MBAM User Guide
This document outlines features of the Bitlocker Service that users can interact with. The document assumes Bitlocker is already set up and active on the machine in question.
How do I temporarily suspend BitLocker encryption?
There are a few scenarios when BitLocker should be disabled:
- Upgrading an operating system
- Upgrading BIOS
- Changing startup files
- Go to Start > Control Panel > System and Security > BitLocker Drive Encryption > Suspend Protection for the operating system drive. A message will be displayed stating that data will not be protected while BitLocker is suspended, and asking if you want to suspend BitLocker Drive Encryption.
- Click Yes to confirm you want to suspend BitLocker on the drive.
- Note:Remember to re-enable protection after completing the desired system changes.
Enabling MBAM on external drives (Bitlocker To Go)
In addition to encrypting the Operating System drive or fixed data drives on a computer system you may also want to encrypt removable drives attached to your computer. To do this, follow the below steps.
- MBAM Client installed
- MBAM GPO Applied
- Requires drive to use NTFS file format.
- Attach the removable drive to the computer.
Open a Windows Explorer window and locate the removable drive.
- Right-click on the removable drive and select Turn on BitLocker…
- You should then see a Starting BitLocker screen.
After the drive is initialized you will be prompted with a Choose how you want to unlock this drive screen. Check the Use a password to unlock the drive box and enter a password into the provided boxes.
- You will then be presented with a How do you want to store your recovery key? screen. Select Save the recovery key to a file. After saving the file, click Next.
- If you are using Windows 10 you will be presented with a Choose how much of your drive to encrypt screen. Choose the best option according to the recommendations on screen and click Next.
- You will then see an Are you ready to encrypt this drive? screen. Click Start Encrypting.
The encryption process will begin. The amount of time it will take will vary depending on the size of the drive.
- When the process is complete you should see a screen indicating that encryption is complete.
- When the drive is detached and either re-attached to the same computer or attached to a different computer, you will be prompted for the password you entered in step 5. You will also have the option to automatically unlock the drive on that particular computer.
In the event that you forget the password that was set in step 5, click the I forgot my password link. You can then enter the 48 digit key that you saved before.
On Windows 8.1, the menus look like this:
- If you lose the password and the recovery key, go to https://numbam.ads.northestern.edu and use the Key ID to recover your recovery key.
Unlocking a computer using the Self Service Portal
- Under certain conditions, a machine encrypted with Bitlocker maybe become locked. This is usually caused by BIOS changed or forced shutdowns. To use the machine, it must be unlocked.
You will be presented with the following 2 screens if the machine needs to be unlocked. Windows 8 and 10 differ from Widows 7; both are pictured below.
Windows 8 and 10
To unlock the computer, you must access the Northwestern MBAM End User Self-Service Web Portal from a secondary computer to request a BitLocker Recovery Key.
URL for MBAM Self-Service:https://numbam.ads.northwestern.edu/SelfService/
- When prompted, log-in to the Northwestern MBAM portal using your NetID & password.
Input the first 8-characters of the BitLocker Key ID found on the computer console and select a reason for the recovery key to generate a one time BitLocker Recovery Key.
- Click the Get Key button to generate the 48-digit BitLocker Recovery Key for that specific computer.
- Type in the 48-digit BitLocker Recovery Key provided back into your computer, if successful the machine should proceed to the normal Windows log-in screen.
- If the BitLocker Recovery Process occurs on subsequent restarts, please access the BitLocker settings within Control Panel > System & Security > BitLocker Drive Encryption, then SUSPEND and RESUME BitLocker to resolve the issue.