Enabling BitLocker

To enable BitLocker on your computer you need administrator privileges and your computer has to have the appropriate TPM hardware or the appropriate Group Policy if TPM is not present. A check is performed after you enable BitLocker and an error is displayed in case your computer does not support BitLocker. Go here for more information.

To enable BitLocker on your computer, open the BitLocker Drive Encryption control panel by typing BitLocker in the Start search text box and click BitLocker Drive Encryption, otherwise you can load it from Control Panel\All Control Panel Items\BitLocker Drive Encryption.

Then you need to configure which authentication level you want to use. You can set TPM-only, TPM with startup key, TPM with PIN, and TPM with startup key and PIN. Go here for more information. If you are using BitLocker without a TPM you can use a password, a smart card or an automated encrypt/unlock feature to encrypt and unlock drives.

The next step in the process of enabling BitLocker, involves the storage of the recovery key as shown below:

A BitLocker recovery key is a special key that you can create when you turn on BitLocker Drive Encryption for the first time on each drive that you encrypt. You can use the recovery key to gain access to your computer if the drive that Windows is installed on (the operating system drive) is encrypted using BitLocker Drive Encryption and BitLocker detects a condition that prevents it from unlocking the drive when the computer is starting up. A recovery key can also be used to gain access to your files and folders on a removable data drive (such as an external hard drive or USB flash drive) that is encrypted using BitLocker To Go, if for some reason you forget the password or your computer cannot access the drive.

In case, you are using a startup key (TPM with startup key) you should store the recovery key in a different location to the startup key. In addition, it is strongly recommended to always save the recovery key on a different computer or removable device.

The last step before you enable BitLocker on your computer is to run a System Check if this option is available otherwise, you can start encrypting the drive. The check verifies that BitLocker can work with your computer and that there is not a problem with the configured startup key or TPM chip if these are used. It is better to discover problems with BitLocker prior to its activation rather than having to go through the recovery processor or even risking loosing data!

The encryption process occurs in the background and only users with administrative privileges can pause and resume the process if necessary. But remember that BitLocker is not fully active until the encryption process is complete.