Losing your laptop can be frustrating, but losing sensitive data is even worse. Anyone can peek through the data stored on your PC by simply attaching the internal hard drive to their PC. However, you can easily protect your data by encrypting your PC’s hard drive to ensure that only you can access it with a password or recovery key.
With that said, we created this post to explain everything you need to know about encrypting your data with BitLocker, its inner workings, and how you can quickly activate BitLocker on your Windows 11 computer. to protect your sensitive data.
What is BitLocker and how does it work?
BitLocker is a Full Disk Encryption utility included with Windows 11 Pro, Enterprise, and Education editions. Although the Windows 11 Home edition can use BitLocker, it only allows device encryption and misses out on other advanced features.
You can use BitLocker to encrypt that data on the storage drive to protect and deny unauthorized access to your computer. Similar to other full disk encryption utilities, BitLocker scrambles the data on your computer’s drives using the AES (Advanced Encryption Standard) algorithm. Along with AES, BitLocker also uses a hardware-based Trusted Platform Module (TPM) and Unified Extensible Firmware Interface (UEFI) to ensure that all your data on the drive is safe. readable until and unless you enter the password or recovery key to decrypt it.
That said, you may want to encrypt multiple drives on your computer. Windows 11 allows you to encrypt the Main Drive or Operating System Drives (Local Disk C:), Data Drives Fixed Drives (Local Disks D, E, F, etc.) mobile device that you normally use with your computer.
Read along as we explain how you can easily use BitLocker to encrypt data per drive with or without a TPM (Trusted Platform Module) chip.
How to enable BitLocker on Drive operating system
The first step to protecting your PC data is to encrypt its operating system drive – where you installed the Windows 11 OS. The main operating system drive on your computer stores all system files. important and user data necessary for Windows to function properly. By default, it’s the Local Drive C: in most computers, unless you installed Windows in a drive or partition with a different drive label.
Here’s how you can enable BitLocker on your OS Drive to encrypt the data on it:
Step 1: Press the Windows + S key combination to open the search panel and type Manage BitLocker. From the results, click Open.
Step 2: On the BitLocker Drive Encryption page, click on the ‘Enable BitLocker’ option located below the ‘Operating system drive’ section.
Please note that if you want to encrypt the C: Operating system drive, you will need to enter the encryption password each time the computer boots.
Step 3: Click Next to start setting up BitLocker Drive encryption.
Step 4: You should make a backup of your important files and data on your drive and click Next.
Step 5: Click Next again.
Please note that when you enable BitLocker on your PC’s main drive, you won’t be able to access the Windows recovery environment until you manually enable it using the Settings app before restarting your computer.
Step 6: Click the ‘Enter Password’ option to generate a BitLocker encryption password that you need to enter every time you start your PC.
If required, you can also select the ‘Insert a USB flash drive’ option to use the USB drive as an access key that you will need to connect to your PC each time it boots.
Step 7: Click on the ‘Enter your password’ text box and create a strong password that you will use to unlock your drive and re-enter it in the text box below. Then click Next.
Step 8: Plug the USB drive into the USB slot on your PC and click the ‘Save to a USB flash drive’ option to create a backup of the recovery key. You can use the recovery key to unlock your drive if you forget your BitLocker password.
You can choose any of four or more options. However, we recommend that you store the recovery key on a USB flash drive in a locker or safe place without the risk of losing or exposing the key.
Step 9: Click and select the USB drive where you want to save the recovery key. Then click Save.
Step 10: Once you see the message ‘Your recovery key has been saved’, click Next.
Step 11: Choose one of the two options and then click Next:
- Select the option ‘Encrypt only used disk space (faster and best for PCs and new drives)’ to encrypt only the files currently stored on your hard drive and not the space do not use on the drive.
- Select the ‘Encrypt entire drive (slower but best for PCs and drives already in use)’ to encrypt the entire drive to make the data on it more secure.
Step 12: Select the appropriate encryption mode and click Next:
- Select ‘New encryption mode (best for fixed drives on this device)’ to encrypt your PC’s internal hard drive.
- Select ‘Compatibility mode (best for drives that can be moved from this device)’ to encrypt an external storage device, such as an external hard drive or USB flash drive to improve performance. compatibility with older versions of Windows.
Step 13: Click Start Encrypt to begin the drive encryption process.
Meanwhile, you can also click the ‘Run BitLocker system check’ checkbox then click Continue to make sure that BitLocker can correctly read the recovery and encryption keys you generated before disk encryption.
Step 14: Wait for the drive to Encrypt itself, and once the encryption is complete, click Close.
And now, every time you start your PC, you will be asked to enter the BitLocker password you created in step 4 to gain access to Windows. Meanwhile, if you forget your BitLocker password, you can press the Esc key on your keyboard to enter the recovery key and gain access to your PC.
Furthermore, you can also see that the icon of the C: drive that you just encrypted has been replaced with a golden padlock and a BitLocker key icon.
How to enable BitLocker on a fixed data drive
You can easily enable BitLocker on your computer’s main drive (C: Drive), but what about the data on the Fixed Data/secondary drive? To ensure the highest level of protection, the data on your secondary drives needs to be treated with equal importance.
