenn

Change Summary
-

Replaced the batch file with script code Added resuming of Bitlocker remotely. Added the checking of Bitlocker status remotely.

Table of Contents
Enabling BitLocker..................................................................................................................5 Resume BitLocker....................................................................................................................9 Manually.....................................................................................................................................9 Remotely..................................................................................................................................12 Change BitLocker PIN...........................................................................................................13 Checking Status of BitLocker...............................................................................................14 Manually...................................................................................................................................14 Remotely..................................................................................................................................16

REMINDER: YOU SHOULD SAVE ALL WORKING DOCUMENTS AND DATA BEFORE YOU BEGIN THE INSTALLATION. DO NOT FORCE SHUTDOWN. SHUTDOWN THE MACHINE GRACEFULLY.

NOTE: DO NOT REMOVE THE POWER CABLE OR LAN CABLE FROM THE MACHINE WHILE ENCRYTION IS IN PROGRESS

oneMeridian BitLocker Enabling Encryption: Program will be assigned to the machine for a pre-determined period (Approx. one month). Therefore the engineer can run the program anytime from the Control Panel, Run Advertised Programs Applet.

Enabling BitLocker
1. Click Start 2. Click Control Panel 3. Double-Click the Run Advertised Programs Icon

4. Select the Program oneMeridian BitLocker Enable Encryption ENG Per System Attended and Click RUN.

NOTE: DO NOT RUN THE BITLOCKER ENCRYPTION MANUALLY IF THE RUN ADVERTISED IS NOT PUSHED DOWN DURING DEPLOYMENT, LOG A TICKET WITH SERVICE DESK AND ROUTE THE TICKET TO SCCM REGARDING THE INCIDENT. 5

5. Once you click the RUN button, a notification Program Download Required will appear. Please select the option Run Program Automatically When Download Completes and Click DOWNLOAD

6. After you click on Download, the Program Download Status Window will be displayed. PLEASE DO NOT CLICK THE CANCEL BUTTON IN THIS SCREEN.

7. You will be able to tell whether BitLocker has started the encryption of the hard disk by opening Windows Explorer and verify that the hard disk (C:) free space is about 6 GB.

NOTE: DO NOT REMOVE THE POWER CABLE OR LAN CABLE FROM THE MACHINE WHILE ENCRYTION IS IN PROGRESS

Resume BitLocker
Manually
1. Click Start 2. Click Control Panel 3. Double-Click the Run Advertised Programs Icon

4. Select the Program oneMeridian BitLocker Resume Encryption. ENG Per System Attended and Click RUN

NOTE: IF THE RUN ADVERTISED IS NOT PUSHED DOWN DURING DEPLOYMENT, LOG A TICKET WITH SERVICE DESK AND ROUTE THE TICKET TO SCCM REGARDING THE INCIDENT.

5. Once you click the RUN button, a notification Program Download Required will appear. Please select the option Run Program Automatically When Download Completes and Click Download

6. After you click on Download, the Program Download Status Window will be

displayed. 7. Download process usually takes around 1 to 5 minutes. 8. You will be able to tell whether BitLocker has started the encryption of the hard disk by opening Windows Explorer and verify that the hard disk (C:) free space is about 6 GB.

10

11

Remotely
Note : Do contact user before you resume the encryption as the system will degrade upon encryption begins. 1. Run CMD.exe as an administrator 2. Type in command prompt: CScript manage-bde.wsf cn L12345678 resume c:. You will resume the BitLocker encryption.

3. Save the above Screenshot. 4. Alternatively, you can copy the below script to notepad and save it as bitlockeresume.bat. @echo off echo ****************************************************** echo This bat file will resume the encryption of Bitlocker. echo Please close this bat file if you have no intention on checking on the status. echo You will require adminstrative rights to proceed on with the bat file. echo ****************************************************** pause cscript manage-bde.wsf cn <hostname> -resume c: pause exit *** Upload screenshot to work info in Remedy ***

12

Change BitLocker PIN

Please Change the BitLocker PIN if you are using default PIN 1234567890: 1. Please ensure that your computer is connected to the SOE network in order to change BitLocker PIN. 2. Go to Start Control Panel Run Advertised Programs, scroll down and select oneMeridian BitLockerPINChange 3.1(1) ENG Per-System Attended program and click Run, the following prompt will be displayed:

3. Enter your new BitLocker PIN in both empty box and click OK. 4. The criteria for the Pin is minimum 4 digits up to a maximum of 20 digits. 5. The following message box will be shown to indicate that BitLocker PIN has been changed successfully. Click OK to close the window.

6. Thereafter the following message box will be shown to inform the BitLocker recovery password has been changed and backup to Active Directory successfully. Click OK to close the window and restart the machine to check on the new pin change

13

7. Upon PIN change, do a restart on the machine to test on the new PIN

Checking Status of BitLocker

Manually
5. Run CMD.exe as an administrator 6. Type in command prompt: CScript manage-bde.wsf status. You will get the bitLocker encryption status 7. Type in command prompt hostname. Hostname will appear. 8. Type in command prompt Date /T. System date will appear. 9. Type in command prompt Time /T. System time will appear.

10.Save the above Screenshot. 14

11.Alternatively, you can copy the below script to notepad and save it as bitlockerstatus.bat. @echo off echo ****************************************************** echo This bat file will show the Bitlocker Status. echo Please close this bat file if you have no intention on checking on the status. echo You will require adminstrative rights to proceed on with the bat file. echo ****************************************************** pause cscript manage-bde.wsf -status c: hostname date/t time/t pause exit *** Upload screenshot to work info in Remedy ***

15

Remotely
1. Run CMD.exe as an administrator 2. Type in command prompt: CScript manage-bde.wsf cn L1101XXXX status c:. You will get the bitLocker encryption status 3. Type in command prompt Date /T. System date will appear. 4. Type in command prompt Time /T. System time will appear.

5. Save the above Screenshot.

16

6. Alternatively, you can copy the below script to notepad and save it as bitlockerstatus.bat. @echo off echo ****************************************************** echo This bat file will show the Bitlocker Status. echo Please close this bat file if you have no intention on checking on the status. echo You will require adminstrative rights to proceed on with the bat file. echo ****************************************************** pause cscript manage-bde.wsf cn <hostname> -status c: date/t time/t pause exit *** Upload screenshot to work info in Remedy ***

17