How to Turn Windows 7 BitLocker On or Off for Internal Data Hard Drives
Information
This will show you how to turn Windows 7 BitLocker Drive Encryption on or off for internal hard drives or partitions without a operating system installed on them. When BitLocker Drive Encryption is turned on for the selected internal data hard drive or partition, you will be required to either use a smart card or enter a password to unlock the drive before allowed access to it.
Note
When you add new files to the Windows 7 or other operating system drive or partition that is encrypted with BitLocker, BitLocker will encrypt them automatically. Files remain encrypted only while they are stored on the encrypted drive. Files will be decrypted if they are copied on another drive, partition, or computer. You can log on and work with your files normally, but BitLocker can help block hackers from accessing the system files they rely on to discover your password, or from accessing your drive by removing it from your computer and installing it in a different computer.
Warning
BitLocker is only available in the Windows 7 Ultimate and Enterprise editions.
EXAMPLE: A Internal Data (non-OS) Hard Drive with BitLocker turned on for it NOTE:This is what you will see when you attempt to open or access the encrypted internal data hard drive or partition after you have logged off or restarted the computer. You will then need to enter your password to unlock the drive to gain access.
EXAMPLE:A Internal Data (non-OS) Hard Drive Locked and Unlocked by BitLocker NOTE:When you have BitLocker Drive Encryption turned on, then this is how you can tell if the drive is currently locked or unlocked in the Computer window.
OPTION ONE
Turn On BitLocker and Encrypt a Internal Drive
1. Decide if you want 128-bit or 256-bit encryption. NOTE:By default, Windows 7 will use AES encryptionwith 128-bit encryption keys and Diffuser unless changed already by you previously.
2. Open the Start menu and click on the Computer button, then right click on the non operating system internal drive or partition letter that you want to encrypt with BitLocker and click on Turn on BitLocker. (See screenshot below)
A) Click on Turn On BitLocker for non operating system internal drive or partition letter that you want to encrypt with BitLocker. (See screenshot below)
5. Select a option, say (check) Use a password to unlock the drive, then type in a password that is at least8 numbers and/or letters long that you would like to use to unlock the drive with twice, and click on the Next button. (See screenshot below) WARNING: Be sure to write down this password and keep it somewhere safe. The password you enter here will be required to be entered to unlock the drive to gain access to it.
Note
Password
A password is a string of characters used to access information or a computer. For more information about passwords, see Tips for creating strong passwords and passphrases.
You can use a password to unlock fixed data drives (such as internal hard drives) and removable data drives (such as external hard drives and USB flash drives).
Passwords allow you to use your encrypted drive on both home and work computers or share the drive with other people.
The BitLocker To Go Reader allows you to unlock encrypted drives on computers running Windows Vista or Windows XP. To use the BitLocker To Go Reader, the drive must be formatted using the FAT file system and you must use a password to encrypt the drive.
You can change your password in the BitLocker Drive Encryption Control Panel.
Smart card
A smart card is a small plastic card containing a computer chip. Smart cards are generally issued by information technology (IT) departments in large companies. To use a smart card, you also need a smart card reader—a device that’s installed in or connected to your computer and can read the information stored on a smart card.
Smart cards are used primarily in work environments.
You will be required to use a BitLocker certificate that is provided by your system administrator. If you have multiple certificates, you might have to choose one.
Smart cards cannot be used with the BitLocker To Go Reader, which allows you to unlock drives on computers running Windows Vista or Windows XP.
To unlock the drive, you will insert your smart card and type your smart card PIN.
NOTE:When encrypting a drive using a smart card, a certificate-based protector will be created on the drive. This protector contains some unencrypted information that is required to unlock the drive. In the specific case where a certificate-based protector is used, the public key and certificate thumbprint of the certificate that was used to encrypt the drive will be stored unencrypted in the protector’s metadata. This information could be used to locate the certification authority (CA) that was originally used to generate the certificate and then try to extract some personal information.
Automatically unlock
When you encrypt fixed data drives, you can choose to have the drive automatically unlock when you log on to Windows.
