Windows Encryption

Overview

This page outlines how users can utilize the supported Windows disk encryption solution (Bitlocker) within the University of Lethbridge's enviroment.  

If you would like more information, please continue reading below.  If you are simply looking to recover a lost BitLocker key, here is a quick link to the recovery portal:

https://its-mbamsrv-p.uleth.ca/SelfService/

The University of Lethbridge is using the Microsoft BitLocker Administration and Monitoring (MBAM) application to manage and enforce use of BitLocker encryption (What is BitLocker?) on nearly all new centrally-managed computers that are given to users.  This means that all eligible new machines provided to users come with their internal drives already encrypted.  Encryption on other media such as USB sticks and external hard drives will not be enforced but is strongly encouraged.

These services can be utilized by:

  • All new desktops provided by central IT (enforced)
  • All new laptops provided by central IT that have a chip known as a Trusted Platform Module (TPM - What is a TPM?) (enforced)
  • Any other computers with a TPM chip that are opted-in to the policy. (optional)

Encryption Services Provided by the University

  • A self-service portal for users to recover encryption keys for any drive they have encrypted including both the Windows drive and other drives such as USB sticks
  • A Help Desk portal that allows central IT to assist with the retrieval of encryption keys
  • Encryption tracking and enforcement features that allow us to ensure that the encryption policy is being followed

Recovering an Encryption Key

In the event that you need to recover a key for an encrypted drive, you will first need to acquire the first 8 characters of the "Recovery key ID".  You can acquire this value in one of two ways:

  • If you are attempting to recover the Windows drive, the computer should show you the Recovery key ID when it boots as it will be unable to decrypt the drive and boot into the operating system.
    • For Windows 7, the screen will look something like this (image borrowed from the University of Iowa here):

    • For Windows 8 and up, it will look something like this (image borrowed from the University of Iowa here):

  • If you attempting to recover any other drive, you can get the Recovery key ID by clicking "More options -> Enter Recovery Key" in the popup Windows provides when it attempts to decrypt the drive

Once you have the Recovery key ID, go to our self-service recovery portal by clicking this link.  To recover the key, simply login to the site using your University of Lethbridge credentials and then, when prompted to, enter the first 8 characters of the "Recovery Key ID" mentioned earlier and it will provide you with the 48-digit BitLocker Recovery Key.  Enter the key into the recovery field on the locked computer and the computer should unlock and load Windows.

Opting In

If you wish to encrypt your drive and have the BitLocker keys stored centrally so that you can recover them through the self-service portal, you can opt-in by contacting IT and requesting that your computer be added.