enabling_resuming of bitlocker guide v2

Enabling/Resuming of BitLocker GuideV2.0

1

Amendment History:

Version # Approval Date Modified By Change Summary

1.0 10 March 2011 Sze Yenn

2.0 25 March 2011 Sze Yenn - Replaced the batch file with script code

- Added resuming of Bitlocker remotely.

- Added the checking of Bitlocker status remotely.

2

Table of ContentsEnabling BitLocker..................................................................................................................4

Resume BitLocker....................................................................................................................6Manually..............................................................................................................................6Remotely.............................................................................................................................8

Change BitLocker PIN.............................................................................................................9

Checking Status of BitLocker...............................................................................................10Manually............................................................................................................................10Remotely...........................................................................................................................12

3

REMINDER:

YOU SHOULD SAVE ALL WORKING DOCUMENTS AND DATA BEFORE YOU BEGIN THE INSTALLATION.

DO NOT FORCE SHUTDOWN. SHUTDOWN THE MACHINE GRACEFULLY.

NOTE:

DO NOT REMOVE THE POWER CABLE OR LAN CABLE FROM THE MACHINE WHILE ENCRYTION IS IN PROGRESS

4

oneMeridian BitLocker Enabling Encryption: Program will be assigned to the machine for a pre-determined period (Approx. one month). Therefore the engineer can run the program anytime from the Control Panel, Run Advertised Programs Applet.

Enabling BitLocker1. Click Start 2. Click Control Panel3. Double-Click the “Run Advertised Programs” Icon

4. Select the Program “oneMeridian BitLocker Enable Encryption ENG – Per System Attended” and Click RUN.

NOTE:

DO NOT RUN THE BITLOCKER ENCRYPTION MANUALLYIF THE RUN ADVERTISED IS NOT PUSHED DOWN DURING DEPLOYMENT, LOG A TICKET WITH SERVICE DESK AND ROUTE THE TICKET TO SCCM REGARDING THE INCIDENT.

5

5. Once you click the RUN button, a notification “Program Download Required” will appear. Please select the option “Run Program Automatically When Download Completes ’”and Click “DOWNLOAD”

6. After you click on Download, the “Program Download Status” Window will be displayed. PLEASE DO NOT CLICK THE CANCEL BUTTON IN THIS SCREEN.

7. You will be able to tell whether BitLocker has started the encryption of the hard disk by opening Windows Explorer and verify that the hard disk (C:) free space is about 6 GB.

NOTE:

DO NOT REMOVE THE POWER CABLE OR LAN CABLE FROM THE MACHINE WHILE ENCRYTION IS IN PROGRESS

6

Resume BitLockerManually1. Click Start 2. Click Control Panel3. Double-Click the “Run Advertised Programs” Icon

4. Select the Program “oneMeridian BitLocker Resume Encryption. ENG – Per System Attended” and Click RUN

NOTE:

IF THE RUN ADVERTISED IS NOT PUSHED DOWN DURING DEPLOYMENT, LOG A TICKET WITH SERVICE DESK AND ROUTE THE TICKET TO SCCM REGARDING THE INCIDENT.

7

5. Once you click the RUN button, a notification “Program Download Required” will appear. Please select the option “Run Program Automatically When Download Completes’” and Click “Download”

6. After you click on Download, the “Program Download Status” Window will be displayed.

7. Download process usually takes around 1 to 5 minutes.

8. You will be able to tell whether BitLocker has started the encryption of the hard disk by opening Windows Explorer and verify that the hard disk (C:) free space is about 6 GB.

8

RemotelyNote :

Do contact user before you resume the encryption as the system will degrade upon encryption begins.

1. Run “CMD.exe” as an administrator

2. Type in command prompt: “CScript manage-bde.wsf –cn L12345678 –resume c:”. You will resume the BitLocker encryption.

3. Save the above Screenshot.

4. Alternatively, you can copy the below script to notepad and save it as “bitlockeresume.bat”.

@echo offecho ******************************************************echo This bat file will resume the encryption of Bitlocker.echo Please close this bat file if you have no intention on checking on the status.echo You will require adminstrative rights to proceed on with the bat file.echo ******************************************************pausecscript manage-bde.wsf –cn <hostname> -resume c:pauseexit

*** Upload screenshot to work info in Remedy ***

9

Change BitLocker PINPlease Change the BitLocker PIN if you are using default PIN “1234567890”:

1. Please ensure that your computer is connected to the SOE network in order to change BitLocker PIN.

2. Go to Start Control Panel Run Advertised Programs, scroll down and select “oneMeridian BitLockerPINChange 3.1(1) ENG – Per-System Attended” program and click Run, the following prompt will be displayed:

3. Enter your new BitLocker PIN in both empty box and click OK.4. The criteria for the Pin is minimum 4 digits up to a maximum of 20 digits. 5. The following message box will be shown to indicate that BitLocker PIN has been changed

successfully. Click OK to close the window.

6. Thereafter the following message box will be shown to inform the BitLocker recovery password has been changed and backup to Active Directory successfully. Click OK to close the window and restart the machine to check on the new pin change

7. Upon PIN change, do a restart on the machine to test on the new PIN

10

Checking Status of BitLockerManually5. Run “CMD.exe” as an administrator

6. Type in command prompt: “CScript manage-bde.wsf –status”. You will get the bitLocker encryption status

7. Type in command prompt “hostname”. Hostname will appear.

8. Type in command prompt “Date /T”. System date will appear.

9. Type in command prompt “Time /T”. System time will appear.


11

11. Alternatively, you can copy the below script to notepad and save it as “bitlockerstatus.bat”.

@echo offecho ******************************************************echo This bat file will show the Bitlocker Status.echo Please close this bat file if you have no intention on checking on the status.echo You will require adminstrative rights to proceed on with the bat file.echo ******************************************************pausecscript manage-bde.wsf -status c:hostnamedate/ttime/tpauseexit


12

Remotely1. Run “CMD.exe” as an administrator

2. Type in command prompt: “CScript manage-bde.wsf –cn L1101XXXX –status c:”. You will get the bitLocker encryption status

3. Type in command prompt “Date /T”. System date will appear.

4. Type in command prompt “Time /T”. System time will appear.


13

6. Alternatively, you can copy the below script to notepad and save it as “bitlockerstatus.bat”.

@echo offecho ******************************************************echo This bat file will show the Bitlocker Status.echo Please close this bat file if you have no intention on checking on the status.echo You will require adminstrative rights to proceed on with the bat file.echo ******************************************************pausecscript manage-bde.wsf –cn <hostname> -status c:date/ttime/tpauseexit


14

enabling_resuming of bitlocker guide v2

Documents