Utilities to Manage BitLocker Disk Encryption

I’ve recently been migrating to a Windows 7 laptop using BitLocker for full disk encryption.  Many of my co-workers have extensive experience with BitLocker, but I’ve had a desktop for a couple years and before that my laptop used GuardianEdge Encryption Anywhere.  This is my first experience with BitLocker.  To access the BitLocker Manager application go to Start -> Control Panel -> System and Security -> BitLocker Drive Encryption.  That interface is pretty much limited to allowing you to turn off/on BitLocker, suspend protection, save or print a recovery key, and reset your PIN for each of your drives. [more]

I found the “manage-bde.exe” command line utility is also useful in addition to the GUI.  The “bde” in the application’s name stands for “BitLocker Disk Encryption” and knowing that makes it a easier to remember the name.  I like running “manage-bde.exe -status” because it displays more details like the conversion status, percentage encrypted, and encryption method.  The manage-bde.exe documentation can be found at http://technet.microsoft.com/en-us/library/dd875513(WS.10).aspx.

There is also two other command line tools available. Repair-bde.exe can be used to access encrypted data on a severely damaged hard disk if the drive was encrypted by using BitLocker.  This would be useful if your system has a hard disk failure or if Windows exits unexpectedly.   Bdehdcfg.exe is used to prepare a drive with the partitions necessary to BitLocker Drive Encryption.  In most cases you will not need this tool because the BitLocker setup includes the ability to prepare and repartition drives as required.  The documentation for these two tools can be found at http://technet.microsoft.com/en-us/library/ee706528(WS.10).aspx and http://technet.microsoft.com/en-us/library/ee732026(WS.10).aspx respectively.

A co-worker pointed out another BitLocker tip to me.  Typically, if you make any BIOS upgrades you should suspend BitLocker, do the upgrade, and then resume BitLocker.  If you forget to do these steps the PC will constantly boot into BitLocker recovery mode.  Suspending and resuming BitLocker after the BIOS upgrade appears to reset BitLocker so it boots normally.

Security and Compliance Windows 7 BitLocker