Introduction

Encryption is a good way to protect the data on your device. BitLocker is a Windows security feature that provides encryption for entire volumes, addressing the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned devices. However, BitLocker isn't available on the Home Edition of Windows 10 and Windows 11 systems. Fortunately, there is a tool BitLocker available in Partition Assistant that allows you to quickly and easily encrypt BitLocker and manage BitLocker encryption on the Home and other supported Windows system versions.

How to Encrypt BitLocker in Partition Assistant

Prerequisites for BitLocker Encryption and Management

• Download and install AOMEI Partition Assistant on the computer on which you would like to encrypt and manage BitLocker.
• Connect a drive you would like to encrypt.

It is a paid feature to encrypt and manage BitLocker if your system is Windows Home version because the feature is very useful and important but it is not available in Windows Home versions. Please upgrade to AOMEI Partition Assistant Professional, Server, or above versions to use the feature.

How to Encrypt BitLocker in Partition Assistant Step by Step

1. Install and launch AOMEI Partition Assistant. Click the "Tools" main tab and select "BitLocker".

Or, right-click the partition you want to encrypt and click the "BitLocker"->"Turn on BitLocker" option in the Context Menu.

2. All drives on the system will be displayed, including operating system drives, fixed data drives, and removable drives. Please find the partition you would like to encrypt BitLocker and click the "Turn on BitLocker" option. (Here, we take the drive D: as an example.)

Tips: It only supports encrypting NTFS partitions. Other partition file systems, for example, FAT or FAT32 cannot be encrypted.

3. Please set and confirm a password to encrypt the drive and click "Next".

Note:

• It requires a password combination of 8-256 digits, letters, and symbols, which can be a purely numeric/alphabetic combination (needs to be case-sensitive).
• Encrypt used disk space only (faster and best for new PCs and Drives): Checked by default. If you are setting up BitLocker on a new PC or a new drive, you only need to encrypt the part of the drive that is currently being used. And, BitLocker will automatically encrypt the newly-added data.
  If you are enabling BitLocker on a PC or drive that is already in use, you may consider encrypting the entire drive.
  Encrypting the entire drive ensures that all data is protected. Even data that has been deleted but may still contain detectable information is also protected.
• Disk encryption compatible mode (suitable for removable data drives):  Checked by default. Windows 10 (version 1511) introduces a new disk encryption mode (XTS-AES). This mode provides heavy integrity support but is not compatible with earlier versions of Windows.
  If this is a removable drive to be used on an earlier version of Windows, you should select Compatible mode.
  If this is a fixed drive, or if this drive will only be used on devices running at least Windows 10 (version 1511) or later, select the new encryption mode.
• 256-bit encryption: Unchecked by default. After checking, depending on whether to select the compatible mode encryption, use AES_256_DIFFUSER, AES_256_NO_DIFFUSER or AES_XTS_256 mode for encryption.

4. Select a way to back up your recovery key. You can either select "Save to a file" or "Print the recovery key".

If you select "Save to a file", please choose a location on your PC to save the recovery key.

Tips: Please do not save the recovery key in the encrypted drive path. For example, it is unable to encrypt D: and save the recovery key on the same D: drive.

It will generate a TXT file with the name: Bitlocker Recovery Key + 45-bit Key. The recovery file will be saved in the TXT file. You can open the file to view the recovery key. Please keep the file.

If you select "Print the recovery key", it will enable the print function on your PC to print the recovery key.

Then, please click the "Next" button to start the encryption process.

Important: If you would like to encrypt your current system drive, you will be required to restart your PC to enter into the Windows PE environment. Please click "OK" to continue.

The program will automatically create a Windows PE environment on your PC.

Tips: AOMEI Partition Assistant will automatically detect whether your system has installed Windows AIK/ADK or not. If yes, it will start the Windows PE creation and then enter into WinPE to encrypt the drive. If not, please download and install Windows AIK/ADK first.

