Hi everyone. Frank Westfall here. In this
video, I will show you how to enable and
use bitlocker disk encryption with or
without a tpm chip and how to use
bitlocker to go
with Windows 10 or Windows 11.
Bitlocker is an application that is
built into all Microsoft operating
systems since Windows 7,
and it allows you to encrypt the
contents of your system disk or your
system disk and another disk and also
encrypt the contents of removable disks
like usb flash thumb drives. This means
that if those disks are ever lost or
stolen or the computer itself is ever
lost or stolen. Anyone who has those
disks won't be able to read any of the
data on it unless they have the
encryption key as well and as long as
your encryption key isn't with the
computer. When it's lost or stolen,
there's no way they can have the
encryption key.
So what that means is that if I lose
this laptop or it gets stolen, and I have
bitlocker disk encryption enabled. Even
if someone pulls the disk out,
and puts it in another computer,
they will not be able to read the
contents on this disk. It is encrypted,
and if a person doesn't have Bitlocker,
just encryption or some other type of
disk encryption enabled and they lose
their computer.
And I happen to find it or anyone who's
relatively savvy with computers,
we'll be able to pull the disc out,
put it in another computer and instantly
access all the data on it. Anything
that's unencrypted is just there for the
taking,
So I highly recommend that if you have
sensitive data on a laptop
or a removable thumb drive
that you encrypt the contents of it.
The worst thing that can happen is you
have sensitive data, and then you're not
thinking about whether or not the device
gets lost or stolen and then it gets
lost or stolen and you don't care about
the actual laptop. Uou care about the
data. Well with BitLocker disk encryption,
if that happens, you don't have to worry
because your data is protected. It's not
going to be red. It's not going to be
able to be used. You might be out the
device. You might have lost the laptop or
you might have lost a thumb drive but
you didn't lose your data. For this video,
you will need any PC, computer or laptop,
a flash thumb drive. And it doesn't have
to have much storage four gigs or above
would be fine. And if you're wondering
how I'm running windows 11 without a TPM
chip because I'm going to show you
BitLocker without a TPM chip. And with a
tpm chip, I show how to bypass the new
tpm requirements for Windows 11.
In my other video called, "Your pc does
not meet minimum requirements: how to
bypass, tpm 2.0. And run Windows 11 on
older PC,
the link for that video will be in the
description below, okay. Here we go. First,
I'm going to show you how to use
bitlocker without a tpm, than with a tpm
and then also show you how to use
bitlocker to go for usb flash drives.
I'll show you that there's no tpm
enabled.
This computer actually has a tpm chip,
but I have it disabled in the bios to
check your tpm status. You can type in
tpm.msc
in the search run bar,
and you can see that this computer
doesn't think it has a tpm chip because
when it's turned off in the bios. It
doesn't even get powered on it's like
the chip doesn't even exist when you
turn it off in the bios.
So we don't have a tpm chip, but we're
still going to use bitlocker just fine.
The next thing we want to do is in the
search run box type in gp
edit
dot msc,
and we want to go to local computer
policy,
administrative templates,
expand that go to windows components,
expand that
and then go to bitlocker drive
encryption and expand that,
and then operating system drives.
And then if we slide this over over here
require additional authentication at
startup. Double click that,
turn it to enabled and then check this
box if it isn't already checked allow
bitlocker without a compatible tpm
requires a password or startup key on a
usb flash drive.
We're going to hit ok,
so now we can use bitlocker without a
tpm
and we can go to
control panel.
And then
bitlocker drive encryption and then we
just want to turn on bitlocker,
and this is where you want to insert
your usb drive, we're going to need it in
a second.
You can choose
to use a usb drive
to decrypt the disk
before operating system login
or you can choose to use a password and
i'll show you what it looks like with a
password login in a second when we're
done with this i'm going to use a
password to decrypt the system drive.
I recommend using a complex password for
this,
and then
we're going to save
the recovery key
onto the flash drive.
I've already named this one win11
BitLock,
and then hit next.
And you can choose the first option,
if you want to do your whole disk, it
does take longer but that just encrypts
the entire disk regardless of whether or
not there's data on the disk for the
purpose of speed. I'm going to do
the top option here
and I'm going to use the new encryption
mode
here. You want to uncheck this,,
and then hit start encrypting
and then you get this notification.
Encryption is in progress encryption of
c by bitlocker drive encryption has
started when bitlocker disk encryption
is running even before it's finished
encrypting the entire disk.
You can shut down and restart the
computer. It picks up wherever
it left off when you shut down the
computer. If it hasn't finished, its
encryption process the encryption
process is a one-time thing and then
after that it's just encrypted. This is
what logging in looks like
after you've enabled bitlocker without a
tpm chip, you're first asked for a
password to decrypt the system disk and
then you enter the password to log in.
