Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BitLocker Drive Encryption - Internal Data Hard Drives - Turn On or Off

BitLocker Drive Encryption - Internal Data Hard Drives - Turn On or Off

How to Turn On or Off BitLocker for Internal Data Hard Drives in Windows 7
Published by Brink
07 Mar 2009
Published by

How to Turn On or Off BitLocker for Internal Data Hard Drives in Windows 7


information   Information
This will show you how to turn Windows 7 BitLocker Drive Encryption on or off for internal hard drives or partitions without a operating system installed on them. When BitLocker Drive Encryption is turned on for the selected internal data hard drive or partition, you will be required to either use a smart card or enter a password to unlock the drive before allowed access to it.

Note   Note
When you add new files to the Windows 7 or other operating system drive or partition that is encrypted with BitLocker, BitLocker will encrypt them automatically. Files remain encrypted only while they are stored on the encrypted drive. Files will be decrypted if they are copied on another drive, partition, or computer. You can log on and work with your files normally, but BitLocker can help block hackers from accessing the system files they rely on to discover your password, or from accessing your drive by removing it from your computer and installing it in a different computer.

warning   Warning
BitLocker is only available in the Windows 7 Ultimate and Enterprise editions.


EXAMPLE: A Internal Data (non-OS) Hard Drive with BitLocker turned on for it
NOTE: This is what you will see when you attempt to open or access the encrypted internal data hard drive or partition after you have logged off or restarted the computer. You will then need to enter your password to unlock the drive to gain access.
Name:  Example_Password.jpg
Views: 6666
Size:  83.2 KB
EXAMPLE: A Internal Data (non-OS) Hard Drive Locked and Unlocked by BitLocker
NOTE: When you have BitLocker Drive Encryption turned on, then this is how you can tell if the drive is currently locked or unlocked in the Computer window.
BitLocker Drive Encryption - Internal Data Hard Drives - Turn On or Off-example_locked.jpg

BitLocker Drive Encryption - Internal Data Hard Drives - Turn On or Off-example_unlocked.jpg




OPTION ONE
Turn On BitLocker and Encrypt a Internal Drive
1. Decide if you want 128-bit or 256-bit encryption.
NOTE: By default, Windows 7 will use AES encryption with 128-bit encryption keys and Diffuser unless changed already by you previously.

2. Open the Start menu and click on the Computer button, then right click on the non operating system internal drive or partition letter that you want to encrypt with BitLocker and click on Turn on BitLocker. (See screenshot below)
BitLocker Drive Encryption - Internal Data Hard Drives - Turn On or Off-computer1.jpg

A) Go to step 5.
OR

4. Open the Control Panel (All Items view), and click on the BitLocker Drive Encryption icon.
A) Click on Turn On BitLocker for non operating system internal drive or partition letter that you want to encrypt with BitLocker. (See screenshot below)
BitLocker Drive Encryption - Internal Data Hard Drives - Turn On or Off-step1.jpg
5. Select a option, say (check) Use a password to unlock the drive, then type in a password that is at least 8 numbers and/or letters long that you would like to use to unlock the drive with twice, and click on the Next button. (See screenshot below)
WARNING: Be sure to write down this password and keep it somewhere safe. The password you enter here will be required to be entered to unlock the drive to gain access to it.
Name:  Step2.jpg
Views: 6267
Size:  125.6 KB
Note   Note
Password
A password is a string of characters used to access information or a computer. For more information about passwords, see Tips for creating strong passwords and passphrases.
  • You can use a password to unlock fixed data drives (such as internal hard drives) and removable data drives (such as external hard drives and USB flash drives).
  • Passwords allow you to use your encrypted drive on both home and work computers or share the drive with other people.
  • The BitLocker To Go Reader allows you to unlock encrypted drives on computers running Windows Vista or Windows XP. To use the BitLocker To Go Reader, the drive must be formatted using the FAT file system and you must use a password to encrypt the drive.
  • You can change your password in the BitLocker Drive Encryption Control Panel.
Smart card
A smart card is a small plastic card containing a computer chip. Smart cards are generally issued by information technology (IT) departments in large companies. To use a smart card, you also need a smart card reader—a device that’s installed in or connected to your computer and can read the information stored on a smart card.
  • Smart cards are used primarily in work environments.
  • You will be required to use a BitLocker certificate that is provided by your system administrator. If you have multiple certificates, you might have to choose one.
  • Smart cards cannot be used with the BitLocker To Go Reader, which allows you to unlock drives on computers running Windows Vista or Windows XP.
  • To unlock the drive, you will insert your smart card and type your smart card PIN.
NOTE: When encrypting a drive using a smart card, a certificate-based protector will be created on the drive. This protector contains some unencrypted information that is required to unlock the drive. In the specific case where a certificate-based protector is used, the public key and certificate thumbprint of the certificate that was used to encrypt the drive will be stored unencrypted in the protector’s metadata. This information could be used to locate the certification authority (CA) that was originally used to generate the certificate and then try to extract some personal information.

