Cover Image for BitLocker

Table of Contents


    In this post, I am going to show you how to configure BitLocker for encrypting your HD using a password as authentication method.


    BitLocker is available in every windows licence except for Windows Home. You can use the Key Management Services (KMS) to change your licence.


    In order to start encripting you Hard Drive you need to change your computer's group policies. For doing so, execute the following command with Administrative privileges gpedit.msc . Then, access to the following directory.


    Computer Configuration / Administrative Templates / Windows Components/ BitLocker Drive Encryption / Operative System Drives


    Configuración del equipo / Plantillas administrativas / Componentes de Windows / Cifrado de Unidad BitLocker / Unidades del Sistema Operativo

    Now, we have to enable the following directives:

    • "Require additional authentication at startup" || "Requerir autenticación adicional al iniciar"
    Require additional authentication at startup
    • "Allow enhanced PINs for startup" || "Permitir los PIN mejorados para el inicio"
    Allow enhanced PINs for startup

    Then, we need to update the computer group policies: gpupdate /target:Computer /force.

    Now, we need to go to:


    Control Panel\All Control Panel Items\BitLocker Drive Encryption


    Panel de control\Todos los elementos de Panel de control\Cifrado de unidad BitLocker
    BitLocker Drive Encryption

    Select the option "Enter a password" || "Escriba un PIN (recomendado)".

    Enter a password

    Select "Save to a file" so you can save it into an SMB Share or a USB flash drive.

    Save to a file

    Select "Encrypt the entire drive" so there is nothing left to unencrypt.

    Encrypt the entire drive

    Select the method you prefer the most. In my case I selected the new one for better performance.

    Choose encryption mode

    Finally, click on "Run BitLocker system check", avoiding future problems and restart the PC.

    Check "BitLocker system check"

    If everything goes as expected you should obtain the following screen each time you boot your PC.

    BitLocker Screen