Turn On BitLocker for Fixed Drives in Windows 10

BitLocker Big 256 Icon 2

Turn On or Off BitLocker for Fixed Drives in Windows 10

For extra protection, Windows 10 allows enabling BitLocker for fixed drives (drive partitions and internal storage devices). It supports protection with a smart card or password. You can also make the drive to automatically unlock when you sign in to your user account.

BitLocker was first introduced in Windows Vista and still exists in Windows 10. It was implemented exclusively for Windows and has no official support in alternative operating systems. BitLocker can utilize your PC's Trusted Platform Module (TPM) to store its encryption key secrets. In modern versions of Windows such as Windows 8.1 and Windows 10, BitLocker supports hardware-accelerated encryption if certain requirements are met (the drive has to support it, Secure Boot must be on and many other requirements). Without hardware encryption, BitLocker switches to software-based encryption so there is a dip in your drive's performance. BitLocker in Windows 10 supports a number of encryption methods, and supports changing a cipher strength.

Note: In Windows 10, BitLocker Drive Encryption is only available in the Pro, Enterprise, and Education editions. BitLocker can encrypt the system drive (the drive Windows is installed on), and internal hard drives. The BitLocker To Go feature allows protecting files stored on a removable drives, such as a USB flash drive.

There are a number of methods you can use to turn on or off BitLocker for an internal fixed drive.

To Turn On BitLocker for a Fixed Data Drive in Windows 10,

  1. Configure the encryption method for BitLocker if required.
  2. Open File Explorer to the This PC folder.
  3. Right-click on the drive and select Turn on Bitlocker from the context menu.
  4. Alternatively, click on Manage tab under Drive Tools in the Ribbon, then click on the Turn on BitLocker command.
  5. Finally, you can open Control Panel\System and Security\BitLocker Drive Encryption. On the right, find your internal drive or partition, and click on the link Turn on Bitlocker.
  6. In the next dialog, choose a smart card or provide a password to encrypt the drive contents.
  7. Choose how to backup the encryption key. For example, you can print it.
  8. Select how much of your drive space to encrypt. For new drives, you can choose 'used disk space only'. For drives that already contain files, choose Encrypt entire drive.
  9. Specify which encryption mode to use.
    • New encryption mode (XTS-AES 128-bit) is supported on Windows 10.
    • Compatible mode (AES-CBC 128-bit) is supported on Windows Vista, Windows 7 and Windows 8/8.1.
  10. Click on Start encrypting.

You are done. The fixed drive will be encrypted. This could take a long time to finish depending on the data size stored on the drive, and its capacity.

You can now check the BitLocker encryption status for the drive.

To Turn Off BitLocker for a Fixed Drive in Windows 10,

  1. Open File Explorer to the This PC folder.
  2. Right-click on the drive and select Manage BitLocker from the context menu.
  3. Alternatively, click on Manage tab under Drive Tools in the Ribbon, then click on the Manage BitLocker command.
  4. Finally, you can open Control Panel\System and Security\BitLocker Drive Encryption.
  5. On the right side of the Drive Encryption Dialog, find your fixed drive, and click on the link Turn off BitLocker.
  6. Click on the Turn off BitLocker to confirm the operation.

You are done. BitLocker will decrypting the drive contents.

You can now check the BitLocker encryption status for the drive.

Also, you can disable BitLocker for an internal drive from Command Prompt or PowerShell.

To Turn Off BitLocker for a Fixed Drive from the Command Line

  1. Open a new command prompt as Administrator.
  2. Type and run the following command: manage-bde -off <drive letter>:.
  3. Substitute <drive letter> with the actual drive letter of the drive you want to decrypt. For example: manage-bde -off D:.
  4. Alternatively, open PowerShell as Administrator.
  5. Type and run the following command: Disable-BitLocker -MountPoint "<drive letter>:".
  6. Substitute <drive letter> with the actual drive letter of the drive you want to decrypt. For example: Disable-BitLocker -MountPoint "D:".

You are done!

You can now check the BitLocker encryption status for the drive.

That's

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

Exit mobile version
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.