You are here

How to encrypt Windows 10 hard drives using BitLocker

BitLocker is a built-in encryption feature that Microsoft included with select editions of Windows Vista for the first time. While it is supported by all versions of Windows, only professional and enterprise versions of the operating system come with options to encrypt hard drives using it.

The main appeal of BitLocker is that it is built-in the operating system which mean that encrypted drives can be decrypted on all Windows Vista or later versions without requiring additional software programs.

Software like DiskLocker can be used to read BitLocker encrypted drives under Linux or Mac OSX.

BitLocker has been criticized in the past over security concerns. According to Microsoft, it has no backdoor built-in for law enforcement but since its code is proprietary, that claim cannot be verified.

Windows users who prefer not to use BitLocker over this may want to check out third-party alternatives such as Disk Cryptor or VeraCrypt.

The following guide walks you through the steps of encrypting one or multiple hard drives or removable drives on Windows 10. Most of it can be applied to previous versions of Windows as well.

Encrypting hard drives with BitLocker

turn on bitlocker

One of the easiest options to encrypt a drive connected to a Windows machine with BitLocker is to do so directly in Windows Explorer.

  1. Open Windows Explorer, for instance with the shortcut Windows-E
  2. Right-click on the drive that you want to encrypt, and select "Turn on BitLocker" from the context menu.
  3. BitLocker starts up on selection of the option, and you are asked to select how you want to unlock the drive. The available options are by using an unlock password or by unlocking the drive using a smart card.
  4. It is important to select a secure password if password protection is selected to avoid brute force or guessing attacks.
  5. Select a location for the recovery key afterwards. This key can be used if you forget the password or lose access to your smart card. Options are to save it to the Microsoft Account, to save it to a file on the local system, or to print it.
  6. Select whether you want to encrypt the whole drive or only the used space on the drive. The first option takes longer to complete while the second is faster. It us highly suggested to select the first option if the drive was in use already, as it ensures that data traces on the drive cannot be recovered.

bitlocker encrypt drivebitlocker recovery key

The encryption process may take a while depending on the speed of the drive, its size and the resource use of the PC during the operation.

Unlocking drives encrypted with BitLocker

unlock drive

When you connect a drive to the Windows PC that is encrypted with BitLocker, you will receive a notification that informs you about the fact.

You may click on the notification to open the unlock prompt (if it is password protected) to unlock the drive and make its contents available.

If you have missed that option, right-click on the drive in Windows Explorer and select "unlock drive" from the menu which opens the same unlock option.

Locked drives are indicated with a yellow lock icon in Windows Explorer, and unlocked drives with a gray one.

Managing BitLocker

manage bitlocker

Managing BitLocker is a Control Panel applet that you can open in a variety of ways. Probably the easiest of them all is to right-click on a drive encrypted with BitLocker to select the manage option from the context menu.

There you find an option to change the BitLocker password as well which can come in handy.

If you cannot use that option, do the following instead:

  1. Tap on Windows-Pause and click on Control Panel Home when the window opens.
  2. Select System and Security > Manage BitLocker.

The status of each drive in regards to BitLocker is displayed on the following screen. For drives that are not yet protected with BitLocker, you may turn the feature on from there.

bitlocker management

It gets interesting when you expand a drive that is already protected. The following options become available:

  1. Back up your recovery key.
  2. Change the password.
  3. Remove the password.
  4. Add a smart card.
  5. Turn on auto-unlock - This unlocks the drive automatically on Windows start if it is connected.
  6. Turn off BitLocker

Now You: Which encryption program are you using and why?

This article was first seen on ComTek's "TekBits" Technology News


Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer