Encrypting your data carrier with BitLocker
This chapter shows how you can encrypt an industrial PC's data carrier PC with BitLocker. Encryption protects the data on your device so that only the individual industrial PC can access it.
For encryption, BitLocker requires a separate partition of the data carrier, which is created automatically during the activation process. The partition starts before the operating system and accesses a Trusted Platform Module (TPM) by default to check whether the hardware is unchanged and is therefore trustworthy.
After activation, BitLocker does not appear as long as the environment of the data carrier remains unchanged. This means that unauthorized persons are no longer able, for example, to insert the data carrier into another industrial PC and boot from the data carrier.
Enable BitLocker as follows:
- 1. Click Start > Windows System > Control Panel and then click BitLocker Drive Encryption.
- 2. Click the Turn on BitLocker button and follow the further instructions.
- 3. Specify how you want to back up the BitLocker recovery key for the data carrier you are encrypting.
For more information, go to BitLocker recovery key.
- Do not switch off the industrial PC while the data carrier is being encrypted. Once encryption has been carried out, a message will appear, stating that encryption has been successful.