Advertisement

Turn On BitLocker for Removable Data Drives in Windows 10

Turn On or Off BitLocker for Removable Data Drives in Windows 10 (BitLocker To Go)

For extra protection, Windows 10 allows enabling BitLocker for removable data drives. Also known as 'BitLocker To Go', this feature includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems. It supports protection with a smartcard or password.

Advertisement

BitLocker was first introduced in Windows Vista and still exists in Windows 10. It was implemented exclusively for Windows and has no official support in alternative operating systems. BitLocker can utilize your PC's Trusted Platform Module (TPM) to store its encryption key secrets. In modern versions of Windows such as Windows 8.1 and Windows 10, BitLocker supports hardware-accelerated encryption if certain requirements are met (the drive has to support it, Secure Boot must be on and many other requirements). Without hardware encryption, BitLocker switches to software-based encryption so there is a dip in your drive's performance. BitLocker in Windows 10 supports a number of encryption methods, and supports changing a cipher strength.

Butlocker Drive Encryption

Note: In Windows 10, BitLocker Drive Encryption is only available in the Pro, Enterprise, and Education editions. BitLocker can encrypt the system drive (the drive Windows is installed on), internal hard drives. The BitLocker To Go feature allows protecting files stored on a removable drives, such as a USB flash drive.

There are a number of methods you can use to turn on or off BitLocker for a removable drive.

To Turn On BitLocker for a Removable Data Drive in Windows 10,

  1. Configure the encryption method for BitLocker if required.
  2. Open File Explorer to the This PC folder.
  3. Right-click on the drive and select Turn on Bitlocker from the context menu.Bitlocker Turn On For Removable Drive
  4. Alternatively, click on Manage tab under Drive Tools in the Ribbon, then click on the Turn on BitLocker command.Bitlocker Turn On From Ribbon
  5. Finally, you can open Control Panel\System and Security\BitLocker Drive Encryption. On the right, find your removable drive, and click on the link Turn on Bitlocker.Bitlocker Turn On From Control Panel
  6. In the next dialog, choose a smart card or provide a password to encrypt the drive contents.Bitlocker Specify Password
  7. Choose how to backup the encryption key. For example, you can print it.Bitlocker Backup Encryption Key
  8. Select how much of your drive space to encrypt. For new drives, you can choose 'used disk space only'. For drives that already contain files, choose Encrypt entire drive.Bitlocker How Much Data To Encrypt
  9. Specify which encryption mode to use.
    • New encryption mode (XTS-AES 128-bit) is supported on Windows 10.
    • Compatible mode (AES-CBC 128-bit) is supported on Windows Vista, Windows 7 and Windows 8/8.1.Bitlocker Encryption Mode
  10. Click on Start encrypting.Bitlocker Start Encrypting

You are done. The removable data drive will be encrypted. This could take a long time to finish depending on the size of the removable drive and its capacity.Bitlocker Drive Is Encrypted

To Turn Off BitLocker for a Removable Drive in Windows 10

  1. Connect your removable drive to the computer.
  2. Open File Explorer to the This PC folder.
  3. Right-click on the drive and select Manage BitLocker from the context menu.Bitlocker Manage Bitlocker Context Menu
  4. Alternatively, click on Manage tab under Drive Tools in the Ribbon, then click on the Manage BitLocker command.Bitlocker Manage Bitlocker Ribbon
  5. Finally, you can open Control Panel\System and Security\BitLocker Drive Encryption.
  6. On the right side of the Drive Encryption Dialog, find your removable drive, and click on the link Turn off Bitlocker.Bitlocker Turn Off In Control Panel
  7. Click on the Turn off BitLocker to confirm the operation.

You are done. BitLocker will decrypting the drive contents.

Also, you can disable BitLocker for a removable drive from Command Prompt or PowerShell.

To Turn Off BitLocker for a Removable Drive from the Command Line

  1. Open a new command prompt as Administrator.
  2. Type and run the following command: manage-bde -off <drive letter>:.
  3. Substitute <drive letter> with the actual drive letter of the drive you want to decrypt. For example: manage-bde -off D:.Bitlocker Turn Off In Command Prompt
  4. Alternatively, open PowerShell as Administrator.
  5. Type and run the following command: Disable-BitLocker -MountPoint "<drive letter>:".
  6. Substitute <drive letter> with the actual drive letter of the drive you want to decrypt. For example: Disable-BitLocker -MountPoint "D:".Bitlocker Turn Off In Power Shell

You are done!

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Advertisment

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

css.php
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.