Guide to BitLocker Windows built-in encryption tool
Here’s how I got BitLocker running on a Windows 8.1 Pro machine. The first thing you’ll need to do is fire up the Control Panel.
When the Control Panel opens, type BitLocker into the search box in the upper right corner and press Enter. Next, click Manage BitLocker, and on the next screen click Turn on BitLocker.
Now BitLocker will check your PC’s configuration to make sure your device supports Microsoft’s encryption method.
BitLocker checks for the required Trusted Platform Module.
If you’re approved for BitLocker, Windows will show you a message like this one. If your TPM module is off then Windows will turn it on automatically for you, and then it will encrypt your drive.
To activate your TPM security hardware Windows has to shut down completely. Then you will have to manually turn your PC back on. Before you go ahead with this process make sure any flash drives, CDs, or DVDs are ejected from your PC. Then hitShutdown.
Once you restart your PC, you may see a warning that your system was changed. In my case I had to hit F10 to confirm the change or press Esc to cancel. After that, your computer should boot back up and once you login again you’ll see the BitLocker window.
Recovery key and encryption
After a few minutes, you should see a window with a green check mark next to “Turn on the TPM security hardware.” We’re almost at the point where we’ll encrypt the drive! When you’re ready, click Next.
Before you encrypt your drive, however, you have to save a recovery key just in case you have problems unlocking your PC. Windows gives you three choices for saving this key in Windows 8.1: save the file to your Microsoft account, save to a file, or print the recovery key. You are able to choose as many of these options as you like, and you should choose at least two.
In my case, I chose to save the file to a USB key and print the key on paper. I decided against saving the file to my Microsoft account, because I don’t know who has access to the company’s servers. That said, saving your key to Microsoft’s servers will make it possible to decrypt your files if you ever lose the flash drive or paper containing your recovery key code.
Once you’ve created two different instances of the recovery key and removed any USB drives, click Next.
Choose whichever option best describes your PC.
On the following screen, you have to decide whether to encrypt only the disk space used so for or encrypt your PC’s entire drive. If you are encrypting a brand new PC without any files then the option to encrypt only the used disk space is best for you since new files will be encrypted as they’re added. If you have an old PC with a few more miles on the hard drive you should choose to encrypt the entire drive.
Once you’ve chosen your encryption scheme click Next. We’re almost there.
Make sure the box next to “Run BitLocker system check” is clicked so that Windows will run a system check before encrypting your drive. Once the box is checked clickContinue…and nothing happens.
You’ll see an alert balloon in the system tray telling you that encryption will begin after you restart the PC. Restart your PC.
When you log in this final time you should see another system tray alert telling you that the encryption is in progress.
Whew! We made it to the encryption phase.
You can continue to work on your PC during the encryption phase, but things may be working a little more slowly than usual. Consider holding back on anything that might tax your system during initial encryption, such as graphics-intensive programs.
After all those clicks, that’s it! Just leave Windows to do its thing and in a few hours you’ll have a BitLocker-encrypted drive. The length of time it takes BitLocker to fully encrypt your files depends on the size of your drive, or how much data you’re encrypting if you’re only encrypting existing data on a new PC.