How to encrypt Windows 10 hard drives using BitLocker
BitLocker is a built-in encryption feature that Microsoft included with select editions of Windows Vista for the first time. While it is supported by all versions of Windows, only professional and enterprise versions of the operating system come with options to encrypt hard drives using it.
The main appeal of BitLocker is that it is built-in the operating system which mean that encrypted drives can be decrypted on all Windows Vista or later versions without requiring additional software programs.
Software like DiskLocker can be used to read BitLocker encrypted drives under Linux or Mac OSX.
BitLocker has been criticized in the past over security concerns. According to Microsoft, it has no backdoor built-in for law enforcement but since its code is proprietary, that claim cannot be verified.
Windows users who prefer not to use BitLocker over this may want to check out third-party alternatives such as Disk Cryptor or VeraCrypt.
The following guide walks you through the steps of encrypting one or multiple hard drives or removable drives on Windows 10. Most of it can be applied to previous versions of Windows as well.
Encrypting hard drives with BitLocker
One of the easiest options to encrypt a drive connected to a Windows machine with BitLocker is to do so directly in Windows Explorer.
- Open Windows Explorer, for instance with the shortcut Windows-E
- Right-click on the drive that you want to encrypt, and select "Turn on BitLocker" from the context menu.
- BitLocker starts up on selection of the option, and you are asked to select how you want to unlock the drive. The available options are by using an unlock password or by unlocking the drive using a smart card.
- It is important to select a secure password if password protection is selected to avoid brute force or guessing attacks.
- Select a location for the recovery key afterwards. This key can be used if you forget the password or lose access to your smart card. Options are to save it to the Microsoft Account, to save it to a file on the local system, or to print it.
- Select whether you want to encrypt the whole drive or only the used space on the drive. The first option takes longer to complete while the second is faster. It us highly suggested to select the first option if the drive was in use already, as it ensures that data traces on the drive cannot be recovered.
The encryption process may take a while depending on the speed of the drive, its size and the resource use of the PC during the operation.
Unlocking drives encrypted with BitLocker
When you connect a drive to the Windows PC that is encrypted with BitLocker, you will receive a notification that informs you about the fact.
You may click on the notification to open the unlock prompt (if it is password protected) to unlock the drive and make its contents available.
If you have missed that option, right-click on the drive in Windows Explorer and select "unlock drive" from the menu which opens the same unlock option.
Locked drives are indicated with a yellow lock icon in Windows Explorer, and unlocked drives with a gray one.
Managing BitLocker
Managing BitLocker is a Control Panel applet that you can open in a variety of ways. Probably the easiest of them all is to right-click on a drive encrypted with BitLocker to select the manage option from the context menu.
There you find an option to change the BitLocker password as well which can come in handy.
If you cannot use that option, do the following instead:
- Tap on Windows-Pause and click on Control Panel Home when the window opens.
- Select System and Security > Manage BitLocker.
The status of each drive in regards to BitLocker is displayed on the following screen. For drives that are not yet protected with BitLocker, you may turn the feature on from there.
It gets interesting when you expand a drive that is already protected. The following options become available:
- Back up your recovery key.
- Change the password.
- Remove the password.
- Add a smart card.
- Turn on auto-unlock - This unlocks the drive automatically on Windows start if it is connected.
- Turn off BitLocker
Now You: Which encryption program are you using and why?
Make sure your Windows is patched > http://www.zdnet.com/article/bitlocker-flaw-researchers-found-bypass-microsoft-disk-encryption/
Bitlocker on WIndows 10 is very straightforward to use. Medical facilities should encrypt all their devices that contain customer information. Just keep backups of the key’s password in safe places as you’ll never be able to guess it. We used Bitlocker because it was the recommended encryption method to use that meets HIPPA compliance. For anyone wondering, Microsoft does not collect customer records when collecting telemetry, although they need to publicly state this very clearly as their explanations about what is collected has so far been clear as mud concerning HIPPA. If they did indeed capture keystrokes when customer information is being entered, and not just for search and Cortana use, they would be causing thousands of medical professionals to break the law. Even Microsoft can’t afford that level of negative publicity.
And… why not to.
So, I am not installing win10, but BitLocker on win8.1 is a disaster for recovery.
I was never able to use the “saved” key.
Unless you are online and always signed into your msoft account, the recovery option will not work. Why would anyone want to be always logged into msoft tracking?
Folk, before installing this kind of stuff on any PC, do a trial with a PC that it doesn’t matter if you can’t unlock it if something gets corrupted. It is insane to trust ANY device encryption system – unless – you have satisfied YOURSELF that it unlocks OK.
Experience speaks. :)
Oh, and this also applies to ANY back up software. Always check that you can restore stuff before assuming that backing up has made it safe for you. It is a hell of a thing to find that the Restore process is not as it should be when the system goes down. Trust no software until proven, is a good adage.
I have Windows 8.1 Home Edition 64-bit. BitLocker is in it but disabled by default. To activate it click BitLocker Drive Encryption in services.msc. Then click START in the left column. I don’t know anything else about it since I have never used it.
It is disappointing that you recommend such a spyware tool as BitLocker.
Just today – for example – another article from a german IT news website ZDNET reveals how easy it is to bypass BitLocker:
http://www.zdnet.de/88252094/bitlocker-windows-festplattenverschluesselung-laesst-sich-in-sekunden-umgehen/
Shame on you to support the product propaganda of Microsoft.
I suggest to remove this NSA friendly post from your article base
Only 3rd party encryption tools from a trustworthy contributor like TrueCrypt or VeraCrypt or DiskCryptor are acceptable.
Peter
There is a difference between recommending something and writing about it.
Stop being a HERO ,I see no recommendation here at all
Was a write up on this program only /Take it or leave it! Period
I see where you’re coming from and fully agree, NSA / MS spying is not a new thing (Skype anyone?).
There’s 2nd side of the coin here – I accept government spying over my HDD content when it’s reliable, fast, and offers all features I need.
Truecrypt = discontinued, not tested on Win10, with some security flaws (even though recent research shown all is fine, see arstechnica)
Veracrypt = new product, not really tested and who’s behind? Plus, doesn’t support features I require (Active Directory management, TRIM command on SSDs and so on)
When I am encrypting HDDs it’s not cover from government, but from thiefs in the first place. Bitlocker is fine there.
Thanks for highlighting even basic computer security. The numbers on laptop thefts at airports always blow me away, and tools like this can help mitigate the damage of what is a rather common personal disaster.
I’d just like to add that whatever encryption system you’re using, a backup tool is also key. From what I’ve heard, BitLocker is much more friendly to disk corruption and other problems than tools like PGP Disk Encryption and TrueCrypt, but system backups should go hand in hand with encryption. It’s nice when thieves can’t read your data but it’s pointless when you can’t either.
I recommend to use VeraCrypt which also works on other OS too without any problems, you can export and import your containers and a lot of more. Of course it needs a bit more user interaction compared to BitLocker but I never got any seriously problems with it.
Of course take it of leave it … :p