BitLocker - Turn On for Fixed Data Drives in Windows 8

How to Turn On or Off BitLocker for Fixed Data Drives in Windows 8

information   Information
BitLocker Drive Encryption provides protection for operating system drives, fixed data drives, and removable data drives that are lost or stolen. BitLocker does this by encrypting the contents of drives and requiring users to authenticate their credentials to be able to access the information.

This tutorial will show you how to turn on or off BitLocker to encrypt or decrypt fixed data drives (ex: internal hard drive) in Windows 8 and 8.1.

You must be signed in as an administrator to be able to do the steps in this tutorial.

Note   Note

  • This tutorial does not apply to an operating system drive.
  • For a fixed data drive to be BitLocker-protected, it must be formatted by using the exFAT, FAT16, FAT32, or NTFS file system.
  • The drive, volume, or partition must be least 64 MB in size.
  • Any files saved to an encrypted drive will automatically be encrypted as well.
  • Files remain encrypted only while they are stored on the encrypted drive. Files will be decrypted if they are copied on another drive, partition, or PC.
  • Users who use BitLocker to protect the content of their personal files can also use File History as it seamlessly supports BitLocker on both source and destination drives.
  • If you create a system image or backup of an unlocked encrypted drive, the files in the saved image or backup will be decrypted.
  • If you share files with other people, such as through a network, the files are encrypted as long as they're stored on the same encrypted drive, and they can be accessed by authorized people or people you've given permission to.
  • You can choose how you want to unlock an encrypted data drive: with a password or smart card. You can also set the drive to automatically unlock when you sign to the PC, if you prefer.
  • To be able to automatically unlock fixed data drives, the OS drive that Windows 8 is installed on must also be encrypted by BitLocker.

For more information, see: BitLocker Frequently Asked Questions (FAQ)

warning   Warning
BitLocker Drive Encryption is only available in the Windows 8 Pro and Windows 8 Enterprise editions.





OPTION ONE

To Turn On BitLocker for Fixed Data Drive in Windows 8


NOTE: This option will encrypt everything on a selected unencrypted volume or partition (drive letter) from a fixed data drive.
1. If you have not already, choose to use either an AES 128-bit or 256-bit encryption method.​
NOTE: Windows 8 uses AES 128-bit encryption by default.​
2. Do step 3, 4, or 5 for how you would like to start.​
3. Open the Control Panel (icons view), click/tap on BitLocker Drive Encryption icon. Under Fixed data drives, click/tap on an arrow to expand the drive letter you want to encrypt, click/tap on the Turn on BitLocker link, and go to step 6 below. (see screenshot below)​
Turn_On_BitLocker-2.jpg
4. In File Explorer, open Computer, right click or press and hold on an unencrypted data drive letter you want to encrypt, click/tap on Turn on BitLocker, and go to step 6 below. (see screenshot below step 5)​
5. In File Explorer, open Computer, select (highlight) an unencrypted data drive letter you want to encrypt, click/tap on Manage (Drive Tools) tab, click/tap on BitLocker icon in the ribbon, click/tap Turn on BitLocker, and go to step 6 below. (see screenshot below)​
Turn_On_BitLocker-1.jpg
6. If prompted by UAC, click/tap on Yes.
7. Check the box of option(s) you want to use to unlock the drive with, and click/tap on Next when ready. (see screenshot below)​
Note   Note
Password = When users attempt to open a drive, they are prompted to enter the password before the drive will be unlocked. Passwords will need to be at least 8 characters long to meet minimum length requirements. Be sure to write down this password, and keep it somewhere safe in case you forget the password.

