最近,每个人都特别关注他们的隐私和他们在互联网上分享的信息。这也扩展到了离线世界,用户开始对谁可以访问他们的个人文件保持谨慎。办公室(Office)工作人员希望让他们的工作文件远离他们爱管闲事的同事或保护机密信息,而学生和青少年希望让他们的父母不检查所谓的“家庭作业”文件夹的实际内容。幸运的是,Windows有一个名为(Windows)Bitlocker的内置磁盘加密功能,它只允许拥有安全密码的用户查看文件。
Bitlocker最初是在Windows Vista中引入的,其图形界面只允许用户加密操作系统卷。此外,它的某些功能只能使用命令提示符进行管理。但是,此后情况发生了变化,用户也可以加密其他卷。从Windows 7开始,还可以使用Bitlocker加密外部存储设备 ( Bitlocker To Go)。设置Bitlocker可能有点令人生畏,因为您害怕将自己锁定在特定卷之外。在本文中,我们将引导您完成在Windows 10上启用(Windows 10)Bitlocker加密的步骤。
启用 Bitlocker 的先决条件(Prerequisites for enabling Bitlocker)
虽然是原生的,但Bitlocker仅在某些版本的Windows上可用,下面列出了所有这些版本:
- (Pro)Windows 10专业版、企业版(Enterprise)和教育(Education)版
- (Pro)Windows 8专业版和企业(Enterprise)版
- (Ultimate)Vista和 7 的(Vista)Ultimate和Enterprise版本(需要可信平台模块(Platform Module)1.2 或更高版本)
要检查您的Windows版本并确认您是否具有Bitlocker功能:
1.双击桌面快捷方式图标或按Windows键 + E启动 Windows 文件资源管理器。(Launch Windows File Explorer)
2. 转到“这台电脑(This PC)”页面。
3. 现在,右键单击空白区域的任意位置(right-click anywhere on the blank space)并从上下文菜单中选择属性(Properties)或单击功能区上的系统属性(System Properties)。
在以下屏幕上确认您的Windows版本。(Windows)您还可以在开始搜索栏中键入winver(运行命令)(winver (a Run command)),然后按 Enter 键检查您的Windows版本。
接下来,您的计算机还需要在主板上安装可信平台模块(Platform Module)( TPM ) 芯片。Bitlocker使用TPM生成和存储加密密钥。要检查您是否有TPM芯片,请打开运行命令框(Windows键 + R),键入 tpm.msc,然后按 Enter。在以下窗口中,检查TPM状态。
在某些系统上,默认情况下禁用TPM芯片,用户需要手动启用该芯片。要启用TPM,请重新启动计算机并进入BIOS菜单。在安全(Security)设置下,查找TPM子部分,并通过勾选(TPM)Activate/Enable TPM旁边的框来允许它。如果您的主板上没有TPM芯片,您仍然可以通过编辑 “启动时需要额外身份验证”(“Require additional authentication at startup”)组策略来启用Bitlocker 。
如何在Windows 10上启用和(Windows 10)设置 BitLocker 加密(Set Up BitLocker Encryption)
(Bitlocker)可以使用控制面板中的图形界面或在命令提示符中执行一些命令来启用(Command Prompt)Bitlocker。在Windows 10上启用Bitlocker非常简单,但用户通常更喜欢通过控制面板(Control Panel)而不是命令提示符管理Bitlocker的视觉方面。(Bitlocker)
方法 1:通过控制面板(Control Panel)启用BitLocker
设置Bitlocker非常简单。只需要按照屏幕上的说明,选择他们喜欢的加密卷的方法,设置一个强PIN,安全地存储恢复密钥,然后让计算机完成它的工作。
1. 按Windows键 + R 打开运行命令(Run Command)框,键入 control 或 control panel,然后按 enter 启动控制面板( launch the Control Panel)。
