BitLocker adds additional protection to storage drives. If our laptop is lost or stolen, anyone with the appropriate knowledge and applications can extract all the contents of our hard drive by connecting it to another computer, even if we were using a PIN lock on our account.
This tool adds an extra layer of security to the computer when it is is not connected to the computer associated. In other words, with this tool we will be able to protect the content stored inside so that if anyone removes the hard drive from our PC, they will not be able to access its content as long as they do not know the encryption key.
Now that we know what BitLocker is and how it works, it’s time to activate this Windows functionality.
To consider
Before we start using Bitlocker, we should note that this Windows app/feature is only available in Windows Pro, Education, and Business versions. This function is not available in the Home version of Windows, the version most used in the home environment, so the first thing we must do is check what type of version of Windows we have installed. This information is available through Windows Settings (Win + i), Systemin section About if it is Windows 10. If the computer is managed by Windows 11, to check which version of Windows we have installed, from system configuration (Win + i), we access System and then click on Information. Information about the version of Windows installed can be found in the section Windows specifications.
To encrypt a storage unit using BitLocker, we can use two methods, via hardware or software. If we use via hardware, it is necessary that our equipment includes a TPM chip and that the equipment is associated with a Microsoft account. But, if our equipment lacks this chip, we can use the software method, although it requires the user to interact with the equipment to identify themselves and the equipment to unlock access to the data it stores.
The computer where we are going to use BitLocker needs to have two partitions. A system partition with the files needed to start the computer and another where Windows will be installed. We should not worry about this since the application itself will take care of carrying out the entire process. If, in addition, we want to encrypt other drives, they must use the NTFS file system.
Depending on the amount of data that is stored on the computer at the time of encrypting it, the process may take more or less time, so we must disable any energy saving method that may stop the process, which could lead to a loss of all the data.
Last but not least, first of all, we must make a backup of all the data that we have stored inside it, since important changes are going to be made to the system and, although there is little chance that the process will fail, the risk is there, so if we do not want to lose our data if Any failure happens, a backup is the first thing we should do.
Activate BitLocker in Windows with TPM
The process to activate BitLocker, as long as our version of Windows is Pro or Enterprise, is the same in both Windows 10 like in Windows 11, as long as we have a TPM chip, in our equipment. The first thing to do is access the Windows Control Panel (using the search box).
Within the Control Panel, click on Security system. Inside, click on Unit encryption BitLocker. Remember that this menu is only displayed if the computer is managed by Windows Pro, for Education and for Business. If it does not appear, it means that it has a Home version of Windows.
Next, a new window will be displayed with all the drives we have on the computer. The process for encrypting a storage drive with BitLocker is different depending on whether it is the operating system drive or a drive dedicated solely to storing data.
Encrypt operating system drive
To encrypt the operating system drive, click on Activate BitLocker in the Operating system drive section. Windows offers us different methods to store the Windows recovery key. The recommended option is to use the option Save to Microsoft account, since, in this way, it will not be necessary to always have a file on a USB or a password on paper with the risk that this entails. Every time we log in with our team, access to all the content we have stored inside will be unlocked. If we select the option save to file, we will have to introduce a USB where to store it. While, if we choose to print the recovery key, it will be printed or, if we do not have a printer, we can save the password in a PDF file. Once we have saved the recovery key, click on Following.
Next, we must select which part of the drive we want to encrypt. If we want to encrypt a new unit (storage unit that we have connected) which is where we are going to store all the data that we want to protect, we must select the option Encrypt only used disk space.
But, if we do not have any drive connected and we want to encrypt the hard drive that we are using with Windows, the option we must choose is Encrypt the entire drive. This method is slower than the previous one, however, it is the ideal option to encrypt the hard drive we are using with BitLocker. We select the option we want and click on Following.
In the next section, Windows will offer us which encryption method we want to use. With the release of Windows 10, in its version 1511, Microsoft released a new encryption mode, called XTS-AES, which offers greater protection, but is not compatible with previous versions of Windows. If we are encrypting the main unit of the equipment, a unit that we are not going to extract to connect to any computer, we must select the option new encryption mode.
But, if it is a hard drive that we can use on other computers, computers that are managed by older versions of Windows, we must select the option compatible mode. If we encrypt a storage unit that we are going to connect to other computers with the new encryption mode, if we connect it to other computers with older versions of Windows, we will not be able to access the information. Finally, click on Next.
Finally, a new window will be displayed where Windows confirms that it is about to start the encryption process with BitLocker, a process that can take several minutes or even hours, if the storage unit is an HDD and has a large amount of information on it. its interior to encrypt. Although we can continue working with the equipment, it will go slower than normal and will lengthen the time necessary to carry out the process. It is best to leave the equipment running and dedicate ourselves to something else.
We must check the box Run BitLocker System Check to verify that BitLocker can correctly read the recovery and encryption keys before encrypting the drive. Finally we click on start encryption.
If during the configuration process we are not very sure if we want to carry it out or if we have any doubts, we can cancel the BitLocker configuration system by clicking on the Cancel button. Once the process has started, we will not be able to cancel it.
Encrypt internal data drive
The method to encrypt the data unit with BitLocker in Windows, since the idea is to be able to use it on different computers. This method is the one we should use when we want to encrypt an internal hard drive. To start the process, in the Fixed data unit section, click on Activate BitLocker just to the right of the unit to be encrypted.
In the next window, Windows will invite us to use which method we want to use to unlock the drive. On the one hand, it invites us to use a password, a password that must be made up of uppercase letters, lowercase letters, numbers, space and symbols. The other option allows us to use a smart card to unlock the drive. In this example, we will use the first method. Once we have entered the password to use, click on Following.
Next, Windows will inform us of all the options available to save a backup copy of the recovery key. These options are:
- Save to Microsoft account
- Save to a USB flash drive
- save to file
- print recovery key
As in the previous method, it is recommended to use the first option, Save in Microsoft account to always have it at hand. If not, we use a Microsoft account associated with the equipment, this option will not be available, so we can use any of the other options. We select the one we want to use, and click on Following.
In the next window, it will invite us to select if we only want to encrypt the used space, ideal for new computers, or if we want to encrypt the entire unit, a recommended option for computers that are already in use. If it is a unit that still does not have data stored, we must select the option Encrypt only used disk space. But, if we are talking about a unit that already contains information, the appropriate option is Encrypt the entire drive. Click Next after choosing the option we want to use.
Next, we must select if we want to use the encryption mode that Windows introduced with version 1511 of Windows 10, an option that we must choose if that storage unit is only going to be connected to computers with a version equal to or greater than Windows 10 1511, new encryption modeor if we want the data to also be accessible in previous versions of Windows, compatible mode. Next, click on Next.
Next, a last screen will be displayed informing us that we are about to start the drive encryption process and that a password will be required to unlock access, that the time required to carry out the process varies depending on the size of the unit and that, until the process is finished, the files will not be encrypted.
Encrypt external hard drive and USB drives
BitLocker also allows us to encrypt external hard drives or USB drives that we connect to the computer. In this way, if we regularly transport information with us that we do not want to be available to anyone who has access to it, they will not be able to do so without the recovery key.
The process for encrypting an external hard drive or USB drive is the same as for encrypting internal storage drives. Windows, however, will use a special version of BitLocker, a version called BitLocker To Go. To start the process of encrypting an external or USB drive, from the panel…
Facebook Comments
Disqus