Bitlocker is Windows default feature that will help you to protect your data. It is very powerful feature through which you can safe guard your content whenever your laptop or pc is lost. If your drive is locked then there is no one can access the content. Now here in this short guide you can simply turn on Bitlocker and enjoy a more powerful protection for your data. It is included in Windows 8 OS. You can encrypt your entire hard drive and make your data security more strong. This guide I will show you how you can use Bitlocker to encrypt or decrypt your storage. It matters a lot for professionals who want their data to remain at maximum protection. To use this feature you must be the admin of your system. You cannot enable or disable Bitlocker if you are not having admin privileges. There are few things you have to check out before moving ahead.
Bitlocker without TPM
- The first thing you have to do is turn on the Bitlocker on Windows 8. This process is without TPM.
- You should Backup your Registry before applying this step for being on safer side.
- To start that instantly you can download and run this registry file. This will turn-on the Bitlocker and you can start with encryption. Just download and save the file. Run it. Once done reboot your pc and done.
- Now download this second registry file. This process will help you to add extra authentication on Bitlocker. Save the file and run the registry file. This will require UAC access. Just run the file and merge it if you need additional authentication. Do not forget to reboot your pc to apply the settings.
Providing GPO access to Bitlocker for encryption (No TPM)
- Hold Start Menu key + R button from the keyboard to launch the Run box.
- Now in that type gpedit.msc hit enter. This will launch Group Policy Editor.
- At the left side in Group Policy Editor you can find a option as Computer Configuration. Click on that. Then select Administrative Templates > Windows Components. Search for BitLocker Drive Encryption in that and choose the operating system.
- Now come toward there right side and there you have to click on System Drive. Just click on Require additional authentication. That it.
- Add a tick to enable Bitlocker. This is a without TPM method. Show choose Bitlocker without a compatible TPM box. Click on OK. Now exit Group Policy.
Providing GPO access to Bitlocker for encryption with TPM enabled
- Most of the methods will be same from the top side. All you have to do is choose the settings properly when you are in GPO. I am going to explain this thing in short. Just follow the first 4 steps of Step 2.
- When you are in Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
- Now from the right side choose the system drive and choose Require additional authentication, from here you just have to select Allow Bitlocker with TPM. That’s it. Exit GPO. There are chances that upon exist you might also have o choose the encryption method. Select between AES 128-bit or 256-bit
Configuring Bitlocker Partition
- Start by going in the drive where you have to configure Bitlocker. The OS partition which we had selected in GPO.
- Then go in Control Panel and search for BitLocker Drive Encryption. Select the OS drive there and then tap on the arrow to open up Windows 8 Drive. You have to choose Encrypt from here. Just turn it on.
- Now open Windows Explorer by holding Windows Key + E from the keyboard. Right click on the encrypted hard drive and choose Turn on Bitlocker. You can also go in Manage if you are unable to see Bitlocker.
- Now if your system is not having a 350mb system partition then you can allow Bitlocker to create one. You will get a message on the screen about that. Click on Next.
- Bitlocker with automatically prepare the hard drive. Once it is done click on Restart now.
- Once you are done with that just reboot your system. We will not create a usb bootable drive to unlock Bitlocker partition.
- After reboot insert the pen drive and choose Unlock OS Drive.
- You will get the message up on reboot. This is the first screen for partition of Bitlocker Unlock method.
- There are two ways. First you can do that by inserting a USB drive or second you can use a Password. Select USB. You can also let Bitlocker to manage your hard drive by click on on “Let Bitlocker Automatically unlock by drive”.
- For usb insert a pen drive. It will be detected in the window. Select it and click on Save.
- The next thing you have to do is add password. Click on Next. Remember that usb drive option will not work if TPM is enabled. In that use save to a file option.
- Next thing you can do is use Microsoft Account if you want to save your key online and retrieve it anytime you want.
- Bitlocker give you option to backup your recovery key. The options are Save to your Microsoft Account, Save to USB Flash drive, Save to a file and Print the Recovery key.
- The next option is to choose the drive for encryption. You can use the disk space or partition or you can choose the entire hard drive. Better to select the entire hard drive.
- Now once you are done at the end you will get a Run Bitlocker Check option. This is to verify that all things are fine or not.
- And at the end you can see a icon at the system tray. That encryption is started. This process will take some time. And once Bitlocker is has done with that you will get a restart message on the screen. The next time when you try to unlock the drive you have to add the password.
Conditions for Bitlocker:
- There must be at least a 350MB of space in the system drive partition. Less that will not help. Usually system partition is configured automatically. You can extend that. In order to use the automatic lock feature it is very important that the drive which has Windows 8 must also be encrypted. Remember that whatever file you will move in the partition that has encryption on the files will be automatically encrypted. And when you move the file out of from encryption partition the file will be unencrypted. It is not longer protected.
- To use Bitlocker your system must have a FAT32 partition. Or the latest one NTFS partition. This is a compulsory requirement for those system who boot on useful firmware. But those who are in legacy bios firmware then your system must have a NTFS file system.
- If you had already created a system image file or recovery partition of your system which was not encrypted before all feels are decrypted automatically when you restore.
- For those who are using TPM it is very important that they must turn on Bitlocker immediately once they had turned on TPM upon next boot. If you fail then there can be clash between TPM verification check and Bitlocker encryption.
- It is possible to use a Windows 8 bootable drive or usb to unlock a encrypted partition. IF you are using the usb to unlock the drive it is essential that usb drives must be enabled from the bios.
- The benefit of using Bitlocker is that when you share a encrypted file on a Windows network with others only those who have permission can access it. Other will be denied access.