For TL;DR folks Here is a Gide to How to Enable BitLocker for Data Theft Protection:
- What is BitLocker?
- BitLocker Availability?
- How to Enable BitLocker Encryption?
- How to enable for Operating System Drives?
- What is BitLocker Recovery Key?
- What is a Trusted Platform Module?
What is BitLocker in Microsoft Windows OS?
In simple words, BitLocker is Microsofts own Data encryption tool it is available from Windows Vista. BitLocker has a full drive encryption option to protect data from unauthorized users. It can only protect data when you lost or your pc/laptop/hard drive stolen.
Availability of BitLocker on Windows:
- Ultimate and Enterprise editions of Windows Vista and Windows 7
- Pro and Enterprise editions of Windows 8 and 8.1
- Pro, Enterprise, and Education editions of Windows 10.
- Windows Server 2008 and later.
In Windows 7 and Windows Server 2008, R2 has added the ability to encrypt removable drives too. In addition to this BitLocker can manage through Windows Powershell too.
How to Enable BitLocker Encryption:
Enabling BitLocker is very simple if, you just need to follow the below-mentioned step by step guide:
To enable BitLocker Right-click on the disk drive and select Turn on BitLocker, now you will get another window to Choose how to unlock your drive at startup. See the below image for more information.
Here will get two ways to unlock your drive at startup.
- Insert a USB flash drive (USB Device Unlocking method).
- Enter a password (Password Method).
We have chosen the password method by selecting to enter a password. Now you need to enter the password.
You can save your recovery key directly to Microsoft Account, USB flash drive, safe to fine and even you can print it. This backup` recovery key very important, if you forget the BitLocker password this will help you to reset the old password. Now you have to choose how much of your drive encrypt?
- Encrypt used disk space only (faster and best for new PCs and drives)
- Encrypt entire drive (slower but best for PCs and drives already in use)
I have selected the 2nd option to encrypt the entire drive. Now you need to Choose which encryption mode to use?
Here you will get again 2 options:
- New encryption mode (best for fixed drives on this device)
- Compatible mode (best for drivers that can be moved from this device)
Here I have selected 1st option because im encrypting my internal drive. Now BitLocker will ask you to are you ready to encrypt this drive?
Now Click on continue, it will ask for a restart. Select restart now you need to enter the password while startup. see the below image for more information.
Here you need to enter the BitLocker password to unlock the drive which you have encrypted.
Enable BitLocker for Operating System Drives:
By default, you cannot encrypt Operating System Drives. You need to do small changes in your group policy editor.
- Open Run command prompt
- Type gpedit.msc
- and press enter.
Go to: Group Policy Editor > Computer Configuration > Administrative Tools > Windows Components > BitLocker Drive Encryption > Operating System Drive > BitLocker for C Drive Required additional authentication at startup.
Open properties of BitLocker for C Drive Required additional authentication at startup by double-clicking. Now you will get another window, see the below image for more details.
By default, the not configured option is selected. You just need to not configured to enable. Now you can encrypt Operating System Drive also.
What is BitLocker Recovery Key:
We have saved Recovery Key in PDF file, you may see in the below image. BitLocker Drive Encryption recovery key contains the Identifier and Recovery key, these two will help you in recovering the BitLocker password when you forget the password.
What is Trusted Platform Module:
TPM is an international standard for a secure cryptoprocessor that is installed on the mainboard of your computer. It is a dedicated microcontroller designed to secure hardware through integrated cryptographic keys.