Protect Your Data: How to Use Bitlocker Disk Encryption Windows 10, 11 – Step by Step

Edit subtitles

0:00 - 0:02

Hi everyone. Frank Westfall here. In this
0:02 - 0:05

video, I will show you how to enable and
0:05 - 0:08

use bitlocker disk encryption with or
0:08 - 0:10

without a tpm chip and how to use
0:10 - 0:12

bitlocker to go
0:12 - 0:15

with Windows 10 or Windows 11.
0:15 - 0:17

Bitlocker is an application that is
0:17 - 0:19

built into all Microsoft operating
0:19 - 0:21

systems since Windows 7,
0:21 - 0:23

and it allows you to encrypt the
0:23 - 0:26

contents of your system disk or your
0:26 - 0:29

system disk and another disk and also
0:29 - 0:31

encrypt the contents of removable disks
0:31 - 0:34

like usb flash thumb drives. This means
0:34 - 0:37

that if those disks are ever lost or
0:37 - 0:39

stolen or the computer itself is ever
0:39 - 0:42

lost or stolen. Anyone who has those
0:42 - 0:45

disks won't be able to read any of the
0:45 - 0:46

data on it unless they have the
0:46 - 0:48

encryption key as well and as long as
0:48 - 0:50

your encryption key isn't with the
0:50 - 0:52

computer. When it's lost or stolen,
0:52 - 0:53

there's no way they can have the
0:53 - 0:55

encryption key.
0:55 - 0:57

So what that means is that if I lose
0:57 - 1:00

this laptop or it gets stolen, and I have
1:00 - 1:02

bitlocker disk encryption enabled. Even
1:02 - 1:06

if someone pulls the disk out,
1:06 - 1:08

and puts it in another computer,
1:08 - 1:10

they will not be able to read the
1:10 - 1:12

contents on this disk. It is encrypted,
1:12 - 1:15

and if a person doesn't have Bitlocker,
1:15 - 1:17

just encryption or some other type of
1:17 - 1:19

disk encryption enabled and they lose
1:19 - 1:20

their computer.
1:20 - 1:23

And I happen to find it or anyone who's
1:23 - 1:26

relatively savvy with computers,
1:26 - 1:28

we'll be able to pull the disc out,
1:28 - 1:31

put it in another computer and instantly
1:31 - 1:32

access all the data on it. Anything
1:32 - 1:34

that's unencrypted is just there for the
1:34 - 1:35

taking,
1:35 - 1:38

So I highly recommend that if you have
1:38 - 1:42

sensitive data on a laptop
1:42 - 1:44

or a removable thumb drive
1:44 - 1:47

that you encrypt the contents of it.
1:47 - 1:49

The worst thing that can happen is you
1:49 - 1:52

have sensitive data, and then you're not
1:52 - 1:53

thinking about whether or not the device
1:53 - 1:55

gets lost or stolen and then it gets
1:55 - 1:56

lost or stolen and you don't care about
1:56 - 1:58

the actual laptop. Uou care about the
1:58 - 2:01

data. Well with BitLocker disk encryption,
2:01 - 2:03

if that happens, you don't have to worry
2:03 - 2:05

because your data is protected. It's not
2:05 - 2:07

going to be red. It's not going to be
2:07 - 2:09

able to be used. You might be out the
2:09 - 2:11

device. You might have lost the laptop or
2:11 - 2:12

you might have lost a thumb drive but
2:12 - 2:15

you didn't lose your data. For this video,
2:15 - 2:19

you will need any PC, computer or laptop,
2:19 - 2:21

a flash thumb drive. And it doesn't have
2:21 - 2:23

to have much storage four gigs or above
2:23 - 2:25

would be fine. And if you're wondering
2:25 - 2:28

how I'm running windows 11 without a TPM
2:28 - 2:29

chip because I'm going to show you
2:29 - 2:32

BitLocker without a TPM chip. And with a
2:32 - 2:34

tpm chip, I show how to bypass the new