After it is created successfully, the PC will reboot into Windows PE mode to encrypt the drive. After the encryption is completed, you will get an encryption complete window and you can click "OK" to restart your PC.

5. The encryption process might take time to encrypt the drive. Before the process is finished, please do not terminate the program, remove the drive, or turn off the power.

Once the encryption process is finished, please click "Completed". Finally, the drive is BitLocker encrypted.

Notes:

• During the encryption, the encrypted partition might have running programs or occupied files. In this case, the encryption process might fail. It requires completing the encryption under the reboot mode. AOMEI Partition Assistant will automatically detect whether your system has a recovery environment or not. If yes, it will enter into restart mode to encrypt the drive. If not, please first download and install Windows AIK/ADK.
• For system C partition BitLocker encryption, it is recommended to turn on the auto-unlock under Windows Control-Panel-BitLocker Drive Encryption. In this way, there is no need to decrypt the BitLocker at the system startup.
• Once the BitLocker on the drive is turned on, the drive will be locked automatically. If the drive is locked, the used space on the drive will not be displayed and the drive will be unable to access in Windows File Explorer.

How to Manage BitLocker in Partition Assistant

After you turn on the BitLocker on the drive following the above steps, you can easily manage the encrypted BitLocker on your PC. Once a drive is BitLocker encrypted, the drive will be locked automatically. Since the drive is locked, other options available to manage BitLocker will not be displayed. To manage the drive BitLocker, please first unlock the drive.

To manage BitLocker, please first click the "Tools" main tab and select "BitLocker" to find the encrypted drive. (Or, right-click the encrypted partition you want to manage, select the "BitLocker" option, and then choose the option you want to manage.)

Generally, there are 4 options available to manage BitLocker encryption: back up the recovery key, change the password, lock the drive, and turn off BitLocker.

How to Back up Recovery Key

1. Find the encrypted drive you would like to back up the recovery key and click the option "Back up recovery key".

2. You will be asked to enter the password you set. Please enter the correct password and click the "Next" button.

3. After you enter the correct password, there are 2 ways available to back up your recovery key: "Save to a file" and "Print the recovery key". Please select a way you prefer and then click the "Next" button.

If you select "Save to a file", you need to choose a location on your PC to save the recovery key. It will generate a TXT file with the name: Bitlocker Recovery Key + 45-bit Key.

Tips: Please do not back up the recovery key in the encrypted drive path. For example, it is unable to encrypt D: and save the recovery key on the same D: drive.

In the generated TXT file, the recovery key is saved. The recovery key is important for you to manage the BitLocker. Please keep the TXT file and the recovery key in the file.
If you select "Print the recovery key", it will enable the print function on your PC to print the recovery key.
 

How to Change Password

1. Find the encrypted drive you would like to change the password and click the option "Change password".

2. There are 2 ways available to change the password: Use password to change drive password and Use recovery key to change drive password. Please select either way you like.

If you select "Use password to change drive password", please first enter the correct old password, type a new password, and then confirm the new password. After all is set, please click the "Modify" button.

If you select "Use recovery key to change drive password", please first enter the recovery key saved in the TXT file or printed when you encrypted the drive, type a new password, and then confirm the new password. After all is set, please click the "Modify" button.

3. If the modification is successful, you will get a "Password changed successfully" window.

How to Lock/Unlock the Drive

If a drive is not locked, you can click the option "Lock the drive" to directly lock the drive.

If a drive has already been locked, "Unlock the drive" will be the only available option to manage BitLocker. You need to first unlock the drive before managing the drive BitLocker.

1. To unlock the drive, please click the option "Unlock the drive".

2. There are still 2 ways available to unlock the drive: Use a password to unlock the drive and Use a recovery key to unlock the drive. Please select either way as per your need.

If you select "Use a password to unlock the drive", please enter the right password and then click the "Unlock" button.

