Configuring Bitlocker in WindowsWritten on March 25, 2015 by Christopher Crader
This article is meant to cover basic configuration of Bitlocker with the use of a TPM. It's actually a pretty straightforward process, but you'll want to make sure you backup any important data before doing this. Problems are very unlikely, but as with any type of encryption or disk management, if anything does go wrong or if the encryption key is lost somehow, there is no way to recover the data. Please ensure you make a copy of the encryption key, as included in the article below, but also make sure you keep a secure copy of the data on the encrypted drive. If the data is important enough to encrypt, it should be important enough to have a backup copy of.
Installing a TPM Module
You may not need this, but just in case you have not installed the TPM, here's a video showing how to do so. Once the unit is installed, you'll be able to configure Bitlocker using the TPM as the location for the storage key.
Configuring BitLocker with a TPM
So you've got a freshly booted system. Let's go ahead and bring up the Start menu. If you're using Windows 8, you'll bring up the Start screen and type in "Control Panel".
Click on the Control Panel. Once in the Control Panel, click on System and Security. Note, if you have the Control Panel set to Large or Small Icons mode, you won't see that option. If so, just click on BitLocker Drive Encryption and skip the next image.
Otherwise, click on BitLocker Drive Encryption at the System and Security section.
This part is pretty straightforward, but I still should say it. Click Turn On BitLocker for the drive you want to encrypt.
You will get this prompt. Windows 8 will give the option to save to your Microsoft Account instead of directly to a USB flash drive. This gives you an out in case the TPM ever fails or if you need to remove the drive from your system for some reason. Choose to save the recovery key via one of the listed options. Whatever you do, put that saved key somewhere secure. It can be used to get access to the drive if anything goes wrong. If you lose it and something does go wrong, you'll have no way of getting your data back. After you've done one of those, click Next. Note, for Windows 7 users, you can skip the next image and text block
For Windows 8 users, you'll get this prompt. It's pretty self-explanatory. I recommend going with the entire drive if the system has been used before, but if not, go ahead and select to encrypt only the used space. Click Next.
BitLocker recommends doing a system check to make sure it works. If you'd like to do that, check the box to do so. Since you've got a saved key, you don't absolutely need to, but it's a good idea. Keep in mind that if you do check the box and click Continue, it will restart the computer. The system will give you a prompt if it fails the check. Otherwise, it'll start with a brief screen regarding the check and you'll just have to run the configuration for BitLocker again. Note also that doing so will also generate a new key, so if you do run the system check, make sure to toss or delete the key you've made already, as the new one will be the different.
When you're ready, leave the Run BitLocker system check option off and select Star Encrypting.
The encryption will start on its own. Typically it produces a message in the notification area on the lower right. If you click on it, you can get this window. It will tell you how long until the encryption finishes. This process will take anywhere from 15 minutes to several hours, depending whether you're encrypting the entire disk and the type of disk being encrypted. Once it's done, you'll get a prompt.
Whoo! You're done. You can keep using the system while the disk is encrypting. It will likely be slower while doing so, so keep that in mind. If you ever decide you don't need BitLocker, you can come back into this same interface and choose to turn off BitLocker. It will need some time while it decrypts everything, though.