Removable data drives can be set to automatically unlock after they are encrypted by right-clicking the drive in the Computer folder, and then clicking Manage BitLocker.
6. Click on Save the recovery key to file option. (See screenshot below)
A) Select where you want to save this file at, and click on the Save button. (See screenshot below)
B) If prompted, click on Yes. (See screenshot below)
C) It is highly recommended that you save this file somewhere safe, and not on the encrypted drive. You will need the "BitLocker recovery key" number (bottom number in screenshot below) to gain access to you encrypted drive if you should forget the password, lose the smart card, or BitLocker locks the drive.
D) It is also recommended that you click on the Print the recovery key option as well to have a printed hard copy of the file to be extra safe. (See screenshot below step 6)
E) When done, click on the Next button. (See screenshot below step 6)
7. Click on the Start Encrypting button. (See screenshot below)
8. BitLocker will now start encrypting the drive. (See screenshot below) NOTE:This may take a while to finish.
9. When it is finished, click on the Close button. (See screenshot below)
10. You will now have a Manage BitLocker option in the Control Panel and Computer for the encrypted drive. (See screenshots below)
11. If you click on Manage BitLocker, these will be the options that you will have below. (See screenshot below)
12. You're done. The internal data drive or partition is now encrypted with BitLocker (turned on).
OPTION TWO
Turn Off BitLocker and Decrypt a Internal Drive
NOTE:If you do not care about losing all data on the drive/partition, then formating or using the clean command will allso turn off BitLocker for the drive/partition.
2. Click on Turn Off BitLocker for the non operating system internal drive or partition letter that you want to turn off BitLocker with. (See screenshot below)
3. Click on the Decrypt Drive button. (See screenshot below)
4. BitLocker will now start decrypting the drive. Click on the BitLocker icon in the taskbar notification area (far right) to see the encryption status. (See screenshot below) NOTE:This may take a while to finish.
5. When finished, click on the Close button. (See screenshot below)
6. The Control Panel and Computer will now have the Turn On BitLocker option again for the selected drive.
7. You're done. The internal data drive or partition is now decrypted by BitLocker (turned off).
Thank you Brink !!
I finally enabled BitLocker Drive Encryption on my WD 1TB hard drive.
Just a small ? when i reboot it shows locked, i enter the password, fine it unlocks, but how do i lock it again?
As a side note to people when encrypting a certain sized hard drive it may take, in my case, just under 3 hrs to fully encrypt a 1TB hard drive.
System Manufacturer/Model Number custom of course...built by grimreaper OS Windows 7 Ultimate X64 CPU Intel Core 2 Quad Q9650 3.0GHz (3.6GHz 24/7) maxed 4.05GHz Motherboard EVGA 790i Ultra SLi Model#132-CK-NF79-A1 BIOS P10 Memory 8GB OCZ DDR3 PC3-14400 @ 1800MHz NVIDIA SLi-Ready Graphics Card 2XBFG GeForce GTX 280 OC Edition SLi'd Sound Card SoundBlaster X-Fi Titanium Fatal1ty Pro Series Monitor(s) Displays Samsung 52" 1080P LCD HDTV (LN52B550) Screen Resolution 1920X1080 @ 60Hz
Keyboard Logitech cordless Y-RAJ56A piece of **** Mouse Logitech G7 Laser Cordless mouse black PSU ThermalTake ToughPower 1200W P/N:W0133RU Modularized Case ThermalTake P/N: VH6000BWS Armor Full-Tower Cooling ThermalTake SpinQ P/N: P0466 CPU Cooler Hard Drives 3xWestern Digital WD1001FALS Caviar Black 1TB Hard Drive(s) RAID 0 x2 encased in 3xMasscool KuFormula SHF1 HDD Cooler(s) Internet Speed 10 Mbps DL-1Mbps UL wirelessly DWA-552 extreme N Other Info 1XSamsung DVD burner SH-S223Q/BEBN SATA
1XSamsung DVD burner SH-S223L/BEBN SATA
1XLG GGW-H20L Blu-Ray burner
4XCooler Master 120mm Blue LED SickleFlow 2000 RPM
1XBelkin UPS F6C1500TWRK) backup power supply
In fact besides the two WD 1tb storage drives I will be looking at another 500gb test drive that no longer be used as an OS drive once 7 is out. This will secure data on that drive.