2:34 - 2:37

tpm requirements for Windows 11.
2:37 - 2:40

In my other video called, "Your pc does
2:40 - 2:42

not meet minimum requirements: how to
2:42 - 2:46

bypass, tpm 2.0. And run Windows 11 on
2:46 - 2:47

older PC,
2:47 - 2:49

the link for that video will be in the
2:49 - 2:52

description below, okay. Here we go. First,
2:52 - 2:53

I'm going to show you how to use
2:53 - 2:56

bitlocker without a tpm, than with a tpm
2:56 - 2:58

and then also show you how to use
2:58 - 3:01

bitlocker to go for usb flash drives.
3:01 - 3:02

I'll show you that there's no tpm
3:02 - 3:04

enabled.
3:04 - 3:05

This computer actually has a tpm chip,
3:05 - 3:08

but I have it disabled in the bios to
3:08 - 3:10

check your tpm status. You can type in
3:10 - 3:12

tpm.msc
3:12 - 3:15

in the search run bar,
3:15 - 3:17

and you can see that this computer
3:17 - 3:19

doesn't think it has a tpm chip because
3:19 - 3:21

when it's turned off in the bios. It
3:21 - 3:22

doesn't even get powered on it's like
3:22 - 3:24

the chip doesn't even exist when you
3:24 - 3:25

turn it off in the bios.
3:25 - 3:28

So we don't have a tpm chip, but we're
3:28 - 3:30

still going to use bitlocker just fine.
3:30 - 3:32

The next thing we want to do is in the
3:32 - 3:36

search run box type in gp
3:36 - 3:38

edit
3:38 - 3:41

dot msc,
3:41 - 3:43

and we want to go to local computer
3:43 - 3:44

policy,
3:44 - 3:47

administrative templates,
3:47 - 3:50

expand that go to windows components,
3:50 - 3:51

expand that
3:51 - 3:53

and then go to bitlocker drive
3:53 - 3:56

encryption and expand that,
3:56 - 3:59

and then operating system drives.
3:59 - 4:03

And then if we slide this over over here
4:03 - 4:05

require additional authentication at
4:05 - 4:08

startup. Double click that,
4:09 - 4:12

turn it to enabled and then check this
4:12 - 4:14

box if it isn't already checked allow
4:14 - 4:16

bitlocker without a compatible tpm
4:16 - 4:19

requires a password or startup key on a
4:19 - 4:22

usb flash drive.
4:22 - 4:24

We're going to hit ok,
4:24 - 4:26

so now we can use bitlocker without a
4:26 - 4:27

tpm
4:27 - 4:29

and we can go to
4:29 - 4:32

control panel.
4:33 - 4:34

And then
4:34 - 4:37

bitlocker drive encryption and then we
4:37 - 4:41

just want to turn on bitlocker,
4:41 - 4:43

and this is where you want to insert
4:43 - 4:45

your usb drive, we're going to need it in
4:45 - 4:47

a second.
4:48 - 4:49

You can choose
4:49 - 4:51

to use a usb drive
4:51 - 4:54

to decrypt the disk
4:54 - 4:57

before operating system login
4:57 - 5:00

or you can choose to use a password and
5:00 - 5:01

i'll show you what it looks like with a
5:01 - 5:03

password login in a second when we're
5:03 - 5:05

done with this i'm going to use a
5:05 - 5:08

password to decrypt the system drive.
5:08 - 5:10

I recommend using a complex password for
5:10 - 5:12

this,
5:17 - 5:18

and then
5:18 - 5:19

we're going to save
5:19 - 5:21

the recovery key
5:21 - 5:24

onto the flash drive.
5:24 - 5:26

I've already named this one win11
5:26 - 5:28

BitLock,
5:31 - 5:34

and then hit next.
5:34 - 5:36

And you can choose the first option,
5:36 - 5:38

if you want to do your whole disk, it
5:38 - 5:40

does take longer but that just encrypts
5:40 - 5:42

the entire disk regardless of whether or
5:42 - 5:44

not there's data on the disk for the
5:44 - 5:46

