[Windows10] How to set BitLocker Drive Encryption to Protect Files on Drives

By | November 8, 2017

BitLocker encrypts your hard disk drive or removable disk such as a USB flash drive or SD card to prevent important data from being stolen. BitLocker is the function of “encrypting drive” that is built in Windows. BitLocker encrypts the entire drive, not individual files or folders.

By using BitLocker, you can encrypt the files and system files in the drive, prevent peeping by external illegal access, or even take out the data information even if physically stolen the drive. Enhance overall drive security.

BitLocker will be locked if a security problem occurs on the encrypted operating system drive (generally in C drive). By encrypting the OS itself it will not be possible to boot the OS in an illegal way.

In order to unlock, you need a BitLocker recovery key.

You can also encrypt external drives such as USB flash drive and SD card with BitLocker To Go, as well as the built-in drive of the computer itself. Even if you lose it, you can significantly reduce the risk of information leakage by encrypting it.

When you add a new file or folder to the drive encrypted with BitLocker, the file is automatically encrypted.

When you copy files to another drive or computer, the files are automatically decrypted. BitLocker is also not supported for the dynamic hard disk drive.

It takes a long time to complete encrypting the entire drive. Especially, it takes more time for Capacity with big data volume and less free space.
As a method of encrypting the drive in the shortest time, it is better to encrypt it as much as possible without containing the data file in drive.

Starting BitLocker from the Control Panel

There are several ways to run BitLocker Drive Encryption.

▼ As below, press Windows + R key to open Run, and enter 1control or C:\Windows\System32\control.exe in the text box. Click 2OKbutton.

[Windows10]Windows 10 Creators Update

After Windows 10 Creators Update(version 1703), Control panel item disappeared from the right click menu of Start Button. You can check how to start the control panel from the following link.

Related Post

How to start “Control panel” disappeared after Windows 10 Creators Update(version 1703)

▼ In the Control Panel window, select 1View By: Large(Small) icons, and click 2BitLocker Drive Encryption.

Windows10 Bitlocker Drive Encryption

▼ Or selecting View by: Category, and click System and Security > 1BitLocker Drive Encryption.

Windows10 Bitlocker Drive Encryption

Windows Search

▼ In the Windows search box, type 1bitlocker” as follows. Click 2Manage BitLocker.

Windows10 Bitlocker Drive Encryption

Windows File Explorer

The easiest way is that selecting 1target drive and click 2Manage” > “BitLocker” > “Turn on BitLocker” on the ribbon to start drive encryption.

Windows10 Bitlocker Drive Encryption

BitLocker To Go:Encrypt USB drive

With the increase in the use of large capacity USB drives, the potential threat to be lost or stolen has become a big problem. By encrypting USB Drive, even if you lose it, the probability of protecting your sensitive data will be higher.

You can also protect all files stored on a external hard disk drive such as USB flash drive, SD card, etc. using BitLocker To Go

Windows10 Bitlocker Drive Encryption

Error message when BitLocker encrypts an operating system drive

BitLocker can be used for drives such as the OS system drive, a fixed data drive or USB flash drive.

For example, when you try encrypt C: drive in the section of Operating system drive, click 1Turn on BitLocker.

Windows10 Bitlocker Drive Encryption

▼ Here, you may receive the following error message:

This device can’t a Trusted Platform Module. You administarator must set the “Allow BitLocker without a compatible TPM” option in the “Require additional authentication at startup” policy for OS volumes.

Windows10 Bitlocker Drive Encryption

Due to a problem with Trusted Platform Module(TPM) devices, you can fix the above error message in “Related Articles” below.

Related Post

[Windows10] How to set BitLocker Drive Encryption for operating system drives using Group Policy (gpedit.msc) without platform module(TPM)

BitLocker Drive Encryption

Here, try encrypting Fixed data drives instead of C: drive.

Please refer to the related document below about “Encryption of System Drive(C:drive)”.

Related Post

How to use BitLocker to encrypt Windows Operating System Drive(C:Drive) ~ BitLocker Drive Encryption

▼ For the following fixed data drive, click 1Turn on BitLocker. Currently it is BitLocker off.

Windows10 Bitlocker Drive Encryption

▼ BitLocker starts and the drive encryption preparation begins.

Windows10 Bitlocker Drive Encryption

Choose how to unlock your drive

▼ Next, there are two options for unlocking the drive. There is usually a way to unlock the password settings, and to use a smart card with enhance security. I will use a password here.

