• Home
  • News
  • Key Concepts
  • How To
  • Windows
  • Apple
  • Android
  • Best-Of
  • Reviews

IT4nextgen

Tech Tutorials and Reviews

IT4nextgen > How To > How to Setup Bitlocker Encryption in windows10? Guide to Securing your Data

How to Setup Bitlocker Encryption in windows10? Guide to Securing your Data

Last Updated June 13, 2022 By Subhash D Leave a Comment

Keeping the sensitive data on your system can be risky unless you protect it an effective way. Encryption is one of the best ways to safeguard your data from hackers, spying agencies or going into the hands of wrong people if your laptop is stolen. Encryption encrypts the data by converting it into an unrecognizable form. One can access the data only after decrypting it by providing the password key. Windows operating system offers a robust data encryption tool in the form of Bitlocker. You need to have a Windows 10 professional or enterprise edition in order to setup Bitlocker encryption. Apart from encrypting the internal hard drives, Bitlocker can also encrypt the external drives for enhanced security.

Benefits of Bitlocker

Maintain confidentiality

The computers are becoming more and more portable and with that said, most of the employees do take their laptops at home or in the field for work. The possibility of laptop getting stolen cannot be ruled out and access to physical hardware makes it easier to steal the data than doing it online. Organizations need to worry more in case the system falls into the hands of its competition. To overcome this situation, Bitlocker encryption comes handy since nobody will be able to boot the device or extract data from the hard drive.

Protects USB drives

It is not uncommon that in organizations, the employees write the data to USB drives and the chances of losing the USB drive are much higher than hard drives or laptops. Bitlocker is capable of encrypting not only inbuilt storage drives but it can also encrypt the USB drives rendering the data non-recoverable in case of misplacing it. IT professionals can also use group policies of windows OS to allow the users to write data ONLY to Bitlocker configured USB drives.

Data crash

Once in while you might face a situation when the hard disk crashes and you need to take it data recovery experts for data recovery. This can also pose a huge security lapse since the data can go into wrong hands. So had it been encrypted with bitlocker, you will not worry about data theft before handling the storage drive to data recovery agents.

Booting Protection

In case somebody tampers the booting files of windows 10 by installing some Trojan software, you will easily get to know about it if the booting partition is encrypted. Any tampering with boot files will make the windows start in Bitlocker recovery mode and any attempt to install malicious software will be thwarted.

Hardware disposal

Most companies do dispose of their IT hardware equipment from time to time and IT pros also make sure that all the data is deleted from the data storage devices before discarding them. But Is it sufficient to just erase or delete the data from hard drives? No, anybody with little data-recovery knowledge can extract that data but a drive encrypted with bitlocker cannot be unlocked without the authentication key.

System requirements

Software Requirements

Bitlocker is available in windows Vista and all later versions.

  • Enterprise and Ultimate editions of Windows Vista and Windows 7
  • Enterprise and Professional editions of windows 8 and windows 8.1
  • Enterprise, professional and education editions windows 10

Hardware requirements

  • The motherboard of the computer or laptop must have a Trusted Platform Module (TPM) chip. When you encrypt operating system drive, bitlocker creates a key in TPM chip that will require upon booting the system.
  • The BIOS or UEFI firmware must be compatible to read from USB storage device in pre-operating system stage. In simple terms, the system should be able to boot from a USB drive.
  • You need at least 2 partitions of the hard disk in a computer to install bitlocker. If you do not have bitlocker will create instead.

Advance Preparations for Encryption with Bitlocker

  • Bitlocker is a time consuming process and depends on the size of your data (in case of partial encryption) and the size of partition in case of full encryption. So, if you are using a laptop, make sure it is connected to power source and if you intend to enable bitlocker on a computer, you need to have a UPS connected to it for power backup in case of power-outage.
  • Before you start encrypting your computer with bitlocker, you have to check whether the hardware of your system has a TPM chip or not. You can examine this by 2 methods.

Method1. Open run command (windows+R) and type tpm.msc

If the system hardware does not have a TPM installed, following message will be displayed.

bitlocker-drive-c

And if it has a TPM, you will get the following message.

TPM status

Method2. You can also verify whether the computer has TMP or not by navigating to

Rghtclick on my computer>click properties>device manager

Now if your system has a TPM hardware, among the various hardware devices, you will find security devices and on expanding it, you will find the TPM version installed.

device-manager-tpm

 

Note: You need not worry if you do not have a TPM on your system motherboard since you can buy it separately and install it in the motherboard.

CHECK TPM 2.0 MODULES ON AMAZON

How to Encrypt System Drive C (with TPM)

Select the primary partition that is drive C and right click on it Now click “Turn on Bitlocker”.

As soon you turn on the bitlocker, the computer will perform two steps. First, it will turn on the TPM security hardware and secondly it will encrypt the drive

bitlocker-setup

 

After you press Next button, the process will ask you to shut down the PC and restart it.

what-is-tpm

In the next screen, you will be instructed to press F1 to let the windows to create authentication value in TPM.

tpm-configuration

When the system re-boots, the bitlocker will be turned on and on pressing the next button, you will be asked to back up the recovery key. This is only required if you want to connect this drive to some other system for data transfer.

