BitLocker with Active Directory Integration

IMPORTANT NOTE

Encryption is best left for an IT Professional to implement. If your department does not have an IT Professional, contact the IT Support Center for assistance.

BitLocker is full disk encryption software that is built into Enterprise and Education versions of Microsoft Windows. Full disk encryption means that the entire disk cannot be accessed without valid credentials, typically your UDelNet ID - the same credentials used for accessing email and other UD resources.

BitLocker can be configured in several different ways, but the most common method at UD uses your UDelNet credentials to unlock the disk.

For more information about the software, please read this Microsoft overview of BitLocker.

Frequently asked questions

Will users have to log in separately to access the computer?

No, they will continue to log in as they do now.

What changes will users notice?

None. Our implementation does not rely on a separate PIN or physical key, so no additional steps are required by the user.

What does it protect against?

BitLocker primarily protects against unauthorized access of the data if the drive is stolen or booted from another disk. If an attacker gains physical access to the unencrypted drive or machine, it can be booted up with a USB or other disk and all data is accessible even though the credentials for that machine are unknown to the attacker.

With a BitLocker encrypted drive, that drive can only be accessed if a valid user logs in or has the encryption key. Encryption keys are automatically backed up to our central Windows domain network and are only accessible to the IT Professionals in charge of managing the machine.

What doesn't BitLocker protect against?

BitLocker does not protect against compromised credentials. If an attacker has your UDelNet name and password, they can access the data on your hard drive. It does not protect against malware, virus infections, or other attacks the machine is vulnerable to while being used by an authorized user or someone with their credentials.

What risks are there in running BitLocker?

In rare instances where a hard drive fails physically, third party vendors may not be able to recover data they otherwise could because all data is encrypted. For that reason, it’s important to backup your data.

Will BitLocker slow down my machine?

BitLocker is designed to be transparent to the user and has minimal overhead during the encryption and decryption process.

What happens if the computer is turned off during encryption or decryption?

If the computer is turned off or goes into hibernation, the BitLocker encryption and decryption process will resume the next time Windows starts. This is true even if power is suddenly lost.