BitLocker is a tool integrated into Windows that allows you to encrypt the contents of your hard disk to increase IT security and protect your personal data. The BitLocker Drive Encryption Utility is included in the versions of Windows 10 Pro, Ultimate, Enterprise and Education, and protects the contents of individual partitions or entire disks, including the hard disk or the SSD disk on which the system is installed. Operating. BitLocker, in its default setting, requires a computer with a TPM version 1.2 chip. In this informatics guide we explain how to activate BitLocker on Windows 10, to protect personal data, even on PCs without Chip TPM (Trusted Platform Module).
What is it and how BitLocker works
BitLocker is a Windows module that lets you encrypt removable drive data, system partitions, or entire disks on your computer. However, only versions of Windows Pro, Ultimate, Enterprise and Education integrate BitLocker Drive Encryption, which is the full version of this tool. In essence, this is a security software that allows you to encrypt data, protecting them with some unlocking methods such as passwords, PINs, USB devices or the TPM chip. Once this feature is enabled, data access will be restricted by entering the unlock code by the user or using a recovery key (provided during the activation process) in case of loss of the latter. In the event that the computer is equipped with TPM module and the disk encrypted in this mode, it will not be necessary to enter any code to unlock the device.
How to find out if the computer integrates a TPM chip:
- Press the WIN + R key combination;
- Type “devmgmt.msc” and press ENTER;
- Check the presence of the TPM module among the peripheral devices.
How to encrypt the disk with BitLocker on Windows 10
Before following the activation procedure of BitLocker verify that your machine has the version of Windows 10 Pro, Ultimate, Entreprise or Education. Also, make sure your computer has a TPM chip (press Windows + R and type devmgmt.msc). If your machine does not have TPM, it may be missing and you will need to enable BitLocker, following the procedure described in the next chapter.
The easiest way to enable BitLocker for a drive is to right-click the drive in a File Explorer window and select the “Enable BitLocker” command.
Procedure to encrypt a hard disk with the Windows BitLocker system:
- Press the Windows + R key combination;
- Type “exe” followed by sending;
- Right click on the drive to be encrypted with BitLocker;
- Click on the “Activate BitLocker” option;
- Choose an unlock method among those proposed (USB drive, Password, PIN, biometric options);
- Choose where to backup the recovery key (Microsoft account, USB drive, file, print on paper);
- If you are activating BitLocker on a new PC choose the first option. If the PC has been used for some time, it would be advisable to select the second option to encrypt the entire unit;
- Click on NEXT and wait for the end of the process.
CAUTION
The BitLocker encryption process can take several minutes, depending on the size of the volume and the amount of data. If the system disk is encrypted, you will be asked to perform a system check with BitLocker and then restart the PC.
Enable BitLocker on systems without TPM chips
We have already mentioned that BitLocker needs a TPM version 1.2 chip to work. However, if the affected computer does not have a TPM, you can access the local Windows group policies to enable the use of BitLocker without a TPM. In this case we will use a technique less secure than the original, but still effective.
To use BitLocker on machines without TPM, follow this procedure:
- Press the Windows + R key combination;
- Type “gpedit.msc” to open the Local Group Policy Editor;
- Go to the Local Computer Criteria section;
- Click on Computer Configuration;
- Click on Administrative templates;
- Click on Windows Components;
- Click on BitLocker Drive Encryption;
- Click on Units of the operating system;
- Click on “Require additional authentication at startup” in the right panel;
- Select the “Enabled” option, making sure that the “Allow BitLocker without a compatible TPM” check box is selected;
- Click OK and close the Local Group Policy Editor.
How to unlock an encrypted BitLocker disk
To unlock the encrypted disk drive with BitLocker, you must use the unlock method set in the encryption procedure. If your computer has a TPM chip and you have chosen to unlock the disk drive automatically, you do not need to do anything and we will have access to the operating system and all data automatically. Otherwise, if for example a password or PIN has been set as the unlock code, Windows will invite you to unlock the unit by requesting this information.
If you have lost your password or PIN, you can press ESC in the BitLocker unlock window and then type in the recovery key, obtained during the encryption activation procedure.