University Managed PCs - BitLocker Encryption
The University Information Security Project Board has requested a default security setting for all University managed devices to have hard disk drive (hdd) encryption enabled. The Directorate of Academic Support has commissioned an enterprise standard hard disk drive encryption tool for all devices using Microsoft Windows operating system.
The term BitLocker Encryption refers to the Microsoft BitLocker hdd encryption technology. From June 2016 this technology will be deployed to all University Windows managed devices as a continuing programme of installations.
The delivery of the BitLocker Encryption technology marks the start of a comprehensive Information Security (InfoSec) improvement programme for the University of Wolverhampton. The InfoSec programme aims to deliver the following which will provide enhanced data processing capacity and security for all staff:·
- New security information tools
- Staff training opportunities
Device Encryption – Microsoft BitLocker
BitLocker Encryption will be enabled on all staff University Windows desktops and laptops through an automated network profile update. This action is triggered when a university device is connected to the network. The deployment of Microsoft BitLocker has been targeted to managed staff laptops for which we have successfully encrypted nearly 90% of our managed laptop estate. The Microsoft BitLocker encryption rollout for Desktops will commence from January 2017.
Maintaining Business Continuity – User Deployment Options
Users can implement the encryption process themselves. Users may postpone the encryption process for a period of up to 21 days. This deployment option is provided to ensure that the encryption process is completed with minimal impact on critical business use of the device.
Desktop encryption will not require a PIN, users will be prompted to encrypt their devices at logon following deployment of the software to desktops.
BitLocker User Guide
The BitLocker User Guide (PDF 1,802K, Downloads file) provides the following instructions:
- How to encrypt a device
- How to logon onto a device which has been encrypted
- What to do if you forget your PIN for laptops
BitLocker Encryption Q&As
Yes, the current policy is that all staff University managed devices require hdd encryption to be enabled in order to comply with the current Information Commissioner Office guidance regarding enterprise device management. Confidential data may only be stored on devices which comply with the provisions of the Information Governance Policy.
Encrypting the hdd will usually take between 1-2 hours depending on the amount of data already stored on the hdd and the available space to complete the process. More data and less space means encryption time will increase.
No, the encryption does not require the device to the connected to the network once it has commenced, so you can start the process on the University network, disconnect the device and the process will continue when the device is next repowered – at home, travelling etc.
Yes, you can shut down your desktop device at any point during encryption the process will resume when the device is powered back up again.
Yes, you can continue using the device whilst encryption is taking place. If this is interrupted (e.g. you have switched off your device) the encryption process will carry on.
You need to keep the device connected to the mains power supply during the encryption process.
A PIN is a Personal Identification Number, which is required to open your laptop and access data from the encrypted hdd. You will need to select a numeric PIN for the laptop, this has to be at least 4 digits long.
PLEASE NOTE: A PIN will only be used for laptop encryption, desktops will not require a PIN at logon.
No, shared laptops will not require a PIN, users will be prompted to encrypt their devices at logon following deployment of the software.
PLEASE NOTE: Users are reminded that in no circumstances should personal or commercial sensitive data be stored on shared laptops. Storage of such data on shared devices is a breach of University policy.
There are two options for recovering a PIN for your device:
BITLOCKER ENCRYPTION - SELF SERVICE PORTAL
The BitLocker Self Service Portal provides an online tool where you can gain access to an encrypted device without the need to contact the IT Service Desk.
IT SERVICE DESK RESET
If for whatever reason you are unable to access the BitLocker Self Service Portal you can contact the ITS Service Desk via ext.2000 / firstname.lastname@example.org, who can assist you to regain access to your device.
IMPORTANT NOTE – BITLOCKER SELF SERVICE PORTAL
The BitLocker Self Service Portal recovery process is only available to those users who have already successfully accessed the device. In all other circumstances you will need to contact the IT Service Desk (ext.2000) for assistance.