2. 对于少数用户,Bitlocker Drive Encryption 本身会被列为控制面板(Control Panel)项,他们可以直接点击它。其他人可以在System(System) and Security中找到Bitlocker Drive Encryption窗口的入口点。
3. 展开要启用Bitlocker的驱动器,单击打开 Bitlocker(Turn on Bitlocker) 超链接。(您也可以在文件资源管理(File Explorer)器中右键单击驱动器,然后从上下文菜单中选择打开(Turn)Bitlocker 。)
4. 如果您的TPM已启用,您将直接进入BitLocker 启动首选项(BitLocker Startup Preferences)选择窗口,并可以跳到下一步。否则,您将被要求首先准备您的计算机。单击Next完成Bitlocker Drive Encryption启动。
5. 在关闭计算机以启用TPM之前,请确保弹出所有已连接的USB驱动器并移除光盘驱动器中闲置的所有CDS/DVDs准备好继续时单击关机(Click)。 (Shutdown )
6. 打开计算机并按照屏幕上显示的说明激活TPM。激活模块就像按下请求的键一样简单。密钥因制造商而异,因此请仔细阅读确认消息。激活TPM(TPM)后,计算机很可能会再次关闭;重新打开计算机。
7. 您可以选择在每次启动时输入 PIN 或在每次要使用计算机时连接包含启动密钥的USB/Flash驱动器(智能卡)。(Smart Card)我们将在我们的计算机上设置一个 PIN。如果您决定继续使用其他选项,请不要丢失或损坏带有启动密钥的USB驱动器。(USB)
8. 在以下窗口中设置一个强PIN并重新输入以确认。PIN的长度可以在 8 到 20 个字符之间。完成后单击(Click)下一步 (Next )。
9. Bitlocker现在会询问您存储恢复密钥的偏好。恢复密钥非常重要,可以帮助您访问计算机上的文件,以防万一您无法访问(例如,如果您忘记了启动PIN)。您可以选择将恢复密钥发送到您的Microsoft帐户、将其保存在外部USB驱动器上、将文件保存在您的计算机上或打印出来。
10. 我们建议您打印恢复密钥并将打印的纸张安全存放以备日后需要。您可能还想单击纸张的图片并将其存储在手机上。您永远不知道会出什么问题,因此最好创建尽可能多的备份。打印恢复密钥或将恢复密钥发送到您的Microsoft帐户后,单击(Click)下一步继续。(Next)(如果您选择后者,可以在此处找到恢复密钥:https://onedrive.live.com/recoverykey)
11. Bitlocker让您可以选择加密整个硬盘驱动器或仅加密使用的部分。加密完整的硬盘驱动器需要更长的时间才能完成,建议用于已使用大部分存储空间的旧 PC 和驱动器。
12. 如果您在新磁盘或新 PC 上启用Bitlocker,您应该选择仅加密当前充满数据的空间,因为它更快。此外,Bitlocker会自动加密您添加到磁盘的任何新数据,并省去您手动操作的麻烦。
13. 选择您喜欢的加密选项,然后单击下一步(Next)。
14.(可选):从Windows 10 版本 1511(Version 1511)开始,Bitlocker开始提供在两种不同加密模式之间进行选择的选项。如果磁盘是固定磁盘,请选择新加密模式(New encryption mode);如果要加密可移动硬盘驱动器或USB闪存驱动器,请选择兼容模式。
15. 在最后一个窗口中,一些系统需要勾选Run BitLocker system check旁边的框,而其他系统可以直接点击Start encrypting。
16. 系统将提示您重新启动计算机以启动加密过程。按照提示重新启动(restart)。根据要加密的文件的大小和数量以及系统规格,加密过程将需要 20 分钟到几个小时才能完成。
方法 2:使用命令提示符(Command Prompt)启用BitLocker
用户还可以使用命令行 manage-bde通过命令提示符管理(Command Prompt)Bitlocker。早些时候,启用或禁用自动锁定等操作只能从命令提示符(Command Prompt)而不是GUI执行。
1. 首先,确保您是从管理员帐户登录到您的计算机。(logged in to your computer from an administrator account.)
