How to enable BitLocker and encrypt drive in Windows 10

I have been dependent with Truecrypt for my drive encryption needs but its development has been discontinued early on May 2014 with the last released bugs left unfixed and awaiting to be exploited. Now that I’ve switched from Windows 7 to Windows 10, I decided to use Bitlocker to satisfy my drive encryption needs. I’m sharing below the steps I took to enable Bitlocker and encrypt my system drive in Windows 10 without the TPM or Trusted Platform Module.

Enable Trusted Platform Module (TPM) Without the Compatible TPM

This should solved the error below when trying to enable BitLocker on systems that didn’t have TPM.

This device can’t use a Trusted Platform Module. Your administrator must select the “Allow BitLocker without a compatible TPM” option in the “Require additional authentication at startup” policy for OS volumes.

Run your Group Policy Editor — gpedit.msc. Enable “Require additional authentication at startup”, refer to fig. 1

bitlocker policy editor
fig. 1 – Local Group Policy Editor

Enable “Require additional authentication at startup” and tick the “Allow BitLocker without a compatible TPM” box — refer to fig. 2.

enable bitlocker no tpm
fig. 2

Enable Bitlocker

Right click on the drive you want to be encrypted and click on “Turn on BitLocker”

enable bitlocker

You can either use Insert Flash Drive or Use password when prompted on how you choose to unlock your encrypted drive on startup. I recommend to choose password over flash drive for practicality sake. In my case, I’ve chosen password over flash drive to unlock my encrypted drive.

bitlocker key or pin

If you’ve chosen password, you will be prompted to enter your unlock password.

bitlocker passwd

You will then be prompted on how do you want to store your backup key in case you’ve lost your flash drive or forgot your unlock password. I recommend saving it to your Microsoft account or save it to file and put it in the cloud for easy access and high availability.

bitlocker save key

When you have your password or flash drive defined, specify how you want to encrypt your drive. Encrypting your drive’s used space only is faster than encrypting the entire drive. This is only recommended and best to newly installed drives.

bitlocker encrypt

The last step is encrypting your drive. When drive encryption process is done you should see a gold lock which indicate that BitLocker is currently enabled and the drive is locked and gray lock when the drive is unlocked.

bitlocker encrypt drive

bitlocker locked drive bitlocker unlocked drive

If you are encrypting the system drive, you should be prompted with your password to unlock your drive when booting.

That’s about it! Please do not leave your comments if you have questions or if you have encountered error following this how-to.

Also, you might want to check out my post on how to create a virtual hard drive and encrypting it using BitLocker.

Leave a Reply

Your email address will not be published. Required fields are marked *