Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

Encrypt Your Windows PC

Tagged with pc, protect, cyber, security, encryption, windows
by Aaron O'Neill
in Blog

05-Jun-2018 16:53

Following on from our previous post, hopefully, we can all agree that full disk is a great idea. “But what if you’ve got a Windows machine?” I hear you cry. Fortunately, with Microsoft’s latest operating systems, you’re covered. Just as with their Apple counterparts, your Windows machine probably has full disk encryption software built in. Although this time it’s in the shape of BitLocker rather than FileVault. Whilst they both perform the same function, they go about it slightly differently.

Bitlocker is available in the following versions of Windows:

  1. Ultimate and Enterprise editions of Windows Vista and Windows 7;
  2. Pro and Enterprise editions of Windows 8 and 8.1;
  3. Pro, Enterprise, and Education editions of Windows 10;
  4. Windows Server 2008 and later.

Since 2008, BitLocker has been able to encrypt any of the disks inside your computer and post-Windows 7, is able to work with external drives too. This is brilliant and means that you can secure external backup drives and even USB sticks, allowing for quick and secure file transfers.

BitLocker works similar to FileVault in that a password is entered on startup of the machine to decrypt the disk and then isn’t required again until the next power on. BitLocker, however, is slightly more flexible in that its features extend to include smart card verification, USB key verification and even support for specialist encryption chips found in some enterprise hardware that verifies the startup code before the machine boots. This grants the user some options so they can pick the perfect balance between convenience and security.

While enabling BitLocker, a recovery key is generated. The recovery key is used to gain access to your computer should you forget your password. After the recovery key is generated you will be prompted to restart the machine. The encryption process begins when the computer reboots.

So here’s the process;

  1. Click Start
  2. Type Bitlocker
  3. Click Manage BitLocker
  4. The name of the BitLocker control panel is BitLocker Drive Encryption.
  5. The BitLocker control panel supports encrypting operating system, fixed internal disks and removable disks.
  6. The BitLocker control panel will organise available drives in the appropriate category.
  7. If you do not see the disk you’d like to encrypt here, it may not be supported by BitLocker and you should reformat the drive or contact support.
  8. To start encryption for a volume, select Turn on BitLocker for the appropriate drive to initialise the BitLocker Drive Encryption Wizard.
  9. BitLocker Drive Encryption Wizard options vary based on whether the disk contains the operating system but the wizard will guide you through the steps.
  10. If BitLocker is happy with the drive you have selected, you will be asked to enter a password.
  11. Once a strong password has been input, a recovery key will be generated.

It is extremely important you print this recovery key or store it somewhere safe not on the target computer. If you lose both the password and recovery key, your data will be unrecoverable. When the recovery key has been properly stored, the BitLocker Drive Encryption Wizard will prompt the user to choose how to encrypt the drive.

There are two options:

  1. Encrypt used disk space only - Encrypts only disk space that contains data
  2. Encrypt entire drive - Encrypts the entire volume including free space

It is recommended that drives with little to no data utilise option one and that drives with data or an operating system utilise option two.

The BitLocker Drive Encryption Wizard will restart the computer to begin encryption. Upon reboot, users are required to enter the password chosen to boot into the operating system volume. Users can check encryption status by checking the system notification area or the BitLocker control panel.

To disable BitLocker, the process is much easier;

  1. Click Start
  2. Type Bitlocker
  3. Click Manage BitLocker.
  4. The name of the BitLocker control panel is BitLocker Drive Encryption.
  5. Locate the disk where you are disabling Bitlocker and simply select Turn Off BitLocker.