How to enable full drive encryption on your system
If you want to encrypt your entire HDD, you'll need windows 7 ultimate or enterprise, a TPM and HDD password are necessary, and windows should be freshly installed without the system reserved partition present, otherwise the encryption process will take a long time and will not be as secure
Note
Do not try this unless you have a flash drive to store a backup of the bitlocker key and are already skilled with computers
enable the Administrator account and sign in to it for the entire process
Set a password for all active accounts on the computer if you haven't already done so
Restart your computer and enter bios
In security settings, set an adminstrator and HDD password first, then restart your system. This is necessary to enable the full drive encryption, or the TPM will sometimes block it due to security concerns. It also has the added benefit of rendering your HDD useless to anyone without the HDD password. It won't work in any other computer without it
Enter bios again and navigate to TPM management. Enable the TPM and set it as active, then clear the TPM and boot to your operating system
Open the group policy editor, navigate to computer configuration> administrative templates > system > trusted platform module services
Enable "ignore the list of local blocked TPM commands" & "ignore the default list of blocked TPM commands"
Disable "turn on TPM backup to AD DS"
Then from an elevated command prompt, type TPM.
Initialize and turn the TPM on
Restart your computer. Ok any prompt if the TPM gives you one..
In control panel>system and security you will find the bitlocker drive encryption options. insert a flash drive to use for a backup of the bitlocker key, then turn on bitlocker. It takes about an hour to encrypt a typical HDD on a laptop.
