BitLocker

Introduction

In this post, I am going to show you how to configure BitLocker for encrypting your HD using a password as authentication method.

Prerequisites

BitLocker is available in every windows licence except for Windows Home. You can use the Key Management Services (KMS) to change your licence.

Instalation

In order to start encripting you Hard Drive you need to change your computer's group policies. For doing so, execute the following command with Administrative privileges gpedit.msc . Then, access to the following directory.

English

Computer Configuration / Administrative Templates / Windows Components/ BitLocker Drive Encryption / Operative System Drives

Spanish

Configuración del equipo / Plantillas administrativas / Componentes de Windows / Cifrado de Unidad BitLocker / Unidades del Sistema Operativo

Now, we have to enable the following directives:

• "Require additional authentication at startup" || "Requerir autenticación adicional al iniciar"

• "Allow enhanced PINs for startup" || "Permitir los PIN mejorados para el inicio"

Then, we need to update the computer group policies: gpupdate /target:Computer /force.

Now, we need to go to:

English:

Control Panel\All Control Panel Items\BitLocker Drive Encryption

Spanish:

Panel de control\Todos los elementos de Panel de control\Cifrado de unidad BitLocker

Select the option "Enter a password" || "Escriba un PIN (recomendado)".

Select "Save to a file" so you can save it into an SMB Share or a USB flash drive.

Select "Encrypt the entire drive" so there is nothing left to unencrypt.

Select the method you prefer the most. In my case I selected the new one for better performance.

Finally, click on "Run BitLocker system check", avoiding future problems and restart the PC.

If everything goes as expected you should obtain the following screen each time you boot your PC.