And those can be two separate passwords,
or they could be the same, I recommend
that they're different. So first, I'm just
going to enter the bitlocker password.
Now, the system disk is decrypted
and the operating system can load.
And now I can log into the operating
system,
and I'm in. That's what logging in looks
like when you use BitLocker without a
TPM chip. If you use BitLocker with a TPM
chip. It looks exactly like normal login,
because the TPM delivers the decryption
password as the computer starting up
automatically without you even knowing
that's happening. Okay so, I've turned my
tpm chip on in the system bios and if
you're not sure if you have a tpm chip,
you can go into your bios
and go under security
and then if you have tpm. You'll see tpm
security as an option. I'm going to turn
on my tpm chip now and then show you
bitlocker with tpm
hit apply,
and then when you hit apply. You get
these options.
I'm going to do
tpm acpi support,
and then you have to hit activate as
well and now the tpm chip can be used by
the motherboard. And by the operating
system,
hit apply and exit. That's how you turn
tpm on in your bios. Now I'm going to
turn on bitlocker again, but this time
with the tpm chip. First, I'm just going
to do the tpm.msc
command in the search run bar
to show the tpm status. So here it shows
that there is a tpm chip,
and you can actually also check the
firmware version of your tpm chip right
here. Specification version 1.2. This is a
tpm chip that is running tpm firmware
1.2 can exit out of that.
And then I'm just going to also show you
that
the group policy modification
has been undone as well.
So if I go back to that same spot,
you can see that I've reverted this to
not configured then go to control panel,
and bitlocker drive encryption again,
turn on bitlocker,
and we want to
save
the recovery key
to
this disk. This is the usb disk that I
have.
Say yes.
Your recovery key has been saved and
it's really important that you save your
recovery key, and then actually keep it
because if you get locked out of your
disk and you need to get back in you
have to have that encryption key or you
will not be able to get that data.
I've actually had to use my recovery key
to get into an encrypted disk before so
just keep it in a safe place and then
hit next.
And we're going to use the top option
again,
and then new encryption mode, yes.
And then for this one, we can actually do
the run bit locker system check. What
it's going to do is look for a tpm chip,
and it says okay everything looks good.
Restart now. And then the encryption will
start okay. I've restarted and I'm going
to check the status of the bitlocker
encryption.
Control panel bitlocker drive
encryption, and you can see that the
encryption is in progress right now.
You'll notice that you're able to shut
down and restart the computer. And it
does not disrupt the process of the
encryption, you can also turn off
bitlocker here very simply by hitting
turn off bitlocker.
And then this will decrypt the disk. The
disk has been decrypted, and now we're
back to where we started the last thing
I'm going to show you is how to use
bitlocker to go which is for use with
usb flash thumb drives.
So maybe you don't want to encrypt your
entire system disk inside the computer
itself, but you want to have
some sensitive data encrypted in a flash
thumb drive. You can use this to do that.
So I'm going to encrypt this flash thumb
drive.
Just turn on bitlocker.
We're going to use a password to unlock
it,
and then I'm going to save the bitlocker
encryption key. I'm going to actually
just put it on the desktop of this
computer. I recommend actually putting it
on a separate usb drive, but for the
purpose of this demonstration, I'm going
to put it just on the desktop of this
computer.
The recovery key has been saved that
step is really important you want to
make sure that you see your recovery key
has been saved,
and hit next. And then we're going to use
the top option again,
and compatible mode has to be used for
drives that can be moved from the device
hit next and yes, we are ready to start
encrypting this usb drive.
Now I'm going to remove this drive and
then plug it back in. So you can see what
it looks like when you plug the drive in.
So go to eject media,
safe to remove,
pull it out
and then put it back in
bitlocker drive, encryption unlock drive.
The drive is bitlocker protected,
enter the password
and now the drive has been unlocked
and
we can access the data on it.
There isn't any data on this. It's just
the recovery keys from the
testing of bitlocker that I did before
the video. And then also the recovery
keys that we created during this video
and I also want to show you real quick
what it looks like. If you have the usb,
disk in and you haven't entered the
bitlocker decryption key. So this is what
it would be like for someone that found
your usb disk, but they don't have the
bitlocker password to decrypt the drive
they plug it in their computer. They go
to access it and
they're not getting in
even if they loaded this up on a linux
system or some other type of computer.
And then they can actually open it
the actual data in. It is encrypted so
it's just a bunch of gibberish. It
doesn't make any sense you can also
decrypt the usb drive the same way that
you decrypted the system drive.
I just did a decryption of the usb drive.
So it's just back to a normal usb drive.
All you have to do is hit the turn off
bitlocker under
bitlocker to go, and then select the
drive and then hit turn off bitlocker.
All right, that's it. I hope this
information was helpful, please subscribe
to my channel for more computer
tutorials videos. And please check out
the ones I already have. I'm building a
large library of computer tutorial
videos. Thank you for watching. Bye.