Select 1Use a password to unlock the drive, and enter a 2password. It is recommended to set 8 or more digits with at least “alphabet capital letters / lowercase letters, numbers, symbols” mixed, as security is not secure if the password is too short. After entering the password , click 3Next button.

Windows10 Bitlocker Drive Encryption

▼ If the password is less than 7 digits, the following error message is displayed, 1The password provided doesn’t meet minimum length requirements.

Windows10 Bitlocker Drive Encryption

Select the storage location of the recovery key for BitLocker decryption

▼ To unlock the encrypted drive, you will need a separate BitLocker recovery key. How to store the recovery key of BitLocker is displayed as follows. Choose one of options.

If you forget your password , you can use a recovery key to access the encrypted drive.

Select the location where you want to store the BitLocker recovery key. Here select 1Save to a USB flash drive” below.

Windows10 Bitlocker Drive Encryption

▼ Select USB flash drive and click 1Save button. Then, the message, 2Your recovery key has been saved. is displayed. Click 3Next button.

Windows10 Bitlocker Drive Encryption

▼ BitLocker recovery key is saved in the USB flash drive as below.

Windows10 Bitlocker Drive Encryption

▼ If you choose Save to a file above, specify (the folder of) a Fixed drive to store the following recovery key, and save it as 1text file (.txt)..

Windows10 Bitlocker Drive Encryption

▼ When you are logining with Local user account, if you choose Save to your Microsoft account, the Error meaasge is displayed as below.

You need to be signed in to Windows with a Microsoft account to save your recovery key. Sign out and then sign in again with a Microsoft account, or go to Setting and choose Accounts to change your existing account.

Windows10 Bitlocker Drive Encryption

▲ Click 2Next button, and go to the next step.

Choose how much of your drive to encrypt

▼ Select a range of drives to encrypt –1Encrypt used disk space only Or Encrypt entire drive. And then click 2Next button.

If yor’re setting up BitLocker on a new drive or a new PC, you only need to encrypt the part of the drive that’s currently being used. BitLocker encrypts new data automatically as you add it.

If you’re enabling BitLocker on a PC or drive that’s already in use, consider encrypting the entire drive. Encrypting the entire drive ensures that all data is protected-even data that you deleted but that might still contain retrievable info.

Windows10 Bitlocker Drive Encryption

Choose which encrypting mode to use

▼ Next, select the 1encryption mode – New encryption mode or Compatible mode – to use and click the 2Next button.

Windows 10 (Version 1511) introduces a new disk encryption mode (XTS-AES). This mode provides additional integrity support, but it is not compatible with older versions of Windows.

If this is a removable drive that you’re going to use on older version of Windows, you should choose Compatibile mode.

If this is a fixed drive or if the drive will only be used on devices running at least Windows 10 (Version 1511) or later, you should choose the new encryption mode.

Windows10 Bitlocker Drive Encryption

▼ Now you are ready to encrypt the fixed drive, click 1Start encrypting… button.

Windows10 Bitlocker Drive Encryption

▼ 1Encryption of a fixed data drive begins. If you want to cancel during encryption, click 2Turn off BitLocker.

Windows10 Bitlocker Drive Encryption

▼ BitLocker Drive Encryption is complete. Usually encrypting a entire drive(Capacity:470GB) will take more than one hour, but it is different depending on the situation of the hard disk. Click Close button.

Windows10 Bitlocker Drive Encryption

▼ As a reference, the main specifications of the computer used for Encryption this time are 1Intel Core i7-3770 CPU (3.4GHz), memory: 8GB, 64-bit system.

Windows10 Bitlocker Drive Encryption

BitLocker Lock icon: Unlock

▼ A 1 lock icon appears on the Encrypted Drive. Click the drive to unlock it.

Windows10 Bitlocker Drive Encryption

▼ Enter 1password and 2Unlock button.

Windows10 Bitlocker Drive Encryption

Change BitLocker password

▼ If you want to change the old BitLocker password to new password, you can do it as below, right-clicking on the Encrypted Drive and click 1Change BitLocker password.

Windows10 Bitlocker Drive Encryption

▼ Enter Old password and New password, Confirm new password in the text field and click 1Change passworde button.

Windows10 Bitlocker Drive Encryption

▼ The message, 1The password has been successfully changd is displayed. Click Close button.

Windows10 Bitlocker Drive Encryption

Leave a Reply

Your email address will not be published.