OS Windows 7 Ultimate x64, XP Mode, W8 RP VM, Linux Mint Debian 2nd OS HD- 7 Pro x64 second case CPU AMD Phenom II X4 975 Deneb 3.6ghz - 965 on new mini tower Motherboard Gigabyte GA-790XTA-UD4 Memory Kingston Hyper X DDR3 1600 1.5v 16gb - Mushkin on 2nd build Graphics Card MSI HD Radeon 5750 1gb - MSI HD Radeon 6450 on mini tower Sound Card Creative Labs X-Fi XtremeGamer - Realtek onooard 2nd case Monitor(s) Displays 2 x Acer P191W 19" widesscreen - HP 20" widescreen mini towe Screen Resolution 1440x900 native - 1600x1024 on 7 Pro x64 build
Keyboard Microsoft Recusa Razor - MS Comfort 3000 on second build Mouse MS Trackball Explorer - A4TECH dual scroll wheel trackball PSU Corsair 750TX - primary / Corsair CX600 - second Case Antec 900-2 - SSD compatible / NZXT Vulcan mini tower Cooling Zalman CNPS9900A Hard Drives Primary Ultimate x64 build-
WD Black Edition 1tb Sata 6.0 = 2
WD Black Edition 1tb Sata 3.0 = 2 (OS drives)
WD 1tb Green Power sata = 2 1 external
usb flash drives = 18
Second 7 Pro x64 mini tower-
WD Caviar SE 500gb sata II single drive presen Internet Speed 30mbps upgrade - primary hard wired - mini tower usb WiFi
You will either need to log off, or restart the computer to lock the drive again, otherwise it will remain unlocked as long as you are still logged on.
System Manufacturer/Model Number custom of course...built by grimreaper OS Windows 7 Ultimate X64 CPU Intel Core 2 Quad Q9650 3.0GHz (3.6GHz 24/7) maxed 4.05GHz Motherboard EVGA 790i Ultra SLi Model#132-CK-NF79-A1 BIOS P10 Memory 8GB OCZ DDR3 PC3-14400 @ 1800MHz NVIDIA SLi-Ready Graphics Card 2XBFG GeForce GTX 280 OC Edition SLi'd Sound Card SoundBlaster X-Fi Titanium Fatal1ty Pro Series Monitor(s) Displays Samsung 52" 1080P LCD HDTV (LN52B550) Screen Resolution 1920X1080 @ 60Hz
Keyboard Logitech cordless Y-RAJ56A piece of **** Mouse Logitech G7 Laser Cordless mouse black PSU ThermalTake ToughPower 1200W P/N:W0133RU Modularized Case ThermalTake P/N: VH6000BWS Armor Full-Tower Cooling ThermalTake SpinQ P/N: P0466 CPU Cooler Hard Drives 3xWestern Digital WD1001FALS Caviar Black 1TB Hard Drive(s) RAID 0 x2 encased in 3xMasscool KuFormula SHF1 HDD Cooler(s) Internet Speed 10 Mbps DL-1Mbps UL wirelessly DWA-552 extreme N Other Info 1XSamsung DVD burner SH-S223Q/BEBN SATA
1XSamsung DVD burner SH-S223L/BEBN SATA
1XLG GGW-H20L Blu-Ray burner
4XCooler Master 120mm Blue LED SickleFlow 2000 RPM
1XBelkin UPS F6C1500TWRK) backup power supply
You're welcome Grim. I agree. Windows 7 is so much better than Vista. I can't wait to see what all they may add or improve more in the years to come with Windows Updates.