Automatically unlock

When you encrypt fixed data drives, you can choose to have the drive automatically unlock when you log on to Windows.
  • Removable data drives can be set to automatically unlock after they are encrypted by right-clicking the drive in the Computer folder, and then clicking Manage BitLocker.
NOTE: To be able to automatically unlock fixed data drives, the drive that Windows is installed on must also be encrypted by BitLocker.


6. Click on Save the recovery key to file option. (See screenshot below)
Name:  Step3.jpg
Views: 6173
Size:  110.8 KB

A) Select where you want to save this file at, and click on the Save button. (See screenshot below)
Name:  Step4.jpg
Views: 6133
Size:  151.6 KB
B) If prompted, click on Yes. (See screenshot below)
Name:  Step5.jpg
Views: 6045
Size:  56.3 KB
C) It is highly recommended that you save this file somewhere safe, and not on the encrypted drive. You will need the "BitLocker recovery key" number (bottom number in screenshot below) to gain access to you encrypted drive if you should forget the password, lose the smart card, or BitLocker locks the drive.
Name:  Step6.jpg
Views: 6248
Size:  133.9 KB
D) It is also recommended that you click on the Print the recovery key option as well to have a printed hard copy of the file to be extra safe. (See screenshot below step 6)

E) When done, click on the Next button. (See screenshot below step 6)
7. Click on the Start Encrypting button. (See screenshot below)
Name:  Step7.jpg
Views: 6123
Size:  87.1 KB
8. BitLocker will now start encrypting the drive. (See screenshot below)
NOTE: This may take a while to finish.
Name:  Step8.jpg
Views: 6015
Size:  61.6 KB
9. When it is finished, click on the Close button. (See screenshot below)
Name:  Step9.jpg
Views: 5970
Size:  33.4 KB
10. You will now have a Manage BitLocker option in the Control Panel and Computer for the encrypted drive. (See screenshots below)
BitLocker Drive Encryption - Internal Data Hard Drives - Turn On or Off-step10a.jpg

BitLocker Drive Encryption - Internal Data Hard Drives - Turn On or Off-step10b.jpg

11. If you click on Manage BitLocker, these will be the options that you will have below. (See screenshot below)
Name:  Step11.jpg
Views: 7717
Size:  108.4 KB
12. You're done. The internal data drive or partition is now encrypted with BitLocker (turned on).






OPTION TWO
Turn Off BitLocker and Decrypt a Internal Drive

NOTE: If you do not care about losing all data on the drive/partition, then formating or using the clean command will allso turn off BitLocker for the drive/partition.
1. Open the Control Panel (icons view), and click on the BitLocker Drive Encryption icon.

2.
Click on Turn Off BitLocker for the non operating system internal drive or partition letter that you want to turn off BitLocker with. (See screenshot below)
BitLocker Drive Encryption - Internal Data Hard Drives - Turn On or Off-off-1.jpg
3. Click on the Decrypt Drive button. (See screenshot below)
Name:  Off-2.jpg
Views: 5969
Size:  44.4 KB
4. BitLocker will now start decrypting the drive. Click on the BitLocker icon in the taskbar notification area (far right) to see the encryption status. (See screenshot below)
NOTE: This may take a while to finish.
Name:  Off-3.jpg
Views: 5996
Size:  67.0 KB
5. When finished, click on the Close button. (See screenshot below)
Name:  Off-4.jpg
Views: 5952
Size:  32.0 KB
6. The Control Panel and Computer will now have the Turn On BitLocker option again for the selected drive.
Click image for larger version