Note   Note

Smart card = When users attempt to open a drive, they are prompted to insert their smart card and enter the smart card PIN number before the drive will be unlocked. When encrypting a drive by using a smart card, a certificate-based protector is created on the drive. This protector contains some unencrypted information that is required to unlock the drive. The public key and thumbprint of the certificate that was used to encrypt the drive is stored unencrypted in the protector's metadata on the drive. This information could be used to identify the certification authority (CA) that issued the certificate.​
Automatic unlock = Fixed data drives can be set to automatically unlock on a computer where the operating system drive is also encrypted. Removable data drives can be set to automatically unlock on a computer running Windows 8 after the password or smart card is initially used to unlock the drive.​

Turn_On_BitLocker-3.jpg
8. Select how you want to back up your BitLocker recovery key, and click/tap on Next when finished. (see screenshot below)​
Note   Note
If you forget the password (step 7) for a drive you've encrypted with BitLocker Drive Encryption, or if something happens to your PC that prevents it from accessing the encrypted drive, you can still use a recovery key (a string of 48 random numbers) to get back into the drive.

Note   Note

It's essential that you store a copy of your recovery in a safe place. If you lose it, you might permanently lose access to your files on the encrypted drive.​

Tip   Tip
The Save to your Microsoft account option is only available on non-domain-joined PCs.
Tip   Tip

If you saved the BitLocker recovery key to your Microsoft account, you will be able to log in to your Microsoft account online at the Microsoft's site below from any PC to view all of your saved recovery keys at anytime.​
Turn_On_BitLocker-4.jpg
9. Select (dot) to encrypt entire drive, and click/tap on Next. (see screenshot below)​
Turn_On_BitLocker-5.jpg
10. Click/tap on Start encrypting. (see screenshot below)​
NOTE: This may take a long time to finish, but you will still be able to use your PC during the encryption process. Just do not turn off the PC until it has finished encrypting.​
Turn_On_BitLocker-6.jpg
11. You will now notice the BitLocker icon in the taskbar notification area. You can click/tap on it to see the encryption progress. (see screenshot below)​
Turn_On_BitLocker-7.jpg
12. When encryption of the drive has finally finished, click/tap on Close. (see screenshot below)​
Turn_On_BitLocker-8.jpg
13. Unless the encrypted drive is set to auto-unlock (step 7 above), whenever the computer is restarted, any local user (standard or administrator) will need to unlock the encrypted drive to be unlocked for all users on the computer. For example, by entering a password from step 7 above.​
Unlock.jpg
Locked_Drive.pngUnlocked_Drive.png






OPTION TWO

To Turn Off BitLocker for Fixed Data Drive in Windows 8


NOTE: This option will decrypt everything on a selected encrypted volume or partition (drive letter) from a fixed data drive.
1. Do step 2, 3, or 4 for how you would like to start.​
2. Open the Control Panel (icons view), click/tap on BitLocker Drive Encryption icon, and go to step 5 below.​
3. In File Explorer, open Computer, right click or press and hold on an encrypted data drive letter you want to decrypt, click/tap on Manage BitLocker, and go to step 5 below. (see screenshot below step 4)​
4. In File Explorer, open Computer, select (highlight) an encrypted data drive letter you want to decrypt, click/tap on Manage (Drive Tools) tab, click/tap on BitLocker icon in the ribbon, click/tap Manage BitLocker, and go to step 5 below. (see screenshot below)​
Turn_Off_Bitlocker-1.jpg
5. Under Fixed data drives, click/tap on an arrow to expand the drive letter you want to decrypt, and click/tap on the Turn off BitLocker link. (see screenshot below)​
Turn_Off_Bitlocker-2.jpg
6. If prompted by UAC, click/tap on Yes.​
7. Click/tap on Turn off BitLocker. (see screenshot below)​
NOTE: This may take a long time to finish, but you will still be able to use your PC during the decryption process. Just do not turn off the PC until it has finished decrypting.​
Turn_Off_Bitlocker-3.jpg
8. You will now notice the BitLocker icon in the taskbar notification area. You can click/tap on it to see the decryption progress. (see screenshot below)​
Turn_Off_Bitlocker-4.jpg
9. When decryption of the drive has finally finished, click/tap on Close. (see screenshot below)​
Turn_Off_Bitlocker-5.jpg



That's it,
Shawn


 
Last edited by a moderator:
Hi,

I have a question. what is the difference between unlocking a drive and decrypting that?
When we unlock a drive, do we unscramble it?
Thank you.
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    PC/Desktop
    Browser
    FireFox
    Antivirus
    KasperSky
Hello Amir, and welcome to Eight Forums.

