If you are using Windows 10, then you have already heard about BitLocker. Microsoft has launched a BitLocker feature with Windows 10 to protect users’ data. BitLocker is one type of encryption that encrypts your data against unauthorized access. If you have enabled BitLocker for any folder or driver, then BitLocker will encrypt everything in that folder. No one can access that folder or drive without a Bitlocker password or key. The same feature is available in Windows 11 too.
- Turn On BitLocker on Windows 11
Requirements for BitLocker
There are some specific requirements to use BitLocker on Windows 11. Here is a list of requirements.
- Windows 11 Pro, Education, or Enterprise
- Trusted Platform Module chip (TPM) support is required.
- Two drive partitions are required: system partition and operating system partition
- The operating system partition has an NTFS file system
- Admin access is required
How to Check TPM is enabled or not?
Step 1: Open the Run command box with the Windows + R button on your keyboard.
Step 2: In the run command box, type tpm.msc command and then press enter. This command will open a Trusted Platform Module (TPM) Management window.
You can check if TPM is installed on your computer or not, along with the TPM version.
Step 3: You should see the ‘The TPM is ready for use’ message below Status.
If your system has TPM and is not ready to use, you have to enable it using BIOS/UEFI firmware manually.
Turn On BitLocker on Windows 11
There are multiple ways to enable BitLocker on Windows 11. We will explain all methods in detail.
Let’s get started.
Method 1: Enable BitLocker using the Settings App
Step 1: Open Windows 11 settings with Windows + I button on the keyboard.
Step 2: Click on the System > Storage option in the right sidebar.
Step 3: Find Advanced storage settings and click on it.
Step 4: In the advanced storage settings, find and select Disk & volumes.
Step 5: Here you have to select or mention the drive that you want to encrypt.
Step 6: Then click Properties.
Step 7: Next click on the Turn on BitLocker option under the BitLocker options.
This will open the BitLocker control panel where you can enable or disable BitLocker.
Enable BitLocker using Control Panel
You can also manage BitLocker settings using the control panel. Here are the steps:
Step 1: Open the control panel. (Open Windows settings with Windows + I button and then search for control panel)
Step 2: Go to System and Security.
Step 3: Find and click on BitLocker Drive Encryption.
You can also access the BitLocker option using the Windows search. Just open search using Windows + S and then search for Manage BitLocker.
Step 4: Here, you can manage BitLocker settings. Select the drive for which you want to enable BitLocker.
Step 5: Then click the ‘Turn on BitLocker’. You have to wait for some time. BitLocker will set up encryption for the selected drive.
Step 6: When done, you have to select unlock options. Select your unlocking method and then click on next.
Note that your password must be a combination of uppercase and lowercase characters, numbers, and symbols.
Alternatively, you can use a smartcard to unlock this drive. The smart card is a USB device that you have to insert into your computer to unlock the drive. Note that you will need to insert a smart card and PIN to decrypt your data.
Step 7: Enter your password and click on the Next button if you selected a password option.
Step 8: Next, you have to share the recovery key if you forgot your password. You can choose different options to save your recovery key.
- Microsoft account
- USB flash drive
- A Document file
- Print the recovery key
Step 9: Select your recovery key mode and then once done, click on next.
The next window will ask how much of the drive space you want to encrypt.
Once selected, click on next. BitLocker will automatically encrypt all your data.
Step 10: Select the encryption mode and then next.
Step 11: Finally, click on the ‘Start Encrypting’ button to start the BitLocker encryption process.
Wait for some time. The system will automatically encrypt all selected data. It will take some time, depending on the amount of data you have selected. Once done, you will get a message.
If you want to access encrypted data, you have to use the recovery key or unlock the password.
If you have selected the system drive and encrypted it, you have to restart your PC and enter unlock password every time Windows starts.
You also have to click on Run a BitLocker system check if you are encrypting system drive.
Turn On BitLocker using the File Explorer
You can also access BitLocker from the file manager. Here are the steps:
Step 1: Open Windows 11 file explorer using Windows + E button on your keyboard.
Step 2: Then right-click on the drive that you want to encrypt using BitLocker.
Step 3: Choose the Turn on BitLocker option from the list.
Step 4: This will open a BitLocker control panel. Here you have to set it.
Turn on BitLocker Without the TPM
If you don’t have TRM, then you can use these steps to use BitLocker on Windows 11.
Step 1: Open the Run command box with Windows + R button on your keyboard and then type gpedit.msc command.
Step 2: Press enter to open Local Group Policy Editor. You can also search for gpedit in Windows search to access Local Group Policy Editor.
Step 3: In the Group Policy Editor, navigate to this directory.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
Step 4: Double click on the ‘Require additional authentication at startup’ policy in the right sidebar.
Step 5: Select the ‘Enabled’ option.
Step 6: Check the ‘Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)’ option.
Step 7: Then finally click on Apply and then Ok.
Restart your computer to apply new changes.
Enable BitLocker on the operating system drive
As mentioned, you can also enable BitLocker for OS or primary system drive.
Step 1: Open file explorer with Windows + E key on your keyboard.
Step 2: Then right-click on your system drive. Most probably, it will be a Local disk C drive. So right-click on C drive and then choose Turn on BitLocker.
Step 3: In the BitLocker drive control panel, select unlock option for the drive > select your unlocking method. You can choose password protection or PIN.
Step 4: Select how you want to backup your recovery key and then click on next.
Once done, you have to enter your password or PIN whenever you start your PC. You can also allow BitLocker to unlock the drive automatically for you.
Once everything is done, just restart your PC. On boot, you have to enter a PIN or password.
How to Turn On BitLocker Using CMD
You can also enable BitLocker with the help of a command prompt. Follow these steps.
Step 1: Open the command prompt using the start menu. Open the start menu with the Windows button on your keyboard and then search for cmd.
Step 2: Click on the run as administrator option to open cmd with admin rights.
Step 3: Enter this command to get a full list of encryption parameters.
Step 4: Use this command to get a full list of protection parameters.
manage-bde.exe -on -h
Step 5: Type this command if you want to encrypt your drive without a password or key.
manage-bde -on H:
You have to replace C with your drive letter.
If you want to add protection like a password or a key, then follow these steps.
Step 6: Open the BitLocker option in the control panel and select the drive you want to encrypt.
Step 7: Then click on ‘Turn on BitLocker.’ This will open the BitLocker management window.
Step 8: Use this command to set a recovery password.
manage-bde -on K: -RecoveryPassword
Step 9: Type this command
To turn on encryption, generate recovery password, and save recovery key on another drive, type the following command:
manage-bde -on K: -RecoveryPassword -RecoveryKey H:
Here, K is the drive that you want to encrypt.
H is the drive where you want to save the key.
The command will automatically encrypt the drive and create a new recovery key on the selected drive.
Step 10: If you want to unlock a password protected drive and store a new recovery then use this code while encrypting the drive.
manage-bde -on K: -pw -rk H:
To run this command, a password is required. So you have to enter a password if you set it, and then it’s done.
To encrypt a drive with a numerical recovery password and an unlock password protectors, use the below commands:
If you want to encrypt the drive with numerical password then use this command.
manage-bde -protectors -add K: -pw -rp
manage-bde –on K:
Once you entered this command, the encryption progress will start.
You can use fvenotify.exe in the command prompt if the process window not appeared.
Hope you understand the while process.