2.以管理员权限打开命令提示符(Open Command Prompt with administrator rights)。
如果您收到用户帐户控制(User Account Control)弹出消息,请求允许程序(命令(Command)提示符)对系统进行更改,请单击“ 是” (Yes )授予必要的访问权限并继续。
3. 一旦你面前有一个提升的命令提示符窗口,输入(Command Prompt)manage-bde.exe -? 并按回车执行命令。执行“manage-bde.exe -?” 命令将为您提供 manage-bde.exe 的所有可用参数的列表
4. 检查您需要的参数列表(Parameter List)。要加密卷并为其打开Bitlocker保护,参数为 -on。您可以通过执行命令manage-bde.exe -on -h(manage-bde.exe -on -h)获取有关 -on a 参数的更多信息。
要为特定驱动器 打开Bitlocker并将恢复密钥存储在另一个驱动器中,请执行(Bitlocker)manage-bde.wsf -on X: -rk Y: (将 X 替换(Replace X)为您要加密的驱动器的盘符,将 Y 替换为驱动器盘符您希望存储恢复密钥的位置)。
受到推崇的:(Recommended:)
现在您已经在Windows 10上启用了(Windows 10)Bitlocker并根据您的偏好对其进行了配置,每次在您的计算机上启动时,系统都会提示您输入密码以访问加密文件。
How to Enable and Set Up BitLocker Encryption on Windows 10
Lately, everyone has been paying extra attention to their privacy and the information they share on the internet. Thіs has extended to the offline world too and users have started staying cautious of who can access their personal files. Office workers want to keep their work files away from their nosy colleagues or protect confіdential infоrmation while students and teenagers want to keep theіr parents from checking the actual contents of the so-called ‘homewоrk’ fоlder. Luckily, Windows haѕ a built-in disk encrуption feature called Bitlocker that only allows uѕers with the safety password to view fileѕ.
Bitlocker was first introduced in Windows Vista and its graphical interface only allowed the users to encrypt the operating system volume. Also, some of its features could only be managed using the command prompt. However, that has changed since and users can encrypt other volumes too. Starting from Windows 7, one can also use Bitlocker to encrypt external storage devices (Bitlocker To Go). Setting up Bitlocker can be a little daunting as you face the fear of locking yourself out of a particular volume. In this article, we will be walking you through the steps to enable Bitlocker encryption on Windows 10.
Prerequisites for enabling Bitlocker
While native, Bitlocker is only available on certain versions of Windows, all of which are listed below:
- Pro, Enterprise, & Education editions of Windows 10
- Pro & Enterprise editions of Windows 8
- Ultimate & Enterprise editions of Vista and 7 (Trusted Platform Module version 1.2 or higher is required)
To check your Windows version and confirm if you have the Bitlocker feature:
1. Launch Windows File Explorer by double-clicking on its desktop shortcut icon or by pressing Windows key + E.
2. Go to the ‘This PC’ page.
3. Now, either right-click anywhere on the blank space and select Properties from the context menu or click on System Properties present on the ribbon.
Confirm your Windows edition on the following screen. You can also type winver (a Run command) in the start search bar and press the enter key to check your Windows edition.
Next, your computer also needs to have a Trusted Platform Module (TPM) chip on the motherboard. The TPM is used by Bitlocker to generate and store the encryption key. To check if you have a TPM chip, open the run command box (Windows key + R), type tpm.msc, and press enter. In the following window, check the TPM status.
On some systems, TPM chips are disabled by default, and the user will need to enable the chip manually. To enable TPM, restart your computer and enter the BIOS menu. Under Security settings, look for the TPM subsection and will allow it by ticking the box next to Activate/Enable TPM. If there is no TPM chip on your motherboard, you can still enable Bitlocker by editing the “Require additional authentication at startup” group policy.
How to Enable and Set Up BitLocker Encryption on Windows 10
Bitlocker can be enabled using its graphical interface found inside the control panel or executing a few commands in the Command Prompt. Enabling Bitlocker on Windows 10 from either is very simple, but users generally prefer the visual aspect of managing Bitlocker via the Control Panel rather than the command prompt.
Method 1: Enable BitLocker via the Control Panel
Setting up Bitlocker is pretty straight-forward. One only needs to follow the on-screen instructions, choose their preferred method to encrypt a volume, set a strong PIN, safely store the recovery key, and let the computer do its thing.
