How to Encrypt Hard Drive with BitLocker

How to use BitLocker Drive Encryption on Windows

If you have a device with sensitive files, use this guide to use BitLocker encryption to add an extra layer of security to Windows.

On Windows 10, if you keep sensitive files on your device, it is crucial to take the necessary steps to protect them, and this is when BitLocker comes in handy. BitLocker is a feature that has been around for a long time and provides a way to encrypt data on the hard drive to prevent unauthorized access.

Encryption essentially renders any data unreadable without the necessary authorization. When you use encryption to scramble your data, it will remain unreadable even if you share it with others. Only you, with the correct encryption key, can decrypt the data to make it usable.

If you’ve never used BitLocker, the feature offers two methods of encryption: hardware-based encryption using a Trusted Platform Module (TPM) chip and software-based encryption using a password or USB flash drive to decrypt the drive and continue booting. Also, the feature protects the data on the installation drive, secondary storage, and removable media with “BitLocker To Go.”

Before getting started with BitLocker,

Here are a few details you need to know before using these instructions:

• BitLocker Drive Encryption is available on Windows 10 Pro and Enterprise. On select devices, Windows 10 Home Edition has its own version of BitLocker. To set it up, you can use these steps. up.
• For optimal performance, the device requires a Trusted Platform Module (TPM) chip. This is a special chip that enables the device to support advanced security features.
• BitLocker is available without TPM using software-based encryption, but it requires some extra steps for additional authentication.
• During startup, the computer’s firmware must support TPM or USB devices. If the feature is not available, contact the computer manufacturer to update the Basic Input Output System (BIOS) or Unified Extensible Firmware Interface (UEFI) update.
• The computer’s hard drive must have two partitions, including a system partition with the necessary files to start the system and a partition with the Windows 10 installation. If the device does not meet the requirements, BitLocker will create them automatically. Additionally, the NTFS file system must format the hard drive partitions.
• The encryption process is not complicated, but it can take a lot of time, depending on the drive’s amount of data and size.
• Keep the computer connected to an uninterrupted power supply (UPS) throughout the process.

How to check if a device To use BitLocker, a device must have TPM support.

To check if a computer has TPM on Windows 10, use these steps:

1. Open Start.
2. Search for Device Manager and click the top result to open the app.
3. Expand the security device branch.
4. Confirm the item that reads “Trusted Platform Module” with the version number.

Quick note: The TPM version must be version 1.2 or later to support BitLocker.

Alternatively, you can check your manufacturer’s support website for details on whether the device includes the security hardware and the instructions to enable the security feature.

If you have a Surface device, it likely includes a Trusted Platform Module with support for BitLocker encryption.

How to enable (hardware) BitLocker on the system drive

To enable BitLocker on a device with TPM, use these steps:

1. Open Start.
2. Search for Control Panel and click the top result to open the app.
3. Click on System and Security.
4. Click on “BitLocker Drive Encryption.”
5. Under the “Operating system drive” section, click the “Turn on BitLocker” option.
6. Select the option to save the recovery key.

• Save it in your Microsoft account.
• Save it to a file.
• Print the recovery.
• Quick tip: If you trust the cloud, save your recovery key in your Microsoft account using the Save to your Microsoft account option. You can always retrieve the encryption key at this OneDrive location.

1. Click the next button.
2. Choose how much drive space to encrypt.

• Encrypt only used disk space (faster and better for new PCs and drives).
• Encrypt the entire drive (slower, but best for PCs and drives already in use).

1. Choose between the two encryption options:

• The new encryption mode is ideal for fixed drives on this device.
• Drives that are movable from this device perform best in the compatible mode.
• Click the next button.
• Check the “Run BitLocker system check” option.
• Click the “Continue” button.
• Click the Restart Now button.

After you complete the steps, the device will restart, BitLocker will be enabled, and you will not be prompted to enter a decryption password to continue starting Windows 10.

Although the device will boot very quickly, under Control Panel > System and Security > BitLocker Drive Encryption, you will notice that BitLocker is still encrypting the drive. Depending on the option you selected and the drive size, this process can take a long time, but you can continue to work on the computer.

After the encryption process, the drive will include a lock icon, and the label will read “BitLocker on.”

Once you enable drive encryption, you’ll have access to several options, including:

• Suspend protection: This option will stop safeguarding your files. Usually, you should use this option when upgrading to a new version of Windows 10, firmware, or hardware. If you don’t resume the encryption protection, BitLocker will resume automatically during the next reboot.
• Back up your recovery key: You can use this option to create a new backup of the key using the settings from Step 6 if you lose the recovery key while still logged into your account.
• Change password: This creates a new encryption password, but you will still need to supply the current password to make the change.
• Remove passwords: Without a form of authentication, you cannot use BitLocker. You can remove a password only when you configure a new method of authentication.
• Turn off BitLocker, which decrypts all the files on the drive. Also, decryption may take a long time to complete, but you can still use your computer.

How to enable BitLocker (software) on the operating system drive

If the computer does not have a Trusted Platform Module chip, you won’t be able to configure BitLocker on Windows 10. If you use the Local Group Policy Editor to enable additional authentication at startup, however, you can still use encryption. Once you enable the feature, you must provide a password or USB flash drive with a recovery key to unlock the drive and proceed with the computer startup process.

To configure BitLocker on devices without a TPM chip, use these steps.

1. Open Start.
2. Search for pewit and click the top result to open the Local Group Policy Editor.
3. Browse the following path: You should navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
4. On the right side, double-click the “Require additional authentication at startup” policy.
5. Select the enabled option.
6. Check the “Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)” option.
7. Click the Apply button.
8. Click the OK button.

