Are your PC is near to your heart? Do you use your PC continuously? In my case, it is yes for both the question. But one question which tenses me that if my computer gets steal then what will happen to my data? There is an option to save your data when it get steals or you are giving it to someone for some time. You can enable Windows full disk encryption to save your data from any mishappening.
In this post, I will tell you how to enable Windows full disk encryption using Bitlocker?, What are the methods to encrypt your whole disk or drive to save your data? There are many full disc encryption software to encrypt your drive or you can use inbuilt Windows option known as Bitlocker.
So let’s discuss about BitLocker Windows full disc encryption.
You can Read Bitlocker Wikipedia for More Info.
Some Criteria for BitLocker
As I told you, Bitlocker is the inbuilt feature of Windows for full disc encryption but there are some conditions before using BitLocker. Only some Windows are supported with BitLocker and I am giving you the list of those Windows.
- Windows Vista or 7 Enterprise.
- Window Vista or 7 ultimate.
- Windows 8.1 enterprise.
- Windows 8.1 Pro.
- Windows 10 Pro
Apart of these versions of Windows, you should have TPM (Trusted Platform Module) in your system.
What is TPM?
TPM is an add-in chip found on some motherboards. Actually, TPM generates encryption keys and store them in the module itself, not in hard-drive only. It can detect tampering attacks, for example, if someone steals your hard drive or your computer and tries to use it then it won’t work.
Read TPM wiki for more info.
How to use BitLocker to enable Windows full disk encryption?
- Search BitLocker on Start Menu.
- Click on “Manage BitLocker”. Now you can see the following screen.
- Now You can observe the option of “Turn on BitLocker“. Click on it.
- Now it will prompt an option “Choose How you want to unlock this drive“. You can use a password for that or You can choose the option of Smart card which needs a USB drive during unlocking your Drive. At present, I am using the option of Password.
- Now It will ask “How do you want to back up your recovery password?“. I would suggest you to choose the option of “Save to a USB flash drive” because it is the best way to save your data. At present, I am using “Save to a file” option.
- After tapping Next tabs. Click on “Start Encrypting“. Encrypting time depends on How much data is on your drive? In my case, It took 2-3 hrs. So Don’t worry about time.
- Now Restart your PC.
- After this, When you tries to open your encrypted drive. It will ask you for a password which you entered during Encryption. If you choose the Smart Card option then you need your USB or SDcard to unlock the drive.
Now BitLocker is completely set on your PC. But Many Users have the complaint that after Restarting their PC, This system does not work and shows a popup of “TPM compatibility issue“.
How To Use BitLocker for Windows Full Disk Encryption without TPM?
There are two ways to use BitLocker without a TPM. If you are using a modern motherboard including lower cost ones then definitely your motherboard would have a TPM header support. You can buy a TPM header from Amazon at a low cost.
I would suggest you to use this way because if you really want to save your drive data from any mishappening then real TPM will help you a lot.
But I have another way to use TPM without investing money.
To use BitLocker without TPM, you have to change the group policy of your PC. But keep in mind that you can’t change the group policy if you are PC is joined to School or Business domain.
If you are using your own PC then don’t worry about this. You can easily access to your Group policy editor.
Now follow the following steps to do some changes in local group policy editor to run BitLocker without TPM.
- First press Windows + r or search for “run” on the start menu.
- Now type “gpedit.msc” and press “OK” tab.
- Now you have to reach at “operating system Drives” option. For this, click on “local computer policy” at right side then click “computer configuration” then “administrative templates” then “Windows components” and then “Bitlocker drive encryption” and you can see the option of “operating system drives“.
- In “operating system drives”, open “require additional authentication at startup” which is at the right side.
- Now the following screen will pop up. Select the “enable” option and check that at the bottom side there is a tick mark on “Allow bitlocker without a compatible TPM”. Refer the below image.
- Now click “OK” and again go through the same process of enabling BitLocker which mentioned above.
It is all about BitLocker and Windows Full Disk Encryption. Apart of BitLocker, there are many Softwares which can be used for Full Disk Encryption. You can know about these Softwares in this link.