Skip to content

Bitlocker

Aim: Provide instructions to use Microsoft Bitlocker for disk encryption.

Introduction

BitLocker is a full-volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data on your hard drive by providing encryption for entire disks. Windows can encrypt operating-system drives and removable devices with its built-in BitLocker encryption.

It is recommended that you encrypt your Windows disks to prevent data leaks if your laptop is lost or stolen.

Prerequisites

BitLocker is available on:

  • Ultimate and Enterprise editions of Windows Vista and Windows 7;
  • Pro and Enterprise editions of Windows 8 and 8.1;
  • Pro, Enterprise, and Education editions of Windows 10;
  • Pro, Enterprise, and Education editions of Windows 11;
  • Windows Server 2008 and later.

Instructions

When you switch on BitLocker for the first time, make sure you create a recovery key and store it in a safe place. Otherwise, you can permanently lose access to your files.

Warning: if you lose the recovery information, the BitLocker-protected data cannot be accessed/read anymore.

Usage

Enable Bitlocker

  • Click Start, Control Panel, System and Security (if the control panel items are listed by category), and then click BitLocker Drive Encryption.
  • Click Turn on BitLocker.
  • BitLocker scans your computer to verify that it meets the system requirements.
  • If your computer meets the system requirements, the setup wizard continues with the BitLocker Startup Preferences in step 8.
  • If preparations need to be made to your computer to turn on BitLocker, they are displayed. Click Next.
  • Choose an Unlock Method.
  • You computer will either require a USB drive or a password to logon.
  • Windows will also require a backup of your recovery key.
  • The computer will encrypt your hard drive, this will take a while.
  • After rebooting, the computer will ask for a password or USB drive to logon.

Bitlocker To Go

For external hard drives and USB flash drives, there is also the option to encrypt them with Bitlocker To Go. Unlocking is a bit different here.

Be aware that neither Linux or OSX are able to decrypt Bitlocker To Go encrypted drives.

Switch on Bitlocker To Go

  • Insert the USB flash drive, click Start, and then click Computer.
  • Right-click the USB flash drive, and then click Turn On BitLocker.
  • In the Choose How You Want To Unlock This Drive windows, choose Use a Password to Unlock This Drive.
  • This option prompts for a password to unlock the drive. This allows a drive to be unlocked in any location and to be shared with other people.
  • On the How Do You Want To Store Your Recovery Key window, click Save The Recovery Key To A File.
  • In the Save BitLocker Recovery Key As dialog box, choose a save location, such as you’re my Documents folder, and then click Save.
  • In the Are You Ready To Encrypt This Drive window, click Start Encrypting. Do not remove the USB flash drive until the encryption process is complete. How long the encryption takes depends on the size of the drive. USB-drive encryption takes approximately 6 to 10 minutes per gigabyte to complete.
  • Once the encryption process completes you will be notified by a window.

Decrypt Bitlocker

  • When you insert the encrypted drive into a USB port on a computer running Windows 7 or above, a dialog box will be displayed.
  • When you are prompted, enter the password you created.
  • Finally, click Unlock.
  • Optionally, check Automatically Unlock On This Computer From Now On for ease of use. If you are running Windows 8 you must click on More options to check Automatically unlock on this PC.