Configuring BitLocker To Go in Windows 7

Before you start

Objectives: Learn how to configure BitLocker to Go on USB flash drive on Windows 7.

Prerequisites: you have to know what BitLocker is.

Key terms: BitLocker To Go, BitLocker, configuration, Windows 7, USB flash drive.


Before we start using BitLocker, we will format our USB flash drive using FAT32 file system and the default allocation unit size. Also, before we start using BitLocker, we should have our Data Recovery Agents (DRAs) configured. Next, we will open Local Group Policy Editor by entering gpedit.msc in search. Here we will configure some local policies related to BitLocker To Go. We will navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption. Here, the first thing we can do is set up unique identifiers for our organization. This setting will allow us to specify unique string that will be written on BitLocker devices.

1 Unique ID

Unique Identification Policy

In our case we have simply entered UtilizeWindows as our identifier. This will allow us to restrict people from being able to access or DRAs from being able to recover devices and drives that don’t have this unique ID on it. We can enter multiple IDs. After that we will go to the Removable Data Drives section. Here we will enable the Allow access to BitLocker-protected removable data drives from earlier versions of Windows.

 2 Earlier Versions Windows

Allowed Access on Earlier Versions of Windows

By doing this, users can take the USB drive and plug it in to Windows XP or Vista machine and be able to access it. Next thing we can do is to enable Deny access to removable drives not protected by BitLocker. We can also choose to deny write access to devices configured in another organizations.

 3 Deny Write Access

Deny Write Access

With this we are restricting our computers to have write access to a USB flash drive that has not been encrypted with BitLocker with our own organization ID. That means that we can’t bring someone BitLocker enabled drive from someone else and use it. The next thing we will do is enable the Configure use of passwords for removable data drives policy. We will select the Require password for removable data drive option.

4 Password

Password Policy

Control Panel

Now that we have some basic policies set, we can go to Control Panel and turn on BitLocker for our USB drive. In our case, our USB flash drive is ROKI (E:).

5 USB Drive

USB Drive

Next, we will be able to choose the way to unlock the USB flash drive. In our case we have the password option set (because of policy settings), so we will enter our password.

6 Enter password

Unlock Option

On the next screen we will have the option to save and print our recovery key. This step is very important for recovery purposes.

7 Save The Key

Recovery Option

On the next screen we will start the encryption process. Once our USB flash drive is encrypted, we can start using our drive. When we plug it out and than back in, in Control Panel we will see that the USB drive is locked.

8 Locked Drive

Locked Drive

When we try to open our USB drive from the Explorer, we will see a window in which we can enter the password to unlock the drive.

9 Password Unlock

Unlocking Drive

Note that we can save our password so that our USB drive is automatically unlocked when we plug it in. Once we click Unlock, we will have full access to our USB drive. We can manage BitLocker settings on our USB drive now in Control Panel. We can change the password used to unlock the drive, save the recovery key again, etc.

10 Manage Settings

Management Options