Smart Tricks for Managing BitLocker Drive in Windows PC

The Windows operating system includes a disk encryption feature known as BitLocker. The process of managing BitLocker on all of your encrypted drives is not straightforward. This article will instruct you on how to manage the BitLocker drive on Windows.

Posted by @Lucas December 17, 2024 Updated By @Lucas August 19, 2024

Significance of managing BitLocker drives

The Windows operating system includes a disk encryption feature known as BitLocker. It offers comprehensive disc encryption to safeguard data on a device, which includes data stored on the operating system drive and other data drives. If the device is lost or stolen, BitLocker employs industry-standard encryption algorithms to safeguard data and prevent unauthorized access.

BitLocker encryption management can be a challenge for organizations with a significant number of devices. This is particularly accurate when the devices are mobile. BitLocker's centralized management and monitoring system enables organizations to guarantee that all devices are appropriately encrypted and monitored, irrespective of their mobility status and location. This assists organizations in complying with regulatory requirements and ensuring the security of their data.

Is it possible to centrally manage BitLocker?

Centralized managing and monitoring of BitLocker are feasible. Organizations can administer BitLocker encryption on all of their Windows devices from a single location by implementing a centralized management solution. This allows them to promptly address any issues, monitor the encryption status of each device, and guarantee that all devices are adequately encrypted. Organizations can more easily comply with compliance requirements and enhance the security of their data by implementing a centralized disk management solution.

How to manage BitLocker in Control Panel

BitLocker encryption management in Windows entails the following: the proper management of encryption keys, the monitoring of encryption status on each device, and the enabling of encryption. This can be a time-consuming and complex process for organizations with a large number of devices.

1. Steps for enabling BitLocker encryption on Windows devices

To enable BitLocker encryption on a Windows device, follow these steps:

Step 1. Go to Control Panel > System and Security > BitLocker Drive Encryption.

Step 2. Select the drive that you want to encrypt and click “Turn on BitLocker.”

Step 3. Choose the encryption method you want to use.

Step 4. Save the recovery key and key package to a secure location.

Step 5. Select “Start encrypting” to begin the encryption process.

2. How to change BitLocker password

Step 1. Open the Control Panel from the Start menu or by using the Windows search box.

Step 2. In the Control Panel, click System and Security > BitLocker Drive Encryption.

Step 3. Click the drive whose password you want to change, then click on Change password.

Step 4. In the pop-up window, input the old password and the new password, then click Change password. The steps are the same as changing your BitLocker password in File Explorer.

3. Turn off BitLocker encryption

Step 1. Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption

Step 2. Look for the drive on which you want BitLocker Drive Encryption turned off, and click Turn Off BitLocker

Step 3. A message will be displayed, stating that the drive will be decrypted and that decryption may take some time. Click Turn off Bitlocker / Decrypt the drive to continue and turn off BitLocker on the drive.

Step 4. Restart your computer, before proceeding with the image creation process. Thus, you can disable BitLocker using Command Prompt.

All-in-one BitLocker management tool for all Windows PC

Although Control Panel is a handy tool, when you wish to perform drive size modification, an all-in-one BitLocker management tool can fix more issues for your devices. AOMEI Partition Assistant Professional is such a tool for all Windows computer.

It is a disk and partition manager that can clone/resize/clean/BitLocker encrypt drives, even Windows Home users can employ BitLocker feature to protect privacy.

1. Turn on BitLocker encryption

Step 1. Install and launch AOMEI Partition Assistant Professional. Go to the "Tools" section and select "BitLocker."

Step 2. Choose the drive partition you want to encrypt and click on "Turn on BitLocker."

Step 3. Generate a password, confirm it, and click "Next" to continue.

Step 4. Determine how to back up your recovery key by either selecting "Save to a file" or "Print the recovery key." Then, proceed by clicking Next to initiate the encryption procedure.

How to Back up Recovery Key

1. Find the encrypted drive you would like to back up the recovery key and click the option "Back up recovery key".

2. You will be asked to enter the password you set. Please enter the correct password and click the "Next" button.

3. After you enter the correct password, there are 2 ways available to back up your recovery key: "Save to a file" and "Print the recovery key". Please select a way you prefer and then click the "Next" button.

If you select "Save to a file", you need to choose a location on your PC to save the recovery key. It will generate a TXT file with the name: Bitlocker Recovery Key + 45-bit Key.

Tips: Please do not back up the recovery key in the encrypted drive path. For example, it is unable to encrypt D: and save the recovery key on the same D: drive.

In the generated TXT file, the recovery key is saved. The recovery key is important for you to manage the BitLocker. Please keep the TXT file and the recovery key in the file. If you select "Print the recovery key", it will enable the print function on your PC to print the recovery key.

How to Change Password

1. Find the encrypted drive you would like to change the password and click the option "Change password".

2. There are 2 ways available to change the password: Use password to change drive password and Use recovery key to change drive password. Please select either way you like.

If you select "Use password to change drive password", please first enter the correct old password, type a new password, and then confirm the new password. After all is set, please click the "Modify" button.

If you select "Use recovery key to change drive password", please first enter the recovery key saved in the TXT file or printed when you encrypted the drive, type a new password, and then confirm the new password. After all is set, please click the "Modify" button.

3. If the modification is successful, you will get a "Password changed successfully" window.

How to Lock/Unlock the Drive

If a drive is not locked, you can click the option "Lock the drive" to directly lock the drive.

If a drive has already been locked, "Unlock the drive" will be the only available option to manage BitLocker. You need to first unlock the drive before managing the drive BitLocker.

1. To unlock the drive, please click the option "Unlock the drive".

2. There are still 2 ways available to unlock the drive: Use a password to unlock the drive and Use a recovery key to unlock the drive. Please select either way as per your need.

If you select "Use a password to unlock the drive", please enter the right password and then click the "Unlock" button.

Notes:

  • Automatically unlock drive on the current PC: Unticked by default. After checking, if the current drive is in the current device, there is no need to unlock it manually after reboot, it will be unlocked automatically by default.
  • Save credentials in Credential Manager: Unticked by default. After checking, it will save the unlock credentials in the Credential Manager. The next time you unlock the door, the password from the previous time is written by default.

If you select "Use a recovery key to unlock the drive", please enter the recovery key saved in the TXT file or printed when you encrypted the drive, and then click the "Unlock" button.

3. If the entered password/recovery key is correct, the drive will be unlocked.

How to Turn off BitLocker

1. Find the encrypted drive you would like to decrypt and click the option "Turn off BitLocker".

2. There are still 2 ways available to decrypt the drive: Use password to decrypt the drive and Use recovery key to decrypt the drive. Please select either way as per your need.

If you select "Use a password to decrypt the drive", please enter the right password and then click the "Decrypt" button.

If you select "Use a recovery key to decrypt the drive", please enter the recovery key saved in the TXT file or printed when you encrypted the drive, and then click the "Decrypt" button.

Notes:

  • Only decrypt the used disk space: When checked, only used disk space is decrypted; when unchecked, the entire disk is decrypted.

3. Then, the decryption process will start and it might take time to decrypt the drive. Before the process is finished, please do not terminate the program, remove the drive, or turn off the power.

Once the decryption process is finished, please click "Completed". Finally, the BitLocker on the drive is decrypted.

Conclusion

One important way to keep company data safe is to manage and keep an eye on BitLocker encryption on Windows devices from one place. IT managers can easily manage and keep an eye on BitLocker encryption on Windows devices by using the tips and best practices in this piece. This will keep their company's sensitive data safe and secure. To protect private data and reduce the risk of data breaches, it is important to put control and monitoring of BitLocker at the top of your list of priorities.