In this video, I will develop the topic of disk encryption with BitLocker.
This material will help you to secure your data on hard disks and removable devices with
the help of Windows built-in tools.
BitLocker is only available to users having Windows Vista / 7 Ultimate and Enterprise
editions, or Windows 8 / 10 Pro and Enterprise editions.
The encryption process boils down to using a special algorithm to transform data into
a format that can be accessed by the owner only.
In order to enable BitLocker encryption: • Open Control Panel / BitLocker Drive Encryption.
• You can also encrypt a hard disk or USB drive by right-clicking on the necessary drive
in the folder “This PC” and choosing the element “Turn on BitLocker.”
If this option does not appear in the list, then it means you’re using an operating
system without BitLocker support.
• In the opening BitLocker Drive Encryption window you will see all removable and non-removable
data storage devices connected to this PC.
There are two encryption types available: For logical partitions.
It allows encrypting any built-in non-removable disks, system or not.
When the computer is turned on, the loader starts Windows from the System Reserved partition
and suggests choosing a method to unlock - for example, using a password.
After that, BitLocker decrypts the disk and starts Windows.
The encryption / decryption process is on-the-go, and you8 can work with the computer in the
same way as before encryption was enabled.
You can also encrypt other disks in your computer as well - it is available not only the disk
with the operating system.
You will have to enter a password when you address such disk for the first time.
The other type is for encrypting removable or external devices.
External media, such as USB drives and external hard disks, can be encrypted with BitLocker
You’ll be suggested to enter a password to unlock the media when you connect it to
Users who have no password won’t be able to access files stored in such media.
• Let’s enable BitLocker for disk D. • Turn on BitLocker
• In the windows that opens, you have to select how to unlock the disk.
There are two options: use a password, or use a smart card to unlock the disk.
Smart cards are often used in large companies to unlock drives.
This method requires having a smart card and a special reader device.
After I check the box next to the password-setting option, the fields to enter the password become
Enter it twice and then click Next.
Remember that it should be at least 8 characters long.
• The next step in enabling BitLocker is to set up and backup a recovery key in case
the main password is lost.
Before encrypting the disk, BitLocker will give you a recovery key.
This key will decrypt an encrypted disk if the password is lost or entered incorrectly
several times, and in all other cases when there is no password or the system won’t
You can save the key to a file, print it and keep with other important documents, or upload
it to your Microsoft account.
If you save your recovery key to your Microsoft account, you’ll be able to access it later
by following this link – https://onedrive.live.com/recoverykey (find it in the description).
Make sure you are going to keep this key in a safe place - if anyone gets it, they will
be able to decrypt the disk and get access to your files.
It is reasonable to have several copies of the key and keep them in different places
- if you have no key and something happens to your main unlock method, your encrypted
files will be lost forever.
• I choose “Save to a file” To demonstrate it, I save the recovery key
But I don’t recommend doing that.
You can check at once if the file is in the directory where you saved it.
Here is the key file.
The recovery key contains 48 characters.
Here it is.
• After BitLocker is turned on, it will automatically encrypt new files as they are
created or modified, but you can choose what to do with the files that already exist on
your hard disk.
You can encrypt used space only or encrypt the entire drive.
Encrypting the entire drive takes much longer but it will protect you against recovering
If you are setting up BitLocker on a new computer, then encrypt used space only - it will be
I choose “Encrypt entire drive”
• Beginning with build 1511, Windows 10 features a new encryption mode (XTC-AES).
This new encryption method provides additional integrity support but it is incompatible with
earlier versions of Windows.
In my case, the internal hard disk is encrypted, so I choose “New encryption mode.”
If it was an external hard disk or a USB drive, I’d recommend going for “Compatible mode.”
Windows 7, 8 and earlier builds of Windows 10 won’t have this item.
• Start encrypting.
• The encryption process starts.
You can use the computer while the process is running, but it will make it slower.
In the system tray, the BitLocker icon appears, so click on it to see
the progress of encryption.
• After the disk is encrypted, there will be a special icon shown on the disk in Windows
• When trying to access the disk and its data, you will need to enter a password to
If you forgot the password, you can enter the recovery key here.
If you check the box next to “Turn on auto-unlock” then the disk will unlock every time you re-connect
it to this computer.
It applies more to removable media.
• After the disk is unlocked, all files it contains will be available for use.
The disk will be locked again only after the computer is shut down or restarted.
The menu Manage BitLocker will also become available for the encrypted disk.
In order to get there, right-click on the encrypted disk and choose Manage BitLocker
to go to Control Panel.
This is where you can backup recovery key (create another copy), change password, remove
password, add smart card, turn on auto-unlock or turn off BitLocker.
• Remember that if you forgot the pass word for your encrypted disk, and the recovery
key is lost, you cannot get access to data in such disk.
That is why you should keep your recovery key in a very safe place.
• If you want to use such disk later, it can be formatted.
Formatting will destroy all data on the disk but you will be able to access and use it
Accidentally deleted files or data lost as a result of encrypting the disk with BitLocker
still can be restored with Hetman Partition Recovery.
However, you should unlock the disk before scanning.
Without the unlocking password, all data remains encrypted and can’t be restored.
To do it, double-click on the disk in the Explorer window and enter the password.
As Windows uses the on-the-go encryption principle, the recovery process will be no different
from working with any other disk.
Watch our videos to learn how to restore data from a hard disk or removable media with Hetman
Partition Recovery; use the links in the description.
If you no longer need to encrypt your data, just turn off BitLocker, and the disk will
To do it: • go to Manage BitLocker
• Go to the encrypted disk • Select “Turn off BitLocker”
• Click “Turn off BitLocker” again to confirm your choice.
• Decryption is running.
• Disk decryption is over.
• Now the disk icon is back to standard, and you can use this disk without having to
enter a password or recovery key.
That is all for now.
In our next videos, we will have a closer look at BitLocker settings, find out what
TPM is, and how to set up and use BitLocker on a computer without TPM.
If you liked this video, click the Like button below and subscribe to our channel to see
We’ll be glad to answer any questions in comments.
Thank you for watching and good luck!