Skip to content Skip to site navigation Skip to service navigation

How to Install VLRE for Windows

When you run the VLRE installer, you are presented with Stanford's Device Enrollment app, a brief questionnaire that gathers basic information about your computer. If you previously responded to these questions, your answers are displayed and you can change them if you wish.

After you complete the questionnaire:

  • If your computer was encrypted using the Stanford Whole Disk Encryption service (SWDE) no further action is required.
  • If your computer is not encrypted, VLRE steps you through the process of encrypting your hard drive. You are prompted to enable BitLocker, Microsoft's built-in encryption technology, to encrypt the whole disk. If BitLocker cannot be enabled automatically, a browser opens and displays the instructions for manually enabling BitLocker.
  • If you self-encrypted your computer by turning on BitLocker,  you are presented with an option to have your recovery key escrowed in a secure database. This option is highly recommended This option is highly recommended because it allows you to use the MyDevices service to recover your encryption key. If you forget your password you need your recovery key to access your computer. If you don't have your recovery key, your data is permanently lost.

Download software

System requirements:

  • Operating System: Windows 7 (Enterprise or Ultimate), Windows 8/8.1 (Professional or Enterprise), Windows 10 (Pro, Enterprise, or Education)
  • TPM for Windows 8.0 and below: The Trusted Platform Module (TPM) version 1.2 or higher must be installed. It must also be enabled and activated (or turned on).

If BigFix is installed on your computer it must removed before you can install VLRE. When prompted, click Yes to remove BigFix.

Prompt to remove BigFix

Device enrollment questionnaire

  1. Double-click the VLRE installer to run it.
  2. When the Install VLRE screen displays, click Continue. A setup wizard guides you through the steps necessary to install the software.

    begin VLRE installation
  3. The Device Enrollment app runs, asking a series of questions regarding the use of this computer for Stanford business. If you have already answered these questions, please review the answers and make any necessary corrections.  Click Proceed Now.

    start the enrollment questionaire  
  4. Next, choose whether or not you have a valid SUNet ID and then click Continue.

    query for valid SUNet ID
  5. If you have a valid SUNet ID:
    • Enter your SUNet ID and password on the Login screen.

      Login screen
    • You will be asked to answer some questions about this device and the types of data that is accessed and stored on it.
  6. If you do not have a valid SUNet ID:
    • If you are no longer affiliated with Stanford, the questionnaire is terminated.
    • If  this computer is used for Stanford work, the questionnaire is terminated. Someone with a valid SUNet ID needs to complete the questionnaire.

Encrypt with VLRE

If your computer is not encrypted, VLRE steps you through the encryption process after the questionnaire is completed.

Before you begin

Note: You are encouraged to contact your local support organization to make sure your system is being routinely backed up prior to running the VLRE installer.

IMPORTANT: Make sure that you back up your computer or data before you start encrypting. If the disk encryption process encounters a disk error, data loss or corruption could occur. Code42 CrashPlan provided by University IT is the recommended backup service and is widely used within Stanford, but your local IT group may provide other options.

  • Before starting the encryption, make sure your computer is on AC power and has an active network connection.
  • Depending on the size and speed of your hard drive and how many files are stored there, encryption can take from 45 minutes to two days. You may want to install the the software at the end of the day and let the encryption run over night. You can use your computer during the encryption process, but certain activities may be noticeably slower.

You are given an option to have VLRE log the program activity to a local file that technical support staff can use for troubleshooting. Choose whether or not you want to log the program activity and then click Next.
choose whether or not to log program activity to aid troubleshooting

Click OK to begin whole disk encryption.

VLRE installation has completed successfully message


  1. First, the Welcome window displays. Browse through the instructions and then click Next.

    Welcome to the Encryption Installer screen
  2. Read the policy agreement and then click Next.

    policy agreement
  3. Click Configure to enable BitLocker.

    click Configure to enable BitLocker
  4. Your are asked whether you want to escrow your encryption recovery key in a secure database. Selecting Yes is highly recommended because it allows you to use the MyDevices service to recover your encryption key. Click Next to continue.

    choose whether to escrow recovery key
  5. The next screen describes what to expect. If you are ready to encrypt your hard drive, check I have a backup and understand the risks involved and wish to continue and then click Continue.

    what to expect from the encryption process
  6. If you see a message saying that a Bitlocker recovery partition is created but your computer must be restarted to enable it, click OK to restart your computer.

    If the installer cannot enable BitLocker,  an error message displays. Your default browser launches and navigates to the instruction page for manually enabling BitLocker. Follow these instructions to encrypt your computer.

    restart computer to enable BitLocker recovery partition
  7. After your computer restarts a User Account Control dialog box displays. Click Yes to let the Stanford Security Compliance program make changes to this computer.

    User Account Control dialog box
  8. If a window displays asking if you have a TPM owner password, click Clear the TPM.

    clear the TPM
  9. The screen describing what to expect displays again. Check I have a backup and understand the risks involved and wish to continue and then click Continue.

  10. Create a Bitlocker password and then click OK. You need to enter this password whenever you restart your computer once BitLocker is enabled.
    Note: The red ball changes to green when your BitLocker password meets Stanford's security standards.

    create a BitLocker password
  11. An encryption recovery key is generated and displayed. You will need this to unlock your encrypted drive if you forget your computer password. Make a copy of the recovery key and store it in a safe place. Then, click Close.

    display of encryption recovery key
  12. Click Restart Computer Now to restart your computer. Encryption will begin when your computer restarts.
    Note: Click Let me see my password to see your password in clear text before continuing. Remember this password.

    prompt to restart your computer
  13. From this point on, you will need to enter your BitLocker password whenever you restart your computer.

    restart computer to continue installation of SWDE

Self encryption

If you encrypted your computer using BitLocker without using Stanford Whole Disk Encryption (SWDE), you are responsible for managing the recovery key.

After completing the questionnaire you are presented with an option to have the recovery key escrowed in a secure database. This option is highly recommended because if you lose or forget your recovery key, your encrypted data will be irretrievable.

Upgrade notice

When a new version of VLRE is available, a message appears in the bottom-right corner of you window, above the notification area. You should run the latest version of VLRE to maintain device compliance.

message notifying you that a new version of VLRE is available for download

If you need help

  • If you encounter problems, please call (650) 725-4357 or submit a Help ticket.
Last modified September 25, 2019