Turn On or Off BitLocker for Fixed Data Drives in Windows 10  

    Turn On or Off BitLocker for Fixed Data Drives in Windows 10

    Turn On or Off BitLocker for Fixed Data Drives in Windows 10

    How to Turn On or Off BitLocker for Fixed Data Drives in Windows 10
    Published by Category: Security System
    14 Aug 2019
    Designer Media Ltd


    How to Turn On or Off BitLocker for Fixed Data Drives in Windows 10

    information   Information
    You can use BitLocker Drive Encryption to help protect your files on an entire drive. BitLocker can help block hackers from accessing the system files they rely on to discover your password, or from accessing your drive by physically removing it from your PC and installing it in a different one. You can still sign in to Windows and use your files as you normally would.

    New files are automatically encrypted when you add them to a drive that uses BitLocker. However, if you copy these files to another drive or a different PC, they're automatically decrypted.

    BitLocker can encrypt the drive Windows is installed on (the operating system drive) as well as fixed data drives (such as internal hard drives). You can also use BitLocker To Go to help protect all files stored on a removable data drive (such as an external hard drive or USB flash drive).

    You can choose how you want to unlock an encrypted data drive: with a password or a smart card. For fixed data drives, you can also set the drive to automatically unlock when you unlock the PC, if you prefer, as long as the operating system drive is BitLocker-protected.

    This tutorial will show you how to turn on or off BitLocker to encrypt or decrypt a fixed data drive in Windows 10.
    Note   Note
    BitLocker Drive Encryption is only available in Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education editions.

    CONTENTS:
    • Option One: To Turn On BitLocker for a Fixed Data Drive in BitLocker Manager
    • Option Two: To Turn Off BitLocker for a Fixed Data Drive in BitLocker Manager
    • Option Three: To Turn Off BitLocker for a Fixed Data Drive in Command Prompt
    • Option Four: To Turn Off BitLocker for a Fixed Data Drive in PowerShell


    EXAMPLE: Enter password to unlock data drive encrypted by BitLocker
    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-bitlocker-1.png Turn On or Off BitLocker for Fixed Data Drives in Windows 10-bitlocker-2.png






    OPTION ONE

    To Turn On BitLocker for a Fixed Data Drive in BitLocker Manager


    1. If you like, set a default encryption method (XTS-AES or AES-CBC) and cipher strength (128 bit or 256 bit) you want used by BitLocker. BitLocker Drive Encryption uses AES-CBC 128 bit by default for fixed data drives.

    2. Do step 3, step 4, or step 5 below for how you would like to manage BitLocker.

    3. Right click or press and hold on the fixed data drive (ex: G: ) you want to encrypt, click/tap on Turn on BitLocker, and go to step 6 below. (see screenshot below)

    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_on_bitlocker_fixed_data_drives-1.jpg

    4. Select the fixed data drive (ex: G: ) you want to encrypt, click/tap on the "Drive Tools" Manage tab, click/tap on the BitLocker button in the ribbon, click/tap on Turn on BitLocker, and go to step 6 below. (see screenshot below)

    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_on_bitlocker_fixed_data_drives-2.jpg

    5. Open the Control Panel (icons view), and click/tap on the BitLocker Drive Encryption icon.

    A) Expand open the fixed data drive (ex: G: ) you want to encrypt under Fixed data drives, click/tap on Turn on BitLocker, and go to step 6 below. (see screenshot below)

    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_on_bitlocker_fixed_data_drives-3.jpg

    6. Choose how (password, smart card, or automatically) you want to unlock this drive, and click/tap on Next. (see screenshot below)
    Note   Note
    The Automatically unlock this drive on this computer option will only be available if the operating system drive has already been encrypted by BitLocker.
    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_on_bitlocker_fixed_data_drives-4.jpg

    7. Select how (Microsoft account, USB, file, and/or print) you want to back up your BitLocker recovery key for this drive, and click/tap on Next when finished. (see screenshot below)

    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_on_bitlocker_fixed_data_drives-5.jpg

    Note   Note
    Microsoft account = This option is only available when you are signed in to Windows 10 with a Microsoft account. It will save the BitLocker recovery key to your OneDrive account online at https://onedrive.live.com/recoverykey.

    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_on_bitlocker_fixed_data_drive-5a.png

    USB flash drive = This option will save the BitLocker recovery key to a selected USB flash drive.

    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_on_bitlocker_fixed_data_drive-5b.png

    File = This option will save the BitLocker recovery key .TXT file to a location you select.

    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_on_bitlocker_fixed_data_drive-5c.png
    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_on_bitlocker_fixed_data_drive-5d.png

    Print = This option will print the BitLocker recovery key to the selected printer.

    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_on_bitlocker_fixed_data_drive-5e.png


    8. Select (dot) how much of your drive to encrypt right now, and click/tap on Next. (see screenshot below)
    Note   Note
    It is recommended to select Encrypt entire drive.
    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_on_bitlocker_fixed_data_drives-6.jpg

    9. Select (dot) which encryption mode to use, and click/tap on Next. (see screenshot below)
    Note   Note
    If you did step 1 above to set a default encryption method and cipher strength, then you will not have this setting available since BitLocker will use what you set in step 1 instead.


    New encryption mode (XTS-AES 128-bit) = Select this mode if this is a fixed drive or if this drive will only be used on devices running at least Windows 10 (version 1511) or later.