When you unlock or auto-unlock a drive, it's just to be able to access the encrypted drive. It doesn't decrypt the drive.

You could suspend/resume BitLocker to temporary toggle encryption on/off as needed.

Only if you turn off Bitlocker will it completely decrypt the drive.

Hope this helps, :)
Shawn
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
kd.jpg sir I am facing this problem, but I don't know how can I solve it. According to your tutorial.kd2.PNGkindly help me what is problem with my laptop.
 

My Computer

System One

  • OS
    Pentium(R)
    Computer type
    Laptop
    System Manufacturer/Model
    dell
    CPU
    B950
    Motherboard
    2 GB
    Memory
    300GB
    Browser
    internet explor
    Antivirus
    windowdefender

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
kd.jpg sir, this is the full screenshot. thanks for your attention.
 

My Computer

System One

  • OS
    Pentium(R)
    Computer type
    Laptop
    System Manufacturer/Model
    dell
    CPU
    B950
    Motherboard
    2 GB
    Memory
    300GB
    Browser
    internet explor
    Antivirus
    windowdefender
What type of removable drive is this?

Directly right click on the left smaller Disk 1 box on the bottom half of the screenshot, and see if you have an Initialize or Online option. If you do, click on it to see if that restores your drive.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
vlcsnap-2014-11-30-08h41m35s170.pngvlcsnap-2014-11-30-08h41m42s252.png removable disk means USB
 

My Computer

System One

  • OS
    Pentium(R)
    Computer type
    Laptop
    System Manufacturer/Model
    dell
    CPU
    B950
    Motherboard
    2 GB
    Memory
    300GB
    Browser
    internet explor
    Antivirus
    windowdefender
If this is a media card reader, then it'll need to have a media card inserted in it first before it will be accessible.

You would need to right click on the area boxed in red instead.

kd.jpg
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Something is strange. I have decrypted the C partition but there seems to still be an encryption bit somewhere. E.g. the AOMEI OneKey imaging program can still not image the partition because it is shown to them as encrypted - actually they say 'dynamic' but it is not dynamic. After correspondence with AOMEI it appears that they cannot make the difference between encrypted and dynamic.
 

My Computer

System One

  • OS
    Vista and Win7
    System Manufacturer/Model
    2xHP, 2xGateway, 1xDell, 1xSony
    Hard Drives
    5 SSDs and 12 HDs

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Thanks Shawn. I will check that.

Another funny one is that they apparently switched RECIMG off. It did not work when encrypted and after decryption it still does not work. On my wife's identical T100 that has the same OS and was never encrypted, RECIMG works. Here you have two identical systems purchased a couple of months apart that have different function content.. Go figure.
 

My Computer

System One

  • OS
    Vista and Win7
    System Manufacturer/Model
    2xHP, 2xGateway, 1xDell, 1xSony
    Hard Drives
    5 SSDs and 12 HDs
Hey Wolfgang,

Some of these newer Windows 8/8.1 PCs have a feature called Device encryption. You might check to see if that may be the issue here if applicable.

Windows 8.1 includes seamless, automatic disk encryption

I think I am slowly learning that "Device Encryption" like on my little guys is different from full Bitlocker encryption - although it is also called Bitlocker encryption.
 

My Computer

System One

  • OS
    Vista and Win7
    System Manufacturer/Model
    2xHP, 2xGateway, 1xDell, 1xSony
    Hard Drives
    5 SSDs and 12 HDs
Yeah, while "Device Encryption" is a different feature, it's still based on BitLocker.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
That is correct. But it is a lot easier procedure to apply. It is all automatic. Maybe I should revamp my tut for Device Encryption only and with the title "Automatic encryption of small windows devices". What do you think. And I will put a bit more meat on the bone.
 

My Computer

System One

  • OS
    Vista and Win7
    System Manufacturer/Model
    2xHP, 2xGateway, 1xDell, 1xSony
    Hard Drives
    5 SSDs and 12 HDs
Sounds good. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Back
Top