Encrypting Windows 10 With BitLocker Encryption Part 2

Windows 10 BitLocker Hardware Requirements

For BitLocker to work, you need a PC with a Trusted Platform Module (TPM). According to Microsoft:

A PC with a Trusted Platform Module (TPM), which is a special microchip that supports advanced security features. If your PC was manufactured with TPM version 1.2 or higher, BitLocker will store its key in the TPM.

To turn on BitLocker Drive Encryption on the operating system drive, your PC’s hard disk must:

  • Have at least two partitions: a system partition (which contains the files needed to start your PC and must be at least 100 MB) and an operating system partition (which contains Windows). The operating system partition will be encrypted but the system partition will not, so your PC can start. If your PC doesn’t have two partitions, BitLocker will create them for you. Both partitions must be formatted with the NTFS file system.
  • Have a BIOS (the built-in software that starts the operating system when you turn on your PC) that’s compatible with TPM or supports USB devices during PC startup. If this isn’t the case, you’ll need to update the BIOS before using BitLocker.

If your system meets those requirements, you’ll have no problem enabling BitLocker on your local drive. But, a lot of consumer computer’s simply don’t meet those requirements. Luckily there’s a work-around provided you’re not running a Home version of Windows.

Does my PC have TPM?

To find out if your PC has a TPM, open Control Panel, then select BitLocker Drive Encryption > TPM Administration.

Then you’ll see if your system has TPM. In this case, my computer doesn’t have it – but it might be possible to enable it in your system’s BIOS. When dealing with a PCs BIOS, each system varies, so you might need to refer to manufacturer documentation. But what if you don’t have TPM enabled hardware?

Use BitLocker on Drives Without TPM

If you don’t want to deal with messing with your computer’s BIOS, or waste time updating it, there’s an easy way to make BitLocker work without TPM enabled hardware. Use the keyboard shortcut Windows Key + R and type: gpedit.msc and hit Enter or click OK.

Now navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives. Then double click on “Require Additional Authentication at Startup”.

On the next screen select Enabled, and under Options check the box “Allow BitLocker Without a Compatible TPM” and click OK and close out of Group Policy Editor.

 

To Start BitLocker Encryption Follow These Steps

Step 1: Right Click Start Menu Button and Select Control PanelW10Step2

 

Step 2: Click System and SecurityW10Step3

 

Step 3: Click BitLocker Drive EncryptionW10Step4

 

Step 4: Click Turn on BitLockerW10Step5

 

Step 5: Save your Recovery Key

Save it to your Microsoft Account or to an external drive or thumb drive. This has to be saved on a different drive other than the one you are encrypting.

(Important: Be Sure to Keep it in a Safe Place where you will be able to find it again if needed.)

W10Step6

 

Step 6: Select Encrypt Entire Drive then click NextW10Step7

 

Step 7: Click Run Bitlocker System Check and then click Start Encrypting your computer will then Restart.

If the BitLocker System Check Fails you will be notified of the error before BitLocker enables. If you do receive an error you may need to troubleshoot with a technical expert.

Step 8: After the computer restarts a icon will appear in your Tool Bar.W10Step9

 

Clicking the Icon will bring up this Screen that shows the progress of your Encryption. (This will take a while depending on the Size of your Drive.)W10Step10

Step 9: Verify Encryption by  Right Clicking the Start Menu Button and Selecting Control PanelW10Step2

Click System and SecurityW10Step3

Click BitLocker Drive EncryptionW10Step4

If BitLocker has finished you will see BitLocker on and your drive in now Encrypted.W10Step11

Comments are closed.