1. Press Windows key + R to open the Run Command box, type control or control panel, and press enters to launch the Control Panel.
2. For a few users, the Bitlocker Drive Encryption will itself be listed as a Control Panel item, and they can directly click on it. Others can find the entry point to the Bitlocker Drive Encryption window in System and Security.
3. Expand the drive you want to enable Bitlocker to click on the Turn on Bitlocker hyperlink. (You can also right-click on a drive in File Explorer and select Turn On Bitlocker from the context menu.)
4. If your TPM is already enabled, you will directly be brought to the BitLocker Startup Preferences selection window and can skip to the next step. Otherwise, you will be asked to prepare your computer first. Go through the Bitlocker Drive Encryption startup by clicking on Next.
5. Before you turn off the computer to enable TPM, make sure to eject any connected USB drives and remove any CDS/DVDs sitting idle in the optical disc drive. Click on Shutdown when ready to continue.
6. Turn on your computer and follow the instructions that appear on the screen to activate the TPM. Activating the module is as simple as pressing the requested key. The key will vary from manufacturer to manufacturer, so carefully read the confirmation message. The computer will most likely shut down again once you activate the TPM; turn on your computer back on.
7. You can either choose to enter a PIN at every startup or connect a USB/Flash drive (Smart Card) containing the startup key every time you want to use your computer. We will be setting a PIN on our computer. If you decide to move forward with the other option, do not lose or damage the USB drive bearing the startup key.
8. On the following window set a strong PIN and re-enter it to confirm. The PIN can be anywhere between 8 to 20 characters long. Click on Next when done.
9. Bitlocker will now ask you your preference for storing the recovery key. The recovery key is extremely important and will help you access your files on the computer in case something deters you from doing so (for example – if you forget the startup PIN). You can choose to send the recovery key to your Microsoft account, save it on an external USB drive, save a file on your computer or print it.
10. We recommend you print the recovery key and store the printed paper safely for future needs. You might also want to click a picture of the paper and store it on your phone. You never know what will go wrong, so it is better to create as many backups as possible. Click on Next to continue after you have printed or sent the recovery key to your Microsoft account. (If you choose the latter, the recovery key can be found here: https://onedrive.live.com/recoverykey)
11. Bitlocker gives you the option to either encrypt the entire hard drive or only the part used. Encrypting a complete hard drive takes longer to accomplish and is recommended for older PCs and drives where most of the storage space is already being used.
12. If you are enabling Bitlocker on a new disk or a new PC, you should choose to encrypt only the space that is currently filled with data as it is much faster. Also, Bitlocker will automatically encrypt any new data you add to the disk and save you the trouble of doing it manually.
13. Select your preferred encryption option and click on Next.
14. (Optional): Starting from Windows 10 Version 1511, Bitlocker started providing the option to select between two different encryption modes. Select the New encryption mode if the disk is a fixed one and the compatible mode if you are encrypting a removable hard drive or USB flash drive.
15. On the final window, some systems will need to tick the box next to Run BitLocker system check while others can directly click on Start encrypting.
16. You will be prompted to restart the computer to initiate the encryption process. Comply with the prompt and restart. Depending on the size & number of files to be encrypted and also system specifications, the encryption process will take anywhere from 20 minutes to a couple of hours to finish.
Method 2: Enable BitLocker using the Command Prompt
Users can also manage Bitlocker via the Command Prompt using the command line manage-bde. Earlier, actions like enabling or disabling auto-locking could only be performed from the Command Prompt and not the GUI.
1. Firstly, ensure you are logged in to your computer from an administrator account.
2. Open Command Prompt with administrator rights.
If you receive a User Account Control pop-up message requesting permission to allow the program (Command prompt) to make changes to the system, click on Yes to grant the necessary access and continue.
3. Once you have an elevated Command Prompt window in front of you, type manage-bde.exe -? and press enter to execute the command. Executing the “manage-bde.exe -?” command will present you with a list of all the available parameters for