purpose of speed. I'm going to do
5:46 - 5:49

the top option here
5:49 - 5:50

and I'm going to use the new encryption
5:50 - 5:52

mode
5:52 - 5:55

here. You want to uncheck this,,
5:55 - 5:58

and then hit start encrypting
5:58 - 6:00

and then you get this notification.
6:00 - 6:03

Encryption is in progress encryption of
6:03 - 6:05

c by bitlocker drive encryption has
6:05 - 6:07

started when bitlocker disk encryption
6:07 - 6:10

is running even before it's finished
6:10 - 6:11

encrypting the entire disk.
6:11 - 6:14

You can shut down and restart the
6:14 - 6:16

computer. It picks up wherever
6:16 - 6:18

it left off when you shut down the
6:18 - 6:21

computer. If it hasn't finished, its
6:21 - 6:23

encryption process the encryption
6:23 - 6:25

process is a one-time thing and then
6:25 - 6:27

after that it's just encrypted. This is
6:27 - 6:28

what logging in looks like
6:28 - 6:31

after you've enabled bitlocker without a
6:31 - 6:33

tpm chip, you're first asked for a
6:33 - 6:36

password to decrypt the system disk and
6:36 - 6:38

then you enter the password to log in.
6:38 - 6:40

And those can be two separate passwords,
6:40 - 6:41

or they could be the same, I recommend
6:41 - 6:43

that they're different. So first, I'm just
6:43 - 6:47

going to enter the bitlocker password.
6:52 - 6:54

Now, the system disk is decrypted
6:54 - 6:58

and the operating system can load.
6:58 - 6:59

And now I can log into the operating
6:59 - 7:02

system,
7:07 - 7:10

and I'm in. That's what logging in looks
7:10 - 7:12

like when you use BitLocker without a
7:12 - 7:15

TPM chip. If you use BitLocker with a TPM
7:15 - 7:18

chip. It looks exactly like normal login,
7:18 - 7:20

because the TPM delivers the decryption
7:20 - 7:22

password as the computer starting up
7:22 - 7:24

automatically without you even knowing
7:24 - 7:26

that's happening. Okay so, I've turned my
7:26 - 7:30

tpm chip on in the system bios and if
7:30 - 7:33

you're not sure if you have a tpm chip,
7:33 - 7:35

you can go into your bios
7:35 - 7:37

and go under security
7:37 - 7:39

and then if you have tpm. You'll see tpm
7:39 - 7:41

security as an option. I'm going to turn
7:41 - 7:45

on my tpm chip now and then show you
7:45 - 7:48

bitlocker with tpm
7:48 - 7:49

hit apply,
7:49 - 7:51

and then when you hit apply. You get
7:51 - 7:52

these options.
7:52 - 7:53

I'm going to do
7:53 - 7:56

tpm acpi support,
7:56 - 7:58

and then you have to hit activate as
7:58 - 8:02

well and now the tpm chip can be used by
8:02 - 8:04

the motherboard. And by the operating
8:04 - 8:06

system,
8:06 - 8:09

hit apply and exit. That's how you turn
8:09 - 8:11

tpm on in your bios. Now I'm going to
8:11 - 8:13

turn on bitlocker again, but this time
8:13 - 8:15

with the tpm chip. First, I'm just going
8:15 - 8:19

to do the tpm.msc
8:19 - 8:22

command in the search run bar
8:22 - 8:26

to show the tpm status. So here it shows
8:26 - 8:28

that there is a tpm chip,
8:28 - 8:31

and you can actually also check the
8:31 - 8:33

firmware version of your tpm chip right
8:33 - 8:36

here. Specification version 1.2. This is a
8:36 - 8:40

tpm chip that is running tpm firmware
8:40 - 8:42

1.2 can exit out of that.
8:42 - 8:44

And then I'm just going to also show you
8:44 - 8:46

that
8:46 - 8:48

the group policy modification
8:48 - 8:51

has been undone as well.
8:51 - 8:56

So if I go back to that same spot,