Name:	Step1.jpg
Views:	999
Size:	183.7 KB
ID:	5511

Click image for larger version

Name:	Computer1.jpg
Views:	1181
Size:	205.2 KB
ID:	5503

7. You're done. The internal data drive or partition is now decrypted by BitLocker (turned off).
That's it,
Shawn





12 Sep 2009   #1
grimreaper

Windows 7 Ultimate X64
 
 

Thank you Brink !!
I finally enabled BitLocker Drive Encryption on my WD 1TB hard drive.
Just a small ? when i reboot it shows locked, i enter the password, fine it unlocks, but how do i lock it again?
As a side note to people when encrypting a certain sized hard drive it may take, in my case, just under 3 hrs to fully encrypt a 1TB hard drive.

My System SpecsSystem Spec
13 Sep 2009   #2
Night Hawk

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 

This one will definitely come in timely here!

In fact besides the two WD 1tb storage drives I will be looking at another 500gb test drive that no longer be used as an OS drive once 7 is out. This will secure data on that drive.
My System SpecsSystem Spec
13 Sep 2009   #3
Brink
Microsoft MVP

64-bit Windows 8.1 Enterprise
 
 

Hi Grim,

You will either need to log off, or restart the computer to lock the drive again, otherwise it will remain unlocked as long as you are still logged on.
My System SpecsSystem Spec
.


13 Sep 2009   #4
grimreaper

Windows 7 Ultimate X64
 
 

ok I thought so...great feature anyways
Thank you again...Windows 7 is a beast i love it!
My System SpecsSystem Spec
13 Sep 2009   #5
Brink
Microsoft MVP

64-bit Windows 8.1 Enterprise
 
 

You're welcome Grim. I agree. Windows 7 is so much better than Vista. I can't wait to see what all they may add or improve more in the years to come with Windows Updates.
My System SpecsSystem Spec
13 Sep 2009   #6
Night Hawk

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 

I think we'll be looking for what new things find support in 7 and beyond in general as well as the new goods in the eventual service packs there too!
My System SpecsSystem Spec
10 Mar 2010   #7
SantoshVasudeva

Windows 7
 
 
Problem with BitLocker

Hi,

I was enabling BitLocker to my 16GB PNY pendrive. Unfortunately while the encryption was going on i clicked on pause. After that i am not able to use my Pen drive. it showed locked and when i enter the password it says " Request could not be performed because of I/O error". Then i tried clicking forget password and gave the key which got generated but that is also not working. It says wrong key.
When i plug my Pendrive to a machine with XP it says connect to a machine with Windows 7 and complete the encryption.

Kindly advice how to resolve it.

Santosh
My System SpecsSystem Spec
10 Mar 2010   #8
Night Hawk

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 

Welcome to the Windows 7 Forums! SantoshVasudeva

With the process of encrypting the flash drive interrupted while in progress you may be forced to simply go into the Disk Management tool, right click on the item for the drive there, and select format! Going from 7 to XP would be another problem for the older version since the process was never completed in order to use on an older version or even taking with you to another machine entirely.

Hopefully you didn't have any unreplacable files already on the device since reformatting it to NTFS to make available again will wipe the flash drive completely. The next time I think you will be a little more cautious and allow the BitLocker to complete the process first however before trying to pause or simply go to use the drive itself.

Verify the next encryption is working well before placing any data on it just to be safe if you still go to use the tool. The tool does work but can be vulnerable at times so remember to back things up first before counting on the data you place on it to be locked up.
My System SpecsSystem Spec
11 Mar 2010   #9
SantoshVasudeva

Windows 7
 
 
Problem with BitLocker

Hi thanks for your help. I tried this option before posting my question here and it did not work. I am not able to format my Pen Drive. It gives an error saying format did not complete successfully.
My System SpecsSystem Spec
Comment

 BitLocker Drive Encryption - Internal Data Hard Drives - Turn On or Off




Tutorial Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 11:10 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33