From CT Wiki
Jump to navigation Jump to search


Windows can encrypt entire operating system drives and removable devices with its built-in BitLocker encryption.

BitLocker Drive Encryption and BitLocker To Go require an Ultimate or Enterprise version of Windows 7, a Professional or Enterprise edition of Windows 8, or 8.1 or an Professional, Enterprise or Education edition of Windows 10.

Windows 7 Professional does not support Bitlocker

Bitlocker Drive Encryption

When you switch on BitLocker for the first time, make sure you create a recovery key. Otherwise, you could permanently lose access to your files. 

Switch on Bitlocker

  1. Click Start , click Control Panel, click System and Security (if the control panel items are listed by category), and then click BitLocker Drive Encryption.
  2. Click Turn on BitLocker.
  3. BitLocker scans your computer to verify that it meets the system requirements
    1. If your computer meets the system requirements, the setup wizard continues with the BitLocker Startup Preferences in step 8.
    2. If preparations need to be made to your computer to turn on BitLocker, they are displayed. Click Next.
  4. Choose an Unlock Method
    1. You computer will either require an USB-drive or a Password to logon.
    2. Windows will also require a back-up of your recovery key
  5. The computer will encrypt your hard-drive, this will take a while.
  6. After rebooting the computer will ask for a Password/USB drive to logon.

Use BitLocker Without a TPM

Bitlocker To Go

For external hard-drives and USB flash-drives, there's also the option to encrypt them with Bitlocker To Go. Unlocking is a bit different here.

Be aware that neither SLC6 or OSX are able to decrypt Bitlocker To Go encrypted drives.

Switch on Bitlocker To Go

  • Insert the USB flash drive, click Start, and then click Computer.
  • Right-click the USB flash drive, and then click Turn On BitLocker…
  • On the Choose How You Want To Unlock This Drive windows, choose Use a Password to Unlock This Drive.
    • This option prompts for a password to unlock the drive. This allows a drive to be unlocked in any location and to be shared with other people.
  • On the How Do You Want To Store Your Recovery Key window, click Save The Recovery Key To A File.
    • In the Save BitLocker Recovery Key As dialog box, choose a save location, such as you’re my Documents folder, and then click Save.
  • On the Are You Ready To Encrypt This Drive window, click Start Encrypting. Do not remove the USB flash drive until the encryption process is complete. How long the encryption takes depends on the size of the drive. USB drive encryption take approximately 6 to 10 minutes per gigabyte to complete.
  • Once the encryption process completes you will be notified by a window.

Decrypt Bitlocker

  • When you insert the encrypted drive into a USB port on a computer running Windows 7 and above a dialog box will display.
  • When you are prompted, enter the password you created.
  • Finally, click Unlock.

(Optionally, check Automatically Unlock On This Computer From Now On for ease of use. If you are running Windows 8 you must click on More options to check Automatically unlock on this PC.)

Frequently Asked Questions

If I lose my recovery information, will the BitLocker-protected data be unrecoverable?

More Information