OS Windows 7 Ultimate x64, XP Mode, W8 RP VM, Linux Mint Debian 2nd OS HD- 7 Pro x64 second case CPU AMD Phenom II X4 975 Deneb 3.6ghz - 965 on new mini tower Motherboard Gigabyte GA-790XTA-UD4 Memory Kingston Hyper X DDR3 1600 1.5v 16gb - Mushkin on 2nd build Graphics Card MSI HD Radeon 5750 1gb - MSI HD Radeon 6450 on mini tower Sound Card Creative Labs X-Fi XtremeGamer - Realtek onooard 2nd case Monitor(s) Displays 2 x Acer P191W 19" widesscreen - HP 20" widescreen mini towe Screen Resolution 1440x900 native - 1600x1024 on 7 Pro x64 build
Keyboard Microsoft Recusa Razor - MS Comfort 3000 on second build Mouse MS Trackball Explorer - A4TECH dual scroll wheel trackball PSU Corsair 750TX - primary / Corsair CX600 - second Case Antec 900-2 - SSD compatible / NZXT Vulcan mini tower Cooling Zalman CNPS9900A Hard Drives Primary Ultimate x64 build-
WD Black Edition 1tb Sata 6.0 = 2
WD Black Edition 1tb Sata 3.0 = 2 (OS drives)
WD 1tb Green Power sata = 2 1 external
usb flash drives = 18
Second 7 Pro x64 mini tower-
WD Caviar SE 500gb sata II single drive presen Internet Speed 30mbps upgrade - primary hard wired - mini tower usb WiFi
I was enabling BitLocker to my 16GB PNY pendrive. Unfortunately while the encryption was going on i clicked on pause. After that i am not able to use my Pen drive. it showed locked and when i enter the password it says " Request could not be performed because of I/O error". Then i tried clicking forget password and gave the key which got generated but that is also not working. It says wrong key.
When i plug my Pendrive to a machine with XP it says connect to a machine with Windows 7 and complete the encryption.
With the process of encrypting the flash drive interrupted while in progress you may be forced to simply go into the Disk Management tool, right click on the item for the drive there, and select format! Going from 7 to XP would be another problem for the older version since the process was never completed in order to use on an older version or even taking with you to another machine entirely.
Hopefully you didn't have any unreplacable files already on the device since reformatting it to NTFS to make available again will wipe the flash drive completely. The next time I think you will be a little more cautious and allow the BitLocker to complete the process first however before trying to pause or simply go to use the drive itself.
Verify the next encryption is working well before placing any data on it just to be safe if you still go to use the tool. The tool does work but can be vulnerable at times so remember to back things up first before counting on the data you place on it to be locked up.
OS Windows 7 Ultimate x64, XP Mode, W8 RP VM, Linux Mint Debian 2nd OS HD- 7 Pro x64 second case CPU AMD Phenom II X4 975 Deneb 3.6ghz - 965 on new mini tower Motherboard Gigabyte GA-790XTA-UD4 Memory Kingston Hyper X DDR3 1600 1.5v 16gb - Mushkin on 2nd build Graphics Card MSI HD Radeon 5750 1gb - MSI HD Radeon 6450 on mini tower Sound Card Creative Labs X-Fi XtremeGamer - Realtek onooard 2nd case Monitor(s) Displays 2 x Acer P191W 19" widesscreen - HP 20" widescreen mini towe Screen Resolution 1440x900 native - 1600x1024 on 7 Pro x64 build
Keyboard Microsoft Recusa Razor - MS Comfort 3000 on second build Mouse MS Trackball Explorer - A4TECH dual scroll wheel trackball PSU Corsair 750TX - primary / Corsair CX600 - second Case Antec 900-2 - SSD compatible / NZXT Vulcan mini tower Cooling Zalman CNPS9900A Hard Drives Primary Ultimate x64 build-
WD Black Edition 1tb Sata 6.0 = 2
WD Black Edition 1tb Sata 3.0 = 2 (OS drives)
WD 1tb Green Power sata = 2 1 external
usb flash drives = 18
Second 7 Pro x64 mini tower-
WD Caviar SE 500gb sata II single drive presen Internet Speed 30mbps upgrade - primary hard wired - mini tower usb WiFi
Hi thanks for your help. I tried this option before posting my question here and it did not work. I am not able to format my Pen Drive. It gives an error saying format did not complete successfully.
Information
Note
Warning
OPTION ONE 
