1. Home
  2. >>
  3. windows 10
  4. >>
  5. How to encrypt a hard drive with BitLocker in Windows 10

How to encrypt a hard drive with BitLocker in Windows 10



How to encrypt a hard drive with BitLocker in Windows 10


Today we will see how you can encrypt one of your hard drives with Windows 10. For this we will use the integrated BitLocker solution, available in Windows 10 professional versions. Unfortunately Microsoft has not integrated encryption in Windows 10 Home versions.

Encrypting one of your hard drives assumes that no person will be able to access your data without the password (which can be a USB memory), although it could also cause problems for yourself to recover your data if you lose that key. It is not for everyone, but if you have decided that you want to encrypt one of your hard drives, today we will explain how to do it easily from Windows.

1. Try it for the good

BitLocker encryption has a series of somewhat technical prerequisites, but luckily Windows 10 itself can take care of checking if your PC meets the requirements for you. To do this, open the File Browser, right-click on the drive you want to encrypt and choose Enable BitLocker. If the option does not appear, I am afraid that your Windows does not include BitLocker support.

If you get a message like the one above, that means your PC does not have a compatible TPM. TPM stands for Trusted Platform Module: a specialized chip for storing encryption keys to decrypt hardware. It is recommendable, but not strictly necessary to use BitLocker. The only thing is, you will need an extra step. If the above message does not appear, congratulations! Skip directly to point three of this tutorial.

2. Use BitLocker without TPM (if you don’t have one)

You can use BitLocker without the TPM, but for Windows to let you have to change a setting in the Local Group Policy Editor, the famous gpedit. To open it, press Win + R on the keyboard, type gpedit.msc and then click OK.

Once in the local group policy editor, you must navigate through the folders to go to the path Computer Configuration / Administrative Templates / Windows Components / BitLocker Drive Encryption / Operating System Drives. You must double click on each folder to enter inside. After selecting the last one you should find Require Additional Authentication at startup o Require additional authentication at startup, if it appears in Spanish. Double click to edit its value.

In the pop-up window, check the option Enabled (or activated). The rest of the default options are what you need to get BitLocker to work without the TPM, so you don’t need to change anything else. Press okay. Now you can use BitLocker without TPM.

3. Encrypt your hard drive

If the previous attempt to encrypt your hard drive threw you back for not having TPM, you should no longer have that problem. Go back to File Browser, right-click on the drive you want to encrypt (1), and then choose from the drop-down menu Enable BitLocker (two).

BitLocker will do the compatibility check again and if everything goes well you will see a window like the previous one. Here you must choose how you want to unlock the unit: if it will be through a password (which you need to write twice) or via a smart card that you need to insert into the PC.

In the next step you have even more options, in this case to create a backup of the recovery key. You can save it in your microsoft account, in a usb drive, in a file or print it. One of the most versatile options is to save as a file, but whatever you choose … put the password in a safe place.

In the next step you must choose between whether you want to encrypt only the used space or if you want encrypt the entire drive. The first option is faster, but the second is more appropriate when you are encrypting a PC that you have been using for a long time. For added security, choose to encrypt the entire drive.

The last option you should choose before you start encrypting is if you want to use the new encryption or supported encryption. The new encryption will not work on older versions of Windows, but considering that Windows 10 updates “almost” by itself, it is relatively difficult to find versions of Windows older than when the encryption was changed.

Everything is ready. Press start encryption to start encrypting the drive. We have encrypted a different drive than Windows, so the encryption starts immediately and in the background, so you can keep using your PC in the meantime. If you chose to encrypt the Windows drive, you will need to reboot before encryption begins.

In Engadget Basics | How to start Windows 10 in safe mode