8:59 - 9:02

you can see that I've reverted this to
9:02 - 9:07

not configured then go to control panel,
9:08 - 9:10

and bitlocker drive encryption again,
9:10 - 9:13

turn on bitlocker,
9:13 - 9:15

and we want to
9:15 - 9:16

save
9:16 - 9:18

the recovery key
9:18 - 9:20

to
9:20 - 9:22

this disk. This is the usb disk that I
9:22 - 9:25

have.
9:25 - 9:26

Say yes.
9:26 - 9:28

Your recovery key has been saved and
9:28 - 9:30

it's really important that you save your
9:30 - 9:32

recovery key, and then actually keep it
9:32 - 9:34

because if you get locked out of your
9:34 - 9:36

disk and you need to get back in you
9:36 - 9:38

have to have that encryption key or you
9:38 - 9:40

will not be able to get that data.
9:40 - 9:42

I've actually had to use my recovery key
9:42 - 9:45

to get into an encrypted disk before so
9:45 - 9:47

just keep it in a safe place and then
9:47 - 9:49

hit next.
9:49 - 9:51

And we're going to use the top option
9:51 - 9:52

again,
9:52 - 9:55

and then new encryption mode, yes.
9:55 - 9:57

And then for this one, we can actually do
9:57 - 9:59

the run bit locker system check. What
9:59 - 10:04

it's going to do is look for a tpm chip,
10:04 - 10:06

and it says okay everything looks good.
10:06 - 10:08

Restart now. And then the encryption will
10:08 - 10:10

start okay. I've restarted and I'm going
10:10 - 10:13

to check the status of the bitlocker
10:13 - 10:14

encryption.
10:14 - 10:17

Control panel bitlocker drive
10:17 - 10:19

encryption, and you can see that the
10:19 - 10:21

encryption is in progress right now.
10:21 - 10:23

You'll notice that you're able to shut
10:23 - 10:24

down and restart the computer. And it
10:24 - 10:27

does not disrupt the process of the
10:27 - 10:29

encryption, you can also turn off
10:29 - 10:32

bitlocker here very simply by hitting
10:32 - 10:34

turn off bitlocker.
10:34 - 10:36

And then this will decrypt the disk. The
10:36 - 10:38

disk has been decrypted, and now we're
10:38 - 10:40

back to where we started the last thing
10:40 - 10:41

I'm going to show you is how to use
10:41 - 10:45

bitlocker to go which is for use with
10:45 - 10:47

usb flash thumb drives.
10:47 - 10:49

So maybe you don't want to encrypt your
10:49 - 10:51

entire system disk inside the computer
10:51 - 10:53

itself, but you want to have
10:53 - 10:55

some sensitive data encrypted in a flash
10:55 - 10:58

thumb drive. You can use this to do that.
10:58 - 10:59

So I'm going to encrypt this flash thumb
10:59 - 11:01

drive.
11:01 - 11:04

Just turn on bitlocker.
11:04 - 11:06

We're going to use a password to unlock
11:06 - 11:08

it,
11:10 - 11:12

and then I'm going to save the bitlocker
11:12 - 11:14

encryption key. I'm going to actually
11:14 - 11:15

just put it on the desktop of this
11:15 - 11:17

computer. I recommend actually putting it
11:17 - 11:20

on a separate usb drive, but for the
11:20 - 11:21

purpose of this demonstration, I'm going
11:21 - 11:23

to put it just on the desktop of this
11:23 - 11:25

computer.
11:25 - 11:26

The recovery key has been saved that
11:26 - 11:28

step is really important you want to
11:28 - 11:30

make sure that you see your recovery key
11:30 - 11:32

has been saved,
11:32 - 11:33

and hit next. And then we're going to use
11:33 - 11:35

the top option again,
11:35 - 11:38

and compatible mode has to be used for
11:38 - 11:41

drives that can be moved from the device