In bitlocker setup with TPM, you need NOT have to input a password to unlock the encrypted drive. You just have to sign in windows with your login password.

How to enable bitlocker on a computer without TPM

In case you have checked that your computer motherboard does not support TPM, you can still secure your system drive.

You need to edit the group policy to create additional authentication method on startup.

So let’s start

Open run command (windows+R) and open local group policy editor by typing gpedit.msc.

local-group-policy-editor

From the left sidebar menu, navigate to

windows templates>windows components>Bitlocker drive encryption>operating system drives

Now on the right side double click on “Require additional authentication at startup”.

In the next screen that opens up, you can see that a radio button of “Not configured” is selected by default. Now you need to select Enabled radio button. By doing so, you can see that the option of “Allow Bitlocker without a compatible TPM” is automatically selected in the lower section of the window. Finally, click on Apply and OK.

enable-bitlocker-without-tpm

Now right click on C drive and click on Turn-on Bitlocker.

The encryption will start as shown in the image below.

setup-bitlocker-starts

In the next screen, it will ask you the type of authentication you want to opt for. The two option are

  • Insert a USB flash drive. Choosing this option will require you to insert a USB drive with an authentication key every time to boot the system.
  • Enter a password. If you select this option, you have to input a password upon booting of system

unlock-drive-options

We will select the 2nd option which is less cumbersome and does not require you to always carry a USB drive with you in order to startup the system.

unlock-password

Next, you will be asked to save a recovery key in order to unlock the encrypted drive. The various options include saving it to your Microsoft account, saving it to a removable USB drive, save it to file and print it on a paper.

We will select the option of saving it to file which will prompt you to save the recovery key to any location on the local hard drive.

backup-recovery-key

Next, you need to select whether you want to encrypt the used hard drive or the complete hard drive. We will select 1st option since it is faster and new data is automatically encrypted by bitlocker.

encrytion-options

In the next screen, we will select the New encryption mode which is best for fixed drives.

encryption-modes

Finally, Bitlocker will perform a system check during which it will check the authentication and recovery keys.

bitlocker-system-check

Once you hit the continue button, you need to restart the system and asked to provide the password before you proceed.

bitlocker-password

After the system restarts you will get a notification that Encryption of Drive C is completed. You will always have to provide a password in order to open the C drive and on booting of the computer.

encryption-complete
You can manage the encryption in a number of ways. Right click on the encrypted drive and click manage bitlocker. You will find following options.

  • Suspend protection. You can suspend the bitlocker encryption on a temporary basis when you need to perform any software or hardware upgradation.
  • Backup your recovery key. In case you have lost your recovery key, you can again create a recovery key at the desired location.
  • Change password. If you think your password is too old and might have been leaked, you can change it but you need to input your old password to complete the operation.
  • Remove password. Before you go for this step, make sure you have created another authentication method.
  • Turn Off bitlocker. This option will completely remove the encryption from the partition or drive.

manage-bitlocker

 

Encryption of NON-OS Partitions and External Drives with Bitlocker

The procedure to encrypt USB drives or other than system partitions is same. You do not need TPM to encrypt these partitions.

Setup Bitlocker Encryption Now to Secure your Data

Although Bitlocker encryption is available only on windows 10 pro and enterprise editions, you must enable Bitlocker to save your sensitive data from hackers and Trojan attacks. Follow these methods and also share the tips with your friends.

EXPLORE MORE

  • public key cryptosystem
    Analyzing Different Types of Public Key Cryptosystems
  • cyber-security
    How to Choose the Best Cloud Security Service Provider
  • AI for financial data
    Using Artificial Intelligence To Help Keep Your…
  • ransomware-protection-tips
    Ransomware Protection-Effective Tips to Protect your…

Filed Under: How To

About Subhash D

A tech-enthusiast, Subhash is a Graduate Engineer and Microsoft Certified Systems Engineer. Founder of it4nextgen, he has spent more than 20 years in the IT industry.

Share Your Views: Cancel reply

Latest News

Apple SE phone

Upcoming iPhone SE 4: All You Need to Know

Gemini 2.0

Gemini 2.0: A New Era in AI with Flash, Pro, and Flash-Lite Models

apple-vision-pro

What’s so ‘Pro’ About Apple Vision Pro Headset

Tesla phone

Tesla Phone: Release Date, Price, Specs, and Latest Rumors for the Tesla Pi

android 15

Android 15: Top 7 New Features for Pixel Devices You Need to Know

  • About Us
  • Privacy Policy and Disclaimer
  • Contact Us
  • Advertise
  • Newsletter!
  • Facebook
  • LinkedIn
  • Twitter

Enjoy Free Tips & News

Copyright © 2025 IT4Nextgen.com