BitLocker encrypts your hard disk drive or removable disk such as a USB flash drive or SD card to prevent important data from being stolen. BitLocker is the function of “encrypting drive” that is built in Windows. BitLocker encrypts the entire drive, not individual files or folders.
By using BitLocker, you can encrypt the files and system files in the drive, prevent peeping by external illegal access, or even take out the data information even if physically stolen the drive. Enhance overall drive security.
BitLocker will be locked if a security problem occurs on the encrypted operating system drive (generally in C drive). By encrypting the OS itself it will not be possible to boot the OS in an illegal way.
In order to unlock, you need a BitLocker recovery key.
You can also encrypt external drives such as USB flash drive and SD card with BitLocker To Go, as well as the built-in drive of the computer itself. Even if you lose it, you can significantly reduce the risk of information leakage by encrypting it.
When you add a new file or folder to the drive encrypted with BitLocker, the file is automatically encrypted.
When you copy files to another drive or computer, the files are automatically decrypted. BitLocker is also not supported for the dynamic hard disk drive.
It takes a long time to complete encrypting the entire drive. Especially, it takes more time for Capacity with big data volume and less free space.
As a method of encrypting the drive in the shortest time, it is better to encrypt it as much as possible without containing the data file in drive.
Starting BitLocker from the Control Panel
There are several ways to run BitLocker Drive Encryption.
▼ As below, presskey to open Run, and enter 1control or C:\Windows\System32\control.exe in the text box. Click 2 button.
After Windows 10 Creators Update(version 1703), Control panel item disappeared from the right click menu of. You can check how to start the control panel from the following link.
▼ In the Control Panel window, select 1View By: Large(Small) icons, and click 2BitLocker Drive Encryption.
▼ Or selecting View by: Category, and click System and Security > 1BitLocker Drive Encryption.
▼ In the Windows search box, type 1“bitlocker” as follows. Click 2Manage BitLocker.
Windows File Explorer
The easiest way is that selecting 1target drive and click 2“Manage” > “BitLocker” > “Turn on BitLocker” on the ribbon to start drive encryption.
BitLocker To Go：Encrypt USB drive
With the increase in the use of large capacity USB drives, the potential threat to be lost or stolen has become a big problem. By encrypting USB Drive, even if you lose it, the probability of protecting your sensitive data will be higher.
You can also protect all files stored on a external hard disk drive such as USB flash drive, SD card, etc. using BitLocker To Go
Error message when BitLocker encrypts an operating system drive
BitLocker can be used for drives such as the OS system drive, a fixed data drive or USB flash drive.
For example, when you try encrypt C: drive in the section of Operating system drive, click 1Turn on BitLocker.
▼ Here, you may receive the following error message:
This device can’t a Trusted Platform Module. You administarator must set the “Allow BitLocker without a compatible TPM” option in the “Require additional authentication at startup” policy for OS volumes.
Due to a problem with Trusted Platform Module(TPM) devices, you can fix the above error message in “Related Articles” below.
BitLocker Drive Encryption
Here, try encrypting Fixed data drives instead of C: drive.
Please refer to the related document below about “Encryption of System Drive(C:drive)”.
▼ For the following fixed data drive, click 1Turn on BitLocker. Currently it is BitLocker off.
▼ BitLocker starts and the drive encryption preparation begins.
Choose how to unlock your drive
▼ Next, there are two options for unlocking the drive. There is usually a way to unlock the password settings, and to use a smart card with enhance security. I will use a password here.
Select 1Use a password to unlock the drive, and enter a 2password. It is recommended to set 8 or more digits with at least “alphabet capital letters / lowercase letters, numbers, symbols” mixed, as security is not secure if the password is too short. After entering the password , click 3button.
▼ If the password is less than 7 digits, the following error message is displayed, 1The password provided doesn’t meet minimum length requirements.
Select the storage location of the recovery key for BitLocker decryption
▼ To unlock the encrypted drive, you will need a separate BitLocker recovery key. How to store the recovery key of BitLocker is displayed as follows. Choose one of options.
If you forget your password , you can use a recovery key to access the encrypted drive.
Select the location where you want to store the BitLocker recovery key. Here select 1“Save to a USB flash drive” below.
▼ Select USB flash drive and click 1button. Then, the message, 2Your recovery key has been saved. is displayed. Click 3 button.
▼ BitLocker recovery key is saved in the USB flash drive as below.
▼ If you choose Save to a file above, specify (the folder of) a Fixed drive to store the following recovery key, and save it as 1text file (.txt)..
▼ When you are logining with Local user account, if you choose Save to your Microsoft account, the Error meaasge is displayed as below.
You need to be signed in to Windows with a Microsoft account to save your recovery key. Sign out and then sign in again with a Microsoft account, or go to Setting and choose Accounts to change your existing account.
▲ Click 2button, and go to the next step.
Choose how much of your drive to encrypt
▼ Select a range of drives to encrypt –1Encrypt used disk space only Or Encrypt entire drive. And then click 2button.
If yor’re setting up BitLocker on a new drive or a new PC, you only need to encrypt the part of the drive that’s currently being used. BitLocker encrypts new data automatically as you add it.
If you’re enabling BitLocker on a PC or drive that’s already in use, consider encrypting the entire drive. Encrypting the entire drive ensures that all data is protected-even data that you deleted but that might still contain retrievable info.
Choose which encrypting mode to use
▼ Next, select the 1encryption mode – New encryption mode or Compatible mode – to use and click the 2button.
Windows 10 (Version 1511) introduces a new disk encryption mode (XTS-AES). This mode provides additional integrity support, but it is not compatible with older versions of Windows.
If this is a removable drive that you’re going to use on older version of Windows, you should choose Compatibile mode.
If this is a fixed drive or if the drive will only be used on devices running at least Windows 10 (Version 1511) or later, you should choose the new encryption mode.
▼ Now you are ready to encrypt the fixed drive, click 1button.
▼ 1Encryption of a fixed data drive begins. If you want to cancel during encryption, click 2Turn off BitLocker.
▼ BitLocker Drive Encryption is complete. Usually encrypting a entire drive(Capacity:470GB) will take more than one hour, but it is different depending on the situation of the hard disk. Clickbutton.
▼ As a reference, the main specifications of the computer used for Encryption this time are 1Intel Core i7-3770 CPU (3.4GHz), memory: 8GB, 64-bit system.
BitLocker Lock icon: Unlock
▼ A 1 lock icon appears on the Encrypted Drive. Click the drive to unlock it.
▼ Enter 1password and 2button.
Change BitLocker password
▼ If you want to change the old BitLocker password to new password, you can do it as below, right-clicking on the Encrypted Drive and click 1Change BitLocker password.
▼ Enter Old password and New password, Confirm new password in the text field and click 1button.
▼ The message, 1The password has been successfully changd is displayed. Clickbutton.