11:41 - 11:43

hit next and yes, we are ready to start
11:43 - 11:46

encrypting this usb drive.
11:46 - 11:48

Now I'm going to remove this drive and
11:48 - 11:49

then plug it back in. So you can see what
11:49 - 11:52

it looks like when you plug the drive in.
11:52 - 11:56

So go to eject media,
11:57 - 11:58

safe to remove,
11:58 - 12:00

pull it out
12:00 - 12:02

and then put it back in
12:02 - 12:05

bitlocker drive, encryption unlock drive.
12:05 - 12:08

The drive is bitlocker protected,
12:08 - 12:12

enter the password
12:14 - 12:17

and now the drive has been unlocked
12:17 - 12:18

and
12:18 - 12:20

we can access the data on it.
12:20 - 12:22

There isn't any data on this. It's just
12:22 - 12:25

the recovery keys from the
12:25 - 12:26

testing of bitlocker that I did before
12:26 - 12:28

the video. And then also the recovery
12:28 - 12:30

keys that we created during this video
12:30 - 12:32

and I also want to show you real quick
12:32 - 12:34

what it looks like. If you have the usb,
12:34 - 12:36

disk in and you haven't entered the
12:36 - 12:39

bitlocker decryption key. So this is what
12:39 - 12:40

it would be like for someone that found
12:40 - 12:42

your usb disk, but they don't have the
12:42 - 12:45

bitlocker password to decrypt the drive
12:45 - 12:47

they plug it in their computer. They go
12:47 - 12:49

to access it and
12:49 - 12:50

they're not getting in
12:50 - 12:52

even if they loaded this up on a linux
12:52 - 12:55

system or some other type of computer.
12:55 - 12:57

And then they can actually open it
12:57 - 13:00

the actual data in. It is encrypted so
13:00 - 13:01

it's just a bunch of gibberish. It
13:01 - 13:03

doesn't make any sense you can also
13:03 - 13:05

decrypt the usb drive the same way that
13:05 - 13:07

you decrypted the system drive.
13:07 - 13:10

I just did a decryption of the usb drive.
13:10 - 13:13

So it's just back to a normal usb drive.
13:13 - 13:16

All you have to do is hit the turn off
13:16 - 13:18

bitlocker under
13:18 - 13:20

bitlocker to go, and then select the
13:20 - 13:23

drive and then hit turn off bitlocker.
13:23 - 13:24

All right, that's it. I hope this
13:24 - 13:26

information was helpful, please subscribe
13:26 - 13:27

to my channel for more computer
13:27 - 13:29

tutorials videos. And please check out
13:29 - 13:31

the ones I already have. I'm building a
13:31 - 13:33

large library of computer tutorial
13:33 - 13:38

videos. Thank you for watching. Bye.

Title:: Protect Your Data: How to Use Bitlocker Disk Encryption Windows 10, 11 – Step by Step
Description:: more » « less
Video Language:: English
Duration:: 13:36

	OEVIDEOS edited English subtitles for Protect Your Data: How to Use Bitlocker Disk Encryption Windows 10, 11 – Step by Step
	OEVIDEOS edited English subtitles for Protect Your Data: How to Use Bitlocker Disk Encryption Windows 10, 11 – Step by Step
	OEVIDEOS edited English subtitles for Protect Your Data: How to Use Bitlocker Disk Encryption Windows 10, 11 – Step by Step

English subtitles

Revisions Compare revisions

Revision 3 Edited

OEVIDEOS
Revision 2 Edited

OEVIDEOS
Revision 1 Uploaded

OEVIDEOS

	Revision Number	Author	Created
	3	OEVIDEOS
	2	OEVIDEOS
	1	OEVIDEOS

Protect Your Data: How to Use Bitlocker Disk Encryption Windows 10, 11 – Step by Step

Revisions Compare revisions

Our website uses cookies

Operating cookies (Required)