Notes:

• Automatically unlock drive on the current PC: Unticked by default. After checking, if the current drive is in the current device, there is no need to unlock it manually after reboot, it will be unlocked automatically by default.
• Save credentials in Credential Manager: Unticked by default. After checking, it will save the unlock credentials in the Credential Manager. The next time you unlock the door, the password from the previous time is written by default.

If you select "Use a recovery key to unlock the drive", please enter the recovery key saved in the TXT file or printed when you encrypted the drive, and then click the "Unlock" button.

3. If the entered password/recovery key is correct, the drive will be unlocked.

How to Turn off BitLocker

1. Find the encrypted drive you would like to decrypt and click the option "Turn off BitLocker".

2. There are still 2 ways available to decrypt the drive: Use password to decrypt the drive and Use recovery key to decrypt the drive. Please select either way as per your need.

If you select "Use a password to decrypt the drive", please enter the right password and then click the "Decrypt" button.

If you select "Use a recovery key to decrypt the drive", please enter the recovery key saved in the TXT file or printed when you encrypted the drive, and then click the "Decrypt" button.

Notes:

• Only decrypt the used disk space: When checked, only used disk space is decrypted; when unchecked, the entire disk is decrypted.

3. Then, the decryption process will start and it might take time to decrypt the drive. Before the process is finished, please do not terminate the program, remove the drive, or turn off the power.

Once the decryption process is finished, please click "Completed". Finally, the BitLocker on the drive is decrypted.

Conclusion

Following the above process, you can quickly and easily use AOMEI Partition Assistant to encrypt BitLocker and manage BitLocker encryption on your computer drives. It will be faster to encrypt and manage BitLocker encryption compared with Windows. Once the drive is BitLocker encrypted, the data on the drive is well protected. It offers an effective way to protect your data against loss, exposure, and theft.

AOMEI Partition Assistant also offers other useful tools, for example, data recovery and partition recovery, which will help you recover your important data and partitions.

 

Notes:

• It is unable to change the password under WinPE. But you can turn off BitLocker under WinPE.
• Dynamic Volumes BitLocker encryption is not supported.
• Before the encryption or decryption process is completed, please do not terminate the program, remove the drive, or turn off the power.
• For operating System Drive Encryption: When selecting an operating system for encryption, BitLocker Drive Encryption (included in Windows 10 Professional or Windows 10 Enterprise) requires a Trusted Platform Module (TPM) version 1.2 or higher and a BIOS or UEFI compatible with Trusted Computing Group (TCG). Group (TCG)-compatible BIOS or UEFI. BitLocker can be used on a device without a TPM, but you need to keep the boot key on a removable device, such as a USB disk. When you add a device to Azure Active Directory (AAD), TPM 2.0 and InstantGo must be supported if you want to be able to automatically encrypt a local drive. Please check with your computer manufacturer to confirm that your device supports the correct version of TPM as well as InstantGo for the scenarios you want to enable.

FAQs:

Q: After the system drive is encrypted, the Windows boot needs to decrypt the BitLocker at the system startup. What can I do to boot the system?

A: For system C partition BitLocker encryption, it is recommended to turn on the auto-unlock under Windows Control-Panel-BitLocker Drive Encryption. In this way, there is no need to decrypt the BitLocker at the system startup.

If the auto-unlock it not turned on, you need to enter the BitLocker recovery key to decrypt the BitLocker encryption. Or, you can use a bootable media created by AOMEI Partition Assistant to boot into WinPE to first decrypt the system drive and boot again.

Q: If a drive has been encrypted in Windows, can I still manage the BitLocker in Partition Assistant?

A: Yes, you can still manage the BitLocker encryption in Partition Assistant.

Q: Can I encrypt a FAT 32 partition?

A: No,  it is only able to encrypt the NTFS partition. Partitions with other file systems are not supported.

Q: Why does it fail to create Windows PE during the encryption?

A: The possible issue is that there is no recovery environment on the computer or the environment is corrupted. To solve this issue, you can create a bootable media and manually boot your PC into WinPE to encrypt the drive.