Here’s how you can enable BitLocker on your Permanent or Secondary Data drives on your Windows 11 PC:
Step 1: Press the Windows + S key combination to open the search panel and type Manage BitLocker. Then, from the results that appear, click Open.
Step 2: On the BitLocker Drive Encryption page, click the option to enable BitLocker.
Step 3: In the new screen, click on the box next to the ‘Use password to unlock the drive’ option.
You can only use the latter option if you have a two-factor authentication smart card that allows you to decrypt the drive using its RFID (Radio Frequency Identification) chip and its alphanumeric PIN.
Step 4: Click on the ‘Enter your password’ text box and create a strong password that you will use to unlock your drive and re-enter it in the text box below. Then click Next.
Step 5: Plug the USB drive into the USB slot on your PC and click the ‘Save to a USB flash drive’ option to create a backup of the recovery key. You can use the recovery key to unlock your drive if you forget your BitLocker password.
You can choose any of four or more options. However, we recommend saving the recovery key on a USB flash drive because it can be safely stored in a locker or safe without the risk of being lost or exposed.
Step 6: Click and select the USB drive where you want to save the recovery key. Then click Save.
Step 7: When you get a message saying your recovery key has been saved, click Next.
Step 8: Select an appropriate option and click Next.
- Select ‘Encrypt only used disk space (faster and best for PCs and new drives)’ to encrypt only current files stored on your hard drive and not encrypt unused space used on the drive.
- Select ‘Encrypt entire drive (slower but best for PCs and drives already in use)’ to encrypt the entire drive to make the data on it more secure.
Step 9: Select the appropriate encryption mode and click Next.
- Select ‘New encryption mode (best for fixed drives on this device)’ to encrypt your PC’s internal hard drive. This drive will not be used between multiple systems, unlike an external drive.
- Select ‘Compatibility mode (best for drives that can be moved from this device)’ to encrypt an external storage device, such as an external hard drive or USB flash drive to improve performance. compatibility with older versions of Windows.
Step 10: Click Start Encryption to start the encryption process.
Step 11: Wait for the drive to Encrypt itself and click Close once the encryption is complete. Then restart your PC.
After restarting your PC, you should see that the encrypted drive’s icon has been replaced with a yellow padlock and key icon.
Every time you start your PC and try to open the encrypted drive, you will be asked to enter the BitLocker password you created in step 4 to gain access.
Meanwhile, if you forgot your BitLocker password, you can click the more options button below the password field and then click Enter recovery key.
Alternatively, you can also use the steps mentioned above to enable BitLocker to Go, which can be used to encrypt USB sticks, external hard drives, SD cards, and removable storage peripherals. other.
How to enable BitLocker without TPM
Windows offers two levels of BitLocker encryption—hardware and software-based. Hardware-based encryption works using the Trusted Platform Module (TPM) chip built into the CPU or installed on your PC’s motherboard. Software-based encryption allows users to use BitLocker even on systems that do not have a TPM chip. However, it is slightly less secure than hardware level encryption.
If you use Windows 11 on your computer, chances are your PC has a TPM chip installed. That chip is part of the Windows 11 minimum system requirements. However, if you’re trying to use BitLocker on a Windows 11 virtual machine, you’ll need to enable software-based encryption using the policy editor. Group. This is the way:
Step 1: Press the Windows + R key combination to open the Run dialog box and type gpedit.msc in the text field. Then press Enter.
Step 2: In the Local Group Policy Editor, navigate to the following path:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
Step 3: Double-click the ‘Require additional authentication at startup’ option from the right pane.
Step 4: In the ‘Require additional authentication at startup’ window, click the Enabled button and then click the Apply button.
After the ‘Required Startup and Additional Authentication’ policy, you can use the same method we explained in the first and second sections to Encrypt any drives and their data on your PC run your Windows 11.
How to disable BitLocker on Windows 11
BitLocker certainly helps protect your data, but it adds to the inconvenience of remembering and entering a password every time you start your computer. So you may want to disable BitLocker on your Windows 11 PC if you plan to sell it or want to access files stored on an external drive using other operating systems.
That being said, here’s how you can quickly disable BitLocker on any hard drive on your PC:
Step 1: Press the Windows + S key combination to open the search panel and type Manage BitLocker. Then, from the results that appear, click Open.
Step 2: On the BitLocker Drive Encryption page that appears, click the ‘Disable BitLocker’ option.
Step 3: When the confirmation dialog appears, click the ‘Disable BitLocker’ option.
Step 4: Wait for the drive to decrypt itself and click Close once the decryption is complete. Then restart your PC.
In addition to disabling BitLocker, you can also access the same control panel page to change your drive’s BitLocker password, create a backup of your recovery key, etc.
Securely encrypt your data with BitLocker
It’s quite a lot. After following the steps mentioned above, you can securely encrypt your computer’s hard drive with BitLocker and prevent unauthorized access to your sensitive data.
Categories: How to
Source: thpttranhungdao.edu.vn/en/
