Bitlocker Encryption User Guide



What's BitLocker?

When you store sensitive company data on any removable drive it's crucial that we take the necessary steps to protect that data.For that reason, we will start using a new encryption policy for USB flash drives, external hard disk drives, and other removable drives connected to TUI computers.

What this exactly means?

If you plug any kind of USB Pendrive or removable drive into the computer that can be used to store information, you will be asked to choose if you want to encrypt it or not by means of Bitlockker app:

  • If you decline the encryption you will be able access the pendrive but not write new files.
  • If you accept the encryption you will have to set a password, and after the encryption process you will be able to write files in your pendrive.

    Should I encrypt all my devices?

    BitLocker app will detect any USB removable media attached that can be used to store information. However there are some devices that you should avoid encrypt, since their main function is not storage:

  • Apple iPod, or any other music devices
  • SD cards used for photo cameras: Bitlocker encrypts properly the device, but the camera does not recognize it afterwards.
  • SD cards used for smartphones: Bitlocker encrypts properly the device, but the smarthphone does not recognize it afterwards.
  • USB devices used to update Castle's firmware. Bitlocker encrypts properly the device, but the Castle does not recognize it afterwards. For this cases please contact MyServicedesk.

    **NOTE: In case you encrypt it by mistake, please read the "How to remove the BitLocker encryption" section to remove the encryption or contact MyServicedesk to solve the issue. In no case, information, photos or music will be lost.

    MAC Computers

    IT Team is still working on set up the automatic encryption tool. Those who work in MAC will be contact soon to proceed.

  • How does it works?

    When a removable media device is connected to a TUI computer, Bitlocker will be launched automatically and you will be asked to choose:

  • Encrypt this drive using Bitlocker Drive Encription (the drive will be read-only until encryption is complete)
  • Don't encrypt this drive (you'll be able to open files that are already on the drive, but won't be able to save new files on it)




    When selecting the option "Encrypt this drive using Bitlocker Drive Encription" you will be asked to set a password.




    After setting a password, you will be asked to save your recovery key. In case you forget your password you can use this recovery key to access your pendrive.
    In case you lost the recovery key, you can contact MyServicedesk



    Then you will be prompted to start the encryption of your removable media. Click "Start encrypting"



    Wait until the process is complete.



    After encryption, every time you plug the removable media, you will need to use the password you've setup.




  • How to recover the password

    Connect your USB removable media and click on "More Options"



    Click on "Enter recovery key"



    Enter your recovery key. If you don't have the recovery key please contact MyServicedesk and provide your "Key Id"



    After unlock with the recovery key, right click your removable media and select "Change Bitlocker password"



    Type your old password and set your new password twice. In case you don't have your password, click on "Reset forgotten password"



    If you click on "Reset forgotten password" you can now set a new password.







    How to remove encryption

    Follow these steps to decrypt your device. Please be aware some of the screenshots might vary depending on your operating system (Windows 10 or Windows 7).

    Open "Control Panel" and on the "Search control panel" search bar type "BitLocker".



    Click over "Manage BitLocker"



    If the device is locked, you'll see an "Unlock drive" option, click over it to unlock it. You'll be requested to type your Bitlocker password to unlock the device.



    Once the device is unlocked, the "Turn off BitLocker" option will be shown. Click over it.



    A new window will show you the decryption process.



    A message will be shown once the decryption is completed.







    FAQ

    Q: Data and information stored pre encryption process can be lost?

    A: No, when Bitlocker finishes the encryption, information is fully available. Only in those cases where device is disconnected without pause the process, info may be affected.

    Q: What happens if the computer is turned off during encryption or decryption?

    A: The BitLocker encryption and decryption processes can be interrupted by turning the computer off, and it will resume where it left off the next time Windows starts. This is true even if the power is suddenly unavailable.

    Q: How long takes the encryption process?

    A: Microsoft estimates that BitLocker encryption can take 1 minute per 500MB. However, Windows 10 will go faster than Windows 7.

    Q: Can I stop the encryption process?

    A: You can pause it, but it cannot be cancelled.

    Q: Can I disconnect the device without pause it while the encryption process is running? (unsafety extraction)

    A: No, the device can be damaged and the info may be lost.

    Q: What happens if the device is already encrypted by other software different from BitLocker?

    A: Bitlocker launches it's own app to encrypt. Contact MyServicedesk in these cases.

    Q: What happens if I forgot my BitLocker password?

    A: The recovery key of any removable media encrypted with TUI Bitlocker policy, will back up automatically during the process. In case you forgot your BitLocker password you can contact MyServicedesk to recover it.

    Q: Encryption process shows error 0x80072f9a during BitLocker setup.

    A: This error is caused because the computer is not connected to a TUI office network. If you are at home or traveling you can connect Cisco AnyConnect VPN and retry the process.