How to Turn On or Off BitLocker for Internal Data Hard Drives in Windows 7
Information
This will show you how to turn Windows 7 BitLocker Drive Encryption on or off for internal hard drives or partitions without a operating system installed on them. When BitLocker Drive Encryption is turned on for the selected internal data hard drive or partition, you will be required to either use a smart card or enter a password to unlock the drive before allowed access to it.
Note
When you add new files to the Windows 7 or other operating system drive or partition that is encrypted with BitLocker, BitLocker will encrypt them automatically. Files remain encrypted only while they are stored on the encrypted drive. Files will be decrypted if they are copied on another drive, partition, or computer. You can log on and work with your files normally, but BitLocker can help block hackers from accessing the system files they rely on to discover your password, or from accessing your drive by removing it from your computer and installing it in a different computer.
Warning
BitLocker is only available in the Windows 7 Ultimate and Enterprise editions.
EXAMPLE: A Internal Data (non-OS) Hard Drive with BitLocker turned on for it
NOTE: This is what you will see when you attempt to open or access the encrypted internal data hard drive or partition after you have logged off or restarted the computer. You will then need to enter your password to unlock the drive to gain access.
EXAMPLE: A Internal Data (non-OS) Hard Drive Locked and Unlocked by BitLocker
NOTE: When you have BitLocker Drive Encryption turned on, then this is how you can tell if the drive is currently locked or unlocked in the Computer window.
OPTION ONE
Turn On BitLocker and Encrypt a Internal Drive
1. Decide if you want
128-bit or 256-bit encryption.
NOTE: By default, Windows 7 will use AES encryption with 128-bit encryption keys and Diffuser unless changed already by you previously.
2. Open the Start menu and click on the
Computer button, then right click on the non operating system internal drive or partition letter that you want to encrypt with BitLocker and click on
Turn on BitLocker. (See screenshot below)
A) Go to step 5.
OR
4. Open the
Control Panel (All Items view), and click on the
BitLocker Drive Encryption icon.
A) Click on
Turn On BitLocker for non operating system internal drive or partition letter that you want to encrypt with BitLocker. (See screenshot below)
5. Select a option, say (check)
Use a password to unlock the drive, then type in a password that is
at least 8 numbers and/or letters long that you would like to use to unlock the drive with twice, and click on the
Next button. (See screenshot below)
WARNING: Be sure to write down this password and keep it somewhere safe. The password you enter here will be required to be entered to unlock the drive to gain access to it.
Note
Password
A password is a string of characters used to access information or a computer. For more information about passwords, see Tips for creating strong passwords and passphrases.
- You can use a password to unlock fixed data drives (such as internal hard drives) and removable data drives (such as external hard drives and USB flash drives).
- Passwords allow you to use your encrypted drive on both home and work computers or share the drive with other people.
- The BitLocker To Go Reader allows you to unlock encrypted drives on computers running Windows Vista or Windows XP. To use the BitLocker To Go Reader, the drive must be formatted using the FAT file system and you must use a password to encrypt the drive.
- You can change your password in the BitLocker Drive Encryption Control Panel.
Smart card
A smart card is a small plastic card containing a computer chip. Smart cards are generally issued by information technology (IT) departments in large companies. To use a smart card, you also need a smart card reader—a device that’s installed in or connected to your computer and can read the information stored on a smart card.
- Smart cards are used primarily in work environments.
- You will be required to use a BitLocker certificate that is provided by your system administrator. If you have multiple certificates, you might have to choose one.
- Smart cards cannot be used with the BitLocker To Go Reader, which allows you to unlock drives on computers running Windows Vista or Windows XP.
- To unlock the drive, you will insert your smart card and type your smart card PIN.
NOTE: When encrypting a drive using a smart card, a certificate-based protector will be created on the drive. This protector contains some unencrypted information that is required to unlock the drive. In the specific case where a certificate-based protector is used, the public key and certificate thumbprint of the certificate that was used to encrypt the drive will be stored unencrypted in the protector’s metadata. This information could be used to locate the certification authority (CA) that was originally used to generate the certificate and then try to extract some personal information.
Automatically unlock
When you encrypt fixed data drives, you can choose to have the drive automatically unlock when you log on to Windows.
- Removable data drives can be set to automatically unlock after they are encrypted by right-clicking the drive in the Computer folder, and then clicking Manage BitLocker.
NOTE: To be able to automatically unlock fixed data drives, the drive that Windows is installed on must also be encrypted by BitLocker.
6. Click on
Save the recovery key to file option. (See screenshot below)
A) Select where you want to save this file at, and click on the
Save button. (See screenshot below)
B) If prompted, click on
Yes. (See screenshot below)
C) It is highly recommended that you save this file somewhere safe, and not on the encrypted drive. You will need the "BitLocker recovery key" number (
bottom number in screenshot below) to gain access to you encrypted drive if you should forget the password, lose the smart card, or BitLocker locks the drive.
D) It is also recommended that you click on the
Print the recovery key option as well to have a printed hard copy of the file to be extra safe. (See screenshot below step 6)
E) When done, click on the
Next button. (See screenshot below step 6)
7. Click on the
Start Encrypting button. (See screenshot below)
8. BitLocker will now start encrypting the drive. (See screenshot below)
NOTE: This may take a while to finish.
9. When it is finished, click on the
Close button. (See screenshot below)
10. You will now have a
Manage BitLocker option in the Control Panel and Computer for the encrypted drive. (See screenshots below)
11. If you click on
Manage BitLocker, these will be the options that you will have below. (See screenshot below)
12. You're done. The internal data drive or partition is now encrypted with BitLocker (turned on).
OPTION TWO
Turn Off BitLocker and Decrypt a Internal Drive
NOTE: If you do not care about losing all data on the drive/partition, then formating or using the clean command will allso turn off BitLocker for the drive/partition.
1. Open the Control Panel (icons view), and click on the BitLocker Drive Encryption icon.
2. Click on Turn Off BitLocker for the non operating system internal drive or partition letter that you want to turn off BitLocker with. (See screenshot below)
3. Click on the
Decrypt Drive button. (See screenshot below)
4. BitLocker will now start decrypting the drive. Click on the BitLocker icon in the taskbar notification area (far right) to see the encryption status. (See screenshot below)
NOTE: This may take a while to finish.
5. When finished, click on the
Close button. (See screenshot below)
6. The Control Panel and Computer will now have the
Turn On BitLocker option again for the selected drive.
7. You're done. The internal data drive or partition is now decrypted by BitLocker (turned off).
That's it,
Shawn