Set BitLocker for encrypted drives

There are several ways to keep your data safe, including Windows 10’s BitLocker. This smart feature applies strong encryption to the contents of your hard drive. Setting BitLocker works as follows.

BitLocker is an encryption technology that allows you to add an extra layer of security to your computer. By default, it encrypts all data on the hard drive. Every time the computer is turned on and the correct password is given, the data is made accessible. If your computer is stolen or you lose it, it is almost impossible for people with bad intentions to see your data. BitLocker works with the hardware on your computer to encrypt the data. Read more about the system requirements for this later.

Before continuing, first check if you have BitLocker. The encryption technique is not present in all Windows versions. You can find BitLocker in Windows 10 Professional, but not in the Home version of Windows. To quickly see which version you are using, open the settings window (Windows key + I) and choose Update and Security, Activation. Bee Edition you can read which Windows version is used.

Although BitLocker is not present in Windows Home, encryption is supported by this version. This means that you can open an external hard drive or USB stick with an existing BitLocker encryption with Windows Home and make changes to it. However, encrypting with BitLocker for the first time and adjusting the settings is reserved for the Pro version.

BitLocker with / without TMP

BitLocker places a few important demands on your computer. The encryption uses a Trusted Platform Module, TPM for short. This is a physical chip that is located on the motherboard and contains a secret key. The TPM chip, in conjunction with an encryption technology such as BitLocker, checks whether the computer has been tampered with, for example by a person trying to view your data.

The TPM is not only used for BitLocker. The chip can also be used for digital rights management (for example for protecting sensitive data) and for managing software licenses.

Does BitLocker indicate that you are out of the boat because the computer does not meet the requirements? If the computer does not have a TPM chip, you can still use BitLocker. It is necessary to explicitly let Windows know that BitLocker can be used without the aforementioned chip, as you can see in the image above. Open the part Group Policy in the Start menu Gpedit.msc followed by a press of Enter. Look in the list on the left for Local computer policy and expand the following sections: Computer Configuration, Administrative Templates, Windows Components, BitLocker Drive Encryption, System Drives.

Now look at the list on the right side of the window and search for the listing Require additional authentication at startup. Double-click on it. A new window will open, in which you will find various settings. Choose now Enabled. You can find this option at the top left of the window. Bee Options activate the option Allow BitLocker without a compatible TPM (requires a password or a boot key on a USB flash drive). Then click OK. After that, restart BitLocker. There is a good chance that BitLocker now works properly.

Enable BitLocker

BitLocker is disabled by default. Open the Start menu and type Control Panel. Choose System and security and then click on BitLocker drive encryption. Bee Station with operating system see if security is enabled. To activate BitLocker, click Enable BitLocker. Windows verifies that the computer meets all BitLocker requirements.

BitLocker must be unlocked when Windows starts and you can now specify how this should be done. For example, you can choose to place the unlock data on a USB stick. BitLocker will only be unlocked and you can work with the computer when you insert the USB stick. If you choose this option, make sure you have an empty USB stick (of at least 1 GB) and click on the option Insert a USB flash drive. You can also unlock BitLocker using a password. Then choose Enter a password. Provide a strong password: it must be a combination of upper and lower case letters and it must contain characters.

Dive deeper into Windows 10 and completely customize the operating system using our Tech Academy. Check the Windows 10 Manage online course or go for the Windows 10 Management bundle including technique and practice book.

Create recovery key

In an emergency, for example if you have forgotten your password, there are a number of escape routes to still access your data. While these precautions aren’t mandated when setting up BitLocker, you shouldn’t skip this option: Unlocking a BitLocker drive without a password isn’t possible, so without an escape route, you’ll lose your data. Microsoft also does not have the option to undo the encryption. So with the help of a recovery key you can save yourself a lot of suffering.

BitLocker offers four routes. This way you can save the recovery key in your Microsoft account – online. If you prefer not to depend on cloud storage, choose a local recovery key. This way you can save the key on a USB stick. Then choose Save to a USB flash drive. The most flexibility is provided by storing the recovery key in a file. You can then save this file yourself in a suitable location, for example in a nas, if you use it. Choose the option Save to a file.

Finally, there is the option to print the key and keep it on paper. Then choose Print the recovery key. Recovery key secured? click on Next one.

When creating a recovery key, you don’t have to limit yourself to creating one recovery key. It is even wise to create multiple recovery keys. For example, choose to save the recovery key on a USB stick and keep it in an external location; also print a recovery key and keep this print in a safe place at home (for example, in a safe with your other valuable documents).

You can always create an extra recovery key. Open Start and type Control Panel. Choose System and security and BitLocker drive encryption. click on Manage BitLocker. Then choose that Backup your recovery key.

Full disk or not?

BitLocker now asks which part of the disk to encrypt. The choice depends on your situation. If you set up a new computer or a new hard disk, only the part in use needs to be encrypted. All data that is subsequently added is automatically encrypted. Choose Encrypt only used disk space.

However, chances are that you encrypt an existing computer or hard drive with BitLocker. The disk has been in use for some time. Then choose to encrypt the entire disk. This prevents parts of the hard drive from continuing to contain information, such as deleted files. Choose the option Encrypt entire disk. This option is recommended anyway if you do not want to take a risk. The only drawback compared to the first option is that the process takes a little longer.

Choose encryption mode

Windows now asks which encryption mode to use. If you plan to use the encrypted drive only in combination with Windows 10, then choose the option New encryption mode. You can choose this option if you want to encrypt the computer’s built-in disk. However, do you want to encrypt an external hard drive with BitLocker and plan to attach this drive to older Windows versions (such as Windows 8.1) as well? Then choose the earlier version of encryption mode (via the option Compatible mode). This version is also supported by older Windows versions.

If you encrypt an external drive and are not sure which other Windows computers you want to use it on, always choose the Compatible mode option. Confirm with a click on Next one.

All the settings are on and it’s time to encrypt the drive. You can continue working during the encryption. In the wizard’s final window, make sure that the Run BitLocker System Check option is also checked. This is an extra security measure, which ensures that BitLocker first checks whether the necessary keys are in order and only then starts the actual encryption of the hard disk. click on Get on.

Use recovery key

Finally, using the recovery key in an emergency is relatively easy. If you have forgotten your BitLocker password, choose the option Use recovery key. For example, if you saved the key in your Microsoft account, open a browser (on another computer) and open your website. Microsoft account.

In the main window, click in the section Devices on All devices. Choose the computer on which you have BitLocker set up and click Manage. Scroll to the section BitLocker data protection. Here you will find the BitLocker recovery key.


Recent Articles

Related Stories