1. Open Control Panel.
2. Double-click BitLocker Drive Encryption.
3. If you have not initialized your TPM yet, you will see the Initialize TPM
Security Hardware Wizard. Simply follow the wizard and restart the computer.
If you do not have a TPM module on your system, you will need to perform
the following steps to allow you to enable BitLocker without a TPM:
a. Choose Start | Run.
b. Type gpedit.msc and press enter.
c. Expand Computer Configuration | Administrative Templates | Windows
Components | BitLocker Drive Encryption.
d. Double-click Control Panel Setup: Enable Advanced Startup Options, as
shown in Figure 10-7.
Figure 10-7. Access the BitLocker Drive Encryption Group Policy item.
346 Microsoft Windows Server 2008 Administration
e. On the Properties page, select Enabled and make sure the Allow BitLocker
without a Compatible TPM checkbox is checked. From the drop-down lists
below this, you can select startup key and pin options of your choice for
computers with a TPM; then click OK (Figure 10-8).
f. Close the local group policy editor, and then open a command prompt and
run gpupdate.
TIP You can also make this change centrally if you have Active Directory by setting these preferences
in a Group Policy object on your domain. Also, in the same policy template, you can enable BitLocker
backup to Active Directory.
g. Go back into the BitLocker Drive Encryption Control Panel applet.
Pages:
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387