Encrypting a Windows Disk Using the HyTrust Policy Agent GUI

The following procedure describes how to encrypt a Windows data drive, boot drive, or folder mount using the HyTrust Policy Agent GUI.

Before You Begin 

• If this is a data partition, make sure the disk you want to encrypt meets the prerequisites described in Windows Encryption Prerequisites.
• If this is a Windows boot partition, make sure the partition has been set up as described in Windows Boot Drive Encryption. Note: The boot partition may not appear as an available disk until after the HyTrust Bootloader is installed.

Procedure 

1. Log into the VM as a System Administrator.
2. Select Start > All Programs > HyTrust > HyTrust DataControl or start Windows Powershell and enter the hclgui command.

3. Right-click on the disk and select one of the following:

   • Add and Format — Registers the disk with KeyControl and reformats it using NTFS. Any existing data on the disk is lost. This is equivalent to the hcl add command with all defaults selected.

   • Add and Encrypt — Registers the disk with KeyControl and encrypts the data that already exists on the disk. This is equivalent to the hcl encrypt command with all defaults selected.

     If the disk is sparse, DataControl only encrypts the allocated blocks to ensure that the sparseness remains. Sparse is not available for C: drives.

   After you select the option you want to use, confirm the selection at the prompt. DataControl displays a status message while the encryption is in process and updates the disk list in the HyTrust Policy Agent GUI while it is running.

   For example, the following screenshot shows that the folder mount C:\data is encrypted and attached to KeyControl, while the C: disk is 70.05% encrypted.

   

   The encryption proceeds in the background and you can continue to use the disk while it is being performed. If you want to change the encryption speed, see Changing the Encryption/Decryption Speed on Windows.