How to Encrypt Your Windows PC

More Stories in this Series

How to Use BitLocker to Encrypt Your Hard Drive

Even without knowing your Windows password, intruders can easily gain access to files and passwords stored by Windows and other programs on your computer. They can do this by booting into their own operating system (Windows or Linux) from a special disc or USB flash drive. After doing so, they can access your hard drives just as you can when you're logged into Windows.

The only way to protect your data completely is by using encryption. You can encrypt select files, but to protect your system files and saved passwords, you must encrypt your entire hard drive. This operation takes more time and effort than encrypting select files does, but it offers more security--and it's great for laptops and netbooks that can easily go missing.

If your computer is running the Ultimate or Enterprise edition of Windows 7 or Vista, you can use Microsoft’s included BitLocker feature to encrypt your entire drive. BitLocker offers protection for all of your personal files and documents, as well as for all of the system files and cached or saved passwords on your drive. Though Microsoft includes BitLocker with these two editions of Windows, the feature isn’t enabled by default. To activate it, you must manually enable it in the 'System and Security' Control Panel.

The BitLocker Control Panel.

After encrypting your drive with BitLocker, you won’t notice any difference in using your computer. Unlike with most other third-party encryption programs, you don’t have to type in an encryption password when booting up your system, aside from entering the usual Windows password to log on to your user account. The drive is automatically decrypted with a method that protects it from snoopers outside of your Windows.

To support so simple an encryption process, however, your computer must meet a few stringent software and hardware requirements. To start with, your drive must have two NTFS drive partitions: a system partition (which contains the files needed to start your computer), and an operating system partition (which you should have already, and which contains Windows and your personal files).

If the system partition is not already available, BitLocker may try to create it for you automatically, but sometimes it may not have enough available drive space to do so. In addition, your computer must have a motherboard with a compatible Trusted Platform Module (TPM) microchip, and the BIOS should be TCG (for Trusted Computing Group) compliant. Having a TPM microchip isn't madatory, but without it the configuration and usability are more complicated.

If you don’t understand the requirements, don’t sweat it. To see whether your system meets them, simply open BitLocker: Click Start, Control Panel, System and Security, BitLocker Drive Encryption, Turn On BitLocker.

If your computer doesn’t meet the requirements, it will let you know. If you get an error message about not having a TPM device, it's possible that your PC does have one that isn't enabled in the BIOS. Try checking your PC's BIOS setup menu at boot for any mention of TPM support. Otherwise, consider using a third-party encryption program, such as DiskCryptor, instead of using BitLocker.

Eric Geier is a freelance tech writer—become a Twitter follower to keep up with his writings. He’s also the founder of NoWiresSecurity, which helps small businesses easily protect their Wi-Fi network with Enterprise-class security.

Subscribe to the Daily Downloads Newsletter

Comments