Full Disk Encryption on Windows 10 with BitLocker

Posted in Tutorials

Tweet This Share on Facebook Bookmark on Delicious Digg this Submit to Reddit

In this tutorial, we will show you how to do a full disk encryption on Windows 10 Professional using Microsoft BitLocker, which only works on Windows 10 Pro (not Windows 10 Home).  And it is preferable to be on a machine with TPM (Trusted Platform Module) which is a chip on your machine that can store the decryption key.  You can tell if you have TPM by clicking on “TPM Administration” on the below screenshot.

1.  In Windows Setting, search for “BitLocker” …

manage-bitlocker

2.     In the above screenshot, click on “Turn on BitLocker” for the “c:” drive.

If it comes up with this error message …

no-tpm

That means that your machine does not have TPM. This tutorial will proceed assuming that you do not have TPM on your machine.

3. To set to allow without a TPM using the “Local Group Policy Editor”, do Windows-r and type gpedit.msc …

gpedit

4.  Navigate to the path shown and double-click on “Require additional authentication at startup”

local-group-policy-editor

5.  Select “Enabled” and checkmark “Allow BitLocker without a compatible TPM” as shown …

additional-setting

6. Remember to click the “Okay” at the bottom.

7.  Now turn on BitLocker again.  It will work and now asks for you to choose a unlock option…unlock-option

8.  Then it asks how you want to save your recovery key.

backup-key

Remember that if anyone gets your recovery key, they can decrypt your disk.  If you save your recovery key to Microsoft Account, it can be retrieved from https://onedrive.live.com/recoverykey

9.  For new computers, you can choose to encrypt used space, but otherwise you should encrypt entire drive as shown …

encrypt-entire-drive

10. Then choose encryption mode…encryption-mode

11. Next it will run system check and reboot…

system-check

12.  After reboot, you can see in status bar that encryption is in progress…

encrypting

You are able to continue working while it is encrypting.  You can even shut down your machine.  It will resume where it left off the next time you boot up.

13.  Once encryption completes, it should look like this …

bitlocker-on

If you ever need to turn off BitLocker, you can do so in settings shown above.