How to Enable BitLocker Encryption on System Volumes
To enable BitLocker on a system volume, follow these steps:
- Perform a full backup of the computer. Then, run a check of the integrity of the BitLocker partition using ChkDsk.
- Open Control Panel. Click System And Security. Under BitLocker Drive Encryption, click Protect Your Computer By Encrypting Data On Your Disk.
- On the BitLocker Drive Encryption page, click Turn On BitLocker.
If your partitions are properly configured and your computer has a TPM (or the TPM requirement has been disabled), you can enable BitLocker.
- If available (the choice can be blocked by a Group Policy setting), in the Set BitLocker Startup Preferences dialog box, select your authentication choice.
- If you choose to use a USB key, the Save Your Startup Key dialog box appears. Select the startup key and then click Save.
- Choose the destination to save your recovery password. The recovery password is
a small text file containing brief instructions, a drive label and password ID, and the
48-digit recovery password. The choices are to store it on a USB drive, save it to a local
or remote folder, or print the password. Be sure to save the password and the recovery
key on separate devices. You can repeat this step to save the password to multiple
locations. Keep the recovery passwords safe-anyone with access to the recovery
password can bypass BitLocker security. Click Next.
Note It is strongly recommended that you save your recovery password to more than one location or device to ensure that you can recover it in the event that the BitLocker drive becomes locked. Keep the recovery keys safe and separate from the protected computer. Additionally, ensure that BitLocker-protected volumes are regularly backed up.
- Select the Run BitLocker System Check check box and click Continue if you are ready to begin encryption. Click Restart Now. Upon rebooting, BitLocker will ensure that the computer is fully compatible and ready to be encrypted. BitLocker displays a special screen confirming that the key material was loaded. Now that this is confirmed, BitLocker will begin encrypting the drive after Windows starts, and BitLocker will be enabled. If you do not select the Run BitLocker System Check check box, click Start Encrypting.
Encryption occurs in the background; the user can work on the computer (although free disk space and processor time will be partially consumed by BitLocker). If BitLocker encounters a disk-related problem, it will pause encryption and schedule a ChkDsk to run the next time you restart your computer. After the problem is fixed, encryption will continue.
A notification message is displayed in the system tray during encryption. An administrator can click the BitLocker system tray icon and then choose to pause the encryption process if the computer's performance is impacted, although the computer will not be protected until encryption is completed.
In this tutorial:
- Managing Disks and File Systems
- Overview of Partitioning Disks
- How to Choose Between MBR or GPT
- Converting from MBR to GPT Disks
- GPT Partitions
- Choosing Basic or Dynamic Disks
- Working with Volumes
- How to Create a Simple Volume
- How to Create a Spanned Volume
- How to Create a Striped Volume
- How to Resize a Volume
- How to Delete a Volume
- How to Create and Use a Virtual Hard Disk
- File System Fragmentation
- Backup And Restore
- How File Backups Work
- File and Folder Backup Structure
- How System Image Backups Work
- How to Start a System Image Backup from the Command Line
- How to Restore a System Image Backup
- System Image Backup Structure
- Best Practices for Computer Backups
- How to Manage Backup Using Group Policy Settings
- Previous Versions and Shadow Copies
- How to Manage Shadow Copies
- How to Restore a File with Previous Versions
- How to Configure Previous Versions with Group Policy Settings
- Windows ReadyBoost
- BitLocker Drive Encryption
- How BitLocker Encrypts Data
- How BitLocker Protects Data
- TPM with External Key (Require Startup USB Key At Every Startup)
- TPM with PIN (Require PIN At Every Startup)
- TPM with PIN and External Key
- BitLocker To Go
- BitLocker Phases
- Requirements for Protecting the System Volume with BitLocker
- How to Enable the Use of BitLocker on the System Volume on Computers Without TPM
- How to Enable BitLocker Encryption on System Volumes
- How to Enable BitLocker Encryption on Data Volumes
- How to Manage BitLocker Keys on a Local Computer
- How to Manage BitLocker from the Command Line
- How to Recover Data Protected by BitLocker
- How to Disable or Remove BitLocker Drive Encryption
- How to Decommission a BitLocker Drive Permanently
- How to Prepare AD DS for BitLocker
- How to Configure a Data Recovery Agent
- How to Manage BitLocker with Group Policy
- The Costs of BitLocker
- Windows 7 Encrypting File System
- How to Export Personal Certificates
- How to Import Personal Certificates
- How to Grant Users Access to an Encrypted File
- Symbolic Links
- How to Create Symbolic Links
- How to Create Relative or Absolute Symbolic Links
- How to Create Symbolic Links to Shared Folders
- How to Use Hard Links
- Disk Quotas
- How to Configure Disk Quotas on a Single Computer
- How to Configure Disk Quotas from a Command Prompt
- How to Configure Disk Quotas by Using Group Policy Settings
- Disk Tools
- MoveFile and PendMoves