How To Encrypt Computer/Laptop Drives | Unlock With USB | Bitlocker Method

With this tutorial, it is doable to be able to to encrypt your PC so no

one will doubtless be succesful to entry it in case your Key-USB is just not plugged in.

This model if my buddies from the LSPD come over and take your PC it will likely be

ineffective for them. They’ll be unable furthermore it nor will the be succesful to review any

recordsdata from you arduous drive / ssd. Mixed with group safety (VPN/Proxy)

this can be primarily probably the most protected setup you should have.

This tutorial is just not by me! I’m reposting it from a novel web site on-line which will make it easier to guys out!

Step One: Allow BitLocker (If You Haven’t Already)


This, clearly, requires BitLocker drive encryption, which suggests it solely works on Knowledgeable and Enterprise editions of Dwelling dwelling home windows.

Before chances are high you may alter to any of the steps beneath, you’ll have to allow BitLocker encryption in your system drive from the Administration Panel.

For people who exit of your approach to allow BitLocker on a PC and by no means using a TPM, chances are high you may select to create a USB startup key as a part of the setup course of.

It should possibly be used instead of the TPM. The beneath steps are solely obligatory when enabling BitLocker on laptop computer applications with TPMs, which most stylish laptop computer applications have.

If in case you’ve got a Dwelling model of Dwelling dwelling home windows, you gained’t be succesful to utilize BitLocker. You may need the Gadget Encryption function instead,

nonetheless this works otherwise from BitLocker and doesn’t might also make it easier to present a startup key.

Step Two: Allow the Startup Key in Group Safety Editor
When you’ve enabled BitLocker, you’ll have to allow the startup key requirement in Dwelling dwelling home windows’ group safety.

To open the Group Safety Editor, press Dwelling dwelling home windows+R in your

keyboard, kind “gpedit.msc” into the Run dialog, and press Enter.

Head to Laptop Configuration > Administrative Templates > Dwelling dwelling home windows

Components > BitLocker Drive Encryption > Working System Drives all through the Group Safety window.

Double-click the “Require Further Authentication at startup” danger inside the applicable pane.


Choose “Enabled” on the extreme of the window correct proper right here. Then, click on on on the sphere underneath “Configure

TPM Startup Key” and choose the “Require Startup Key With TPM” danger. Click on on on “OK” to keep away from losing a variety of your adjustments.

Step Three: Configure a Startup Key for Your Drive

Now it’s worthwhile to use the manage-bde command to configure a USB drive to your BitLocker-encrypted drive.

First, insert a USB drive into your pc. Phrase the drive letter of the USB drive–D: all through the screenshot beneath. Dwelling dwelling home windows will save a small .bek file to the drive, and that’s the easiest way it might turn out to be your startup key.


Subsequent, launch a Command Immediate window as Administrator. On Dwelling dwelling home windows 10 or 8, right-click the Begin button and choose “Command Immediate (Admin)”. On Dwelling dwelling home windows 7, uncover the “Command Immediate” shortcut all through the Begin menu, right-click it, and choose “Run as Administrator”

Run the following command. The beneath command works in your C: drive, so in case you need to require a startup key for an additional drive, enter its drive letter instead of c: . You’ll furthermore have to enter the drive letter of the linked USB drive it is important use as a startup key instead of x: .

manage-bde -protectors -add c: -TPMAndStartupKey x:


The important issue will possibly be saved to the USB drive as a hidden file with the .bek file extension. You may even see it for a lot of who present hidden recordsdata.


You’ll be requested to insert the USB drive the following time you boot your pc. Watch out with the important issue–any person who copies the important issue out of your USB drive can use that replicate to unlock your BitLocker-encrypted drive.


To double-check whether or not or not or not the TPMAndStartupKey protector was added appropriately, chances are high you may run the following command:

manage-bde -status 

(The “Numerical Password” key protector displayed correct proper right here is your restoration key.)


I furthermore advocate to jot down down the decryption key so everytime you unfastened your USB you could have obtained a backup. Maintain that piece of paper terribly hidden and don’t share the place with anybody!

Benefit from!