To enable BitLocker on your device, use these steps:

1. Open Start.
2. Search for Control Panel and click the top result to open the app.
3. Click on System and Security.
4. Click on “BitLocker Drive Encryption.”
5. Under the “Operating system drive” section, click the “Turn on BitLocker” option.
6. Click the next button.
7. Click the Next button again.
8. Click the Restart Now button.
9. Click the next button. (The process should restart automatically.)
10. Select the encryption-to-unlock method:
11. Insert a USB flash drive — this is required to unlock the device and boot into Windows 10.
12. Enter a password — a password is required before booting into Windows 10 (recommended).
13. To unlock BitLocker and access your device, create and confirm the password.
14. Click the next button.
15. Select the option to save the recovery key.

• Save it in your Microsoft account.
• Save it to a USB flash drive.
• Save it to a file.
• Print the recovery.
• Click the next button.
• Choose how much drive space to encrypt.
• Encrypt only used disk space (faster and better for new PCs and drives).
• Encrypt the entire drive (slower, but best for PCs and drives already in use).

Choose how much of your drive to encrypt.

1. Choose between the two encryption options:

• The new encryption mode is ideal for fixed drives on this device.
• Drives that are movable from this device perform best in the compatible mode.

1. Click the next button.
2. Check the “Run BitLocker system check” option.
3. Click the “Continue” button.
4. Click the Restart Now button.

Choose the encryption mode to use.

After you complete the steps, the computer will restart, and BitLocker will prompt you to enter your encryption password to unlock the drive.

How to enable BitLocker on fixed data drives

To configure BitLocker on a secondary drive, use these steps:

1. Open Start.
2. Search for Control Panel and click the top result to open the app.
3. Click on System and Security.
4. Click on “BitLocker Drive Encryption.”

BitLocker Drive Encryption

1. Under the “Fixed data drives” section, click the “Turn on BitLocker” option for the secondary drive.

Enable BitLocker on the secondary drive.

1. Check the “Use a password to unlock the drive” option.

• Quick note: You can also use the “Use my smart card to unlock the drive” option, which is uncommon.

1. To unlock BitLocker and access your device, create and confirm the password.

Secondary drive: BitLocker password

1. Click the next button.
2. Select the option to save the recovery key.

• Save it in your Microsoft account.
• Save it to a USB flash drive.
• Save it to a file.
• Print the recovery.

A backup recovery key for BitLocker

1. Click the next button.
2. Choose how much drive space to encrypt.

• Encrypt only used disk space (faster and better for new PCs and drives).
• Encrypt the entire drive (slower, but best for PCs and drives already in use).

Choose how much of your drive to encrypt.

1. Choose between the two encryption options:

• The new encryption mode is ideal for fixed drives on this device.
• Drives that are movable from this device perform best in the compatible mode.

BitLocker features include a second drive, a fixed drive, and new encryption modes.

1. Click the next button.
2. Click the Start Encrypting button.
3. Click the “Close” button.

Once you complete the steps, the drive will start using encryption. If the drive already had data, the process could take a long time to complete.

How to enable BitLocker to run on removable drives

Alternatively, you can use the “BitLocker To Go” feature to encrypt removable drives (such as USB flash and external drives) connected to your computer.

To set up BitLocker To Go on a removable drive, use these steps:

1. Connect the USB drive to the device.
2. Open Start.
3. Search for Control Panel and click the top result to open the legacy app.
4. Click on System and Security.
5. Click “BitLocker Drive Encryption.”

BitLocker Drive Encryption

1. Under the “BitLocker To Go” section, select the removable drive you want to encrypt.
2. Click the “Turn on BitLocker” option.

Allow BitLocker to connect to a USB flash drive.

1. Check the “Use a password to unlock the drive” option.
2. Create a password to unlock the drive.

BitLocker to Go: Create a password.

1. To continue, click next.
2. Select the option to save the recovery key.

• Save it in your Microsoft account.
• Save it to a file.
• Print the recovery.

BitLocker saves encryption keys.

1. Click the next button.
2. Choose how much drive space to encrypt.

• Encrypt only used disk space (faster and better for new PCs and drives).
• Encrypt the entire drive (slower, but best for PCs and drives already in use).

Choose how much of your drive to encrypt.

1. Choose between the two encryption options:

• The new encryption mode is ideal for fixed drives on this device.
• Drives that are movable from this device perform best in the compatible mode.
• Quick tip: In this case, the compatibility mode is the recommended option.

BitLocker to Go with Compatibility Mode

1. Click the next button.
2. Click the Start Encrypting button.
3. Click the “Close” button.

After you complete the steps, the encryption process will begin on the removable drive.

When using encryption, always try to start with an empty drive to speed up the process. Then, the system will quickly and automatically encrypt the data. Additionally, you will receive features similar to those of the operating system drive, along with a few additional options, such as:

• Add Smart Card: This option will allow you to configure a smart card to unlock the removable drive.
• Turn on auto-unlock: Instead of typing a password every time you reconnect the removable drive, you can enable auto-unlock to access your encrypted data without entering a password.

How to disable BitLocker on Windows 10

To remove the drive encryption, use these steps:

1. Open Start.
2. Search for Control Panel and click the top result to open the app.
3. Click on System and Security.
4. Click on “BitLocker Drive Encryption.”

BitLocker Drive Encryption

1. Click the Turn off BitLocker option for the drive you want to remove the encryption.
2. Click the Yes button.

Once you complete the steps, the decryption process will begin, and it will take some time to complete, depending on the amount of data.

Want recovery? Try BLR BitLocker data recovery software