Search icon

Encryption TIps

Encrypting a UL Windows 10 Laptop

Windows 10 Laptops are encrypted using Bitlocker which encrypts the whole hard disk of the device.

  • All new Windows 10 Laptops will be encrypted before they are sent to the user.
  • If you have an existing Windows 10 Laptop or Surface Pro, you will have to arrange for it to be encrypted by ITD.
  • Recovery keys will be stored in Active Directory
  • Your laptop must have a compatible Trusted Platform Module (TPM) chip installed

Apple Mac Laptops can also be encrypted. Apple Mac Laptops are encrypted using Filevault.

  • If you have a new or existing Apple Mac Laptop you will need to arrange with ITD to get it encrypted.
  • Your Apple Mac Laptop will have to be added to the University Active Directory Domain.
  • Recovery keys will be stored in Active Directory

If you have a Windows 7 Laptop or surface Pro and want it t be encrypted you will have to get it upgraded to Windows 10.

  • Your Laptop will have to have enough resources such as memory, disk space and CPU to run Windows 10
  • Your laptop must have a compatible Trusted Platform Module (TPM) chip installed

There are many reasons that can cause Bitlocker to enter recovery mode for example

  • Changes to the devices BIOS
  • Attempting to boot the device from a USB key
  • Attempting to install the hard drive in another device
  • Turning off, disabling, deactivating, or clearing the TPM chip

Any of the above will trigger bitlocker to enter recovery mode. When this happens you will be presented with the following  blue screen.

If you get this screen you will have to enter your 48 digit recovery key. If you dont have this key then you will have to contact the ITD help desk to get it.



Files that contain sensitive and private information should be encrypted.

  • Microsoft Office programs such as Word and Excel have an option to encrypt files when saving them. 
  • WinZip is a utility that allows you to  encrypt a number or files simultaneously.

The HEA file sender is a mechanism to transmit files in a secure and safe way. Also, it can be used to transmit large files.

When sending sensitive data it is advised to use the HEAnet file sender service

Bitlocker to go

You can use Bitlocker to encrypt removable storage device such as USB keys and Drives. The following instructions show you how to do this.

1. Connect your removable storage device to your computer.

2. Right click on the drive letter of the removable device in file manager and click on the Turn on Bitlocker option. The following screen will appear.

3. Next you will be asked to enter a password that will be used to encrypt your portable device.

4. The next step is important in that you will be asked to specify a location for the recovery key for your device. This recovery key will be used in the event you forget your encryption password. You can save it to file or print it but do not save the key to the same removable device.

5. Next you will be asked to select the encryption mode you want to use. The default is compatible mode which will allow the removable device to be used on other computers.


6. The last screen will ask you to start the encryption process. Make sure you don't remove the key until the encryption is finished otherwise you will corrupt your device. You can use your computer while the removable device is been encrypted.


7. When the process is finished the following screen will appear. When you use your device you will be asked to enter your encryption password that you set at the start of the process.