    Compatible mode (AES-CBC 128-bit) = Select this mode if this is a removable drive that you're going to use on an older version of Windows (ex: Vista, Windows 7, or Windows 8/8.1).
    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_on_bitlocker_fixed_data_drives-7.jpg

    10. Click/tap on Start encrypting when ready. (see screenshot below)

    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_on_bitlocker_fixed_data_drives-8.jpg

    11. The fixed data drive will now start encrypting. (see screenshot below)
    Note   Note
    This could take a long time to finish depending on the size of the drive and how much data on the drive is being encrypted.
    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_on_bitlocker_fixed_data_drives-9.jpg

    12. When encryption has finished, click/tap on Close. (see screenshot below)

    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_on_bitlocker_fixed_data_drives-10.jpg






    OPTION TWO

    To Turn Off BitLocker for a Fixed Data Drive in BitLocker Manager


    1. If you have not already, unlock the fixed data drive encrypted by BitLocker.

    2. Do step 3, step 4, or step 5 below for how you would like to manage BitLocker.

    3. Right click or press and hold on the encrypted fixed data drive (ex: G: ), click/tap on Manage BitLocker, and go to step 6 below. (see screenshot below)

    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_off_bitlocker_fixed_data_drives-1.jpg

    4. Select the encrypted fixed data drive (ex: G: ), click/tap on the "Drive Tools" Manage tab, click/tap on the BitLocker button in the ribbon, click/tap on Manage BitLocker, and go to step 6 below. (see screenshot below)

    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_off_bitlocker_fixed_data_drives-2.jpg

    5. Open the Control Panel (icons view), click/tap on the BitLocker Drive Encryption icon, and go to step 6 below.

    6. Expand open the encrypted fixed data drive (ex: G: ) under Fixed data drives, and click/tap on Turn off BitLocker. (see screenshot below)

    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_off_bitlocker_fixed_data_drives-3.jpg

    7. Click/tap on Turn off BitLocker to confirm. (see screenshot below)

    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_off_bitlocker_fixed_data_drives-4.jpg

    8. The fixed data drive will now start decrypting. (see screenshot below)

    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_off_bitlocker_fixed_data_drives-5.jpg

    9. When decryption has finished, click/tap on Close. (see screenshot below)

    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_off_bitlocker_fixed_data_drives-6.jpg






    OPTION THREE

    To Turn Off BitLocker for a Fixed Data Drive in Command Prompt


    1. Open an elevated command prompt.

    2. Type the command below into the elevated command prompt, and press Enter. (see screenshot below)


    manage-bde -off <drive letter>:

    Note   Note
    Substitute <drive letter> in the command above with the actual drive letter of the encrypted drive you want to decrypt.

    For example: manage-bde -off G:
    Tip   Tip
    You can check the status of BitLocker for the drive at anytime.
    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_off_bitlocker_command.jpg






    OPTION FOUR

    To Turn Off BitLocker for a Fixed Data Drive in PowerShell


    Note   Note
    To see more Disable-BitLocker command usage options, see: Disable-BitLocker - Microsoft Docs

    1. Open an elevated Powershell.

    2. Type the command below into the elevated PowerShell, and press Enter. (see screenshot below)


    Disable-BitLocker -MountPoint "<drive letter>:"

    Note   Note
    Substitute <drive letter> in the command above with the actual drive letter of the encrypted drive you want to decrypt.

    For example: Disable-BitLocker -MountPoint "F:"
    Tip   Tip
    You can check the status of BitLocker for the drive at anytime.
    Turn On or Off BitLocker for Fixed Data Drives in Windows 10-turn_off_bitlocker_powershell.png



    That's it,
    Shawn


    Related Tutorials



  1. Cr00zng's Avatar
    Posts : 639
    Windows 10 64-bits
       #1

    Nice tutorial Brink...

    I use BitLocker for sanitizing disks, preferred over disk wipe, in a nutshell:

    1. Encrypt the full drive, internal and/or external, including empty/blank sectors
    2. Clean the volume with "diskpart"
    3. Quick format the drive


    Time wise, it's probably the same as disk wipe, about 3-4 GB per minute or about six hour for a 1TB drive on my system. USB 3.x interface is preferred over USB 2.0 for the external drive.

    After the format, some of the encrypted data will be readable, but there's no way to decrypt it with/without the encryption key. No, I am not doing anything that would require this level of security for retired storage, but my clients request it. That's how I end up 6-7 HDDs or SSDs on my desk, well, until I give them away...
      My Computer

  2. Brink's Avatar
    Posts : 48,607
    64-bit Windows 10 Pro for Workstations build 19631
    Thread Starter
       #2

    I bet that does take a long time to do.
      My Computers

  3. Cr00zng's Avatar
    Posts : 639
    Windows 10 64-bits
       #3

    The bottleneck is the disk write, for both single pass disk wipe and BitLocker. Increasing the the number of passes for disk wipe doubles, triples, etc., the time required. Encrypting the drive is a single pass and more secure than disk wipe...
      My Computer


 

Tutorial Categories

Turn On or Off BitLocker for Fixed Data Drives in Windows 10 Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Mixed Reality Phone


Related Threads
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 16:04.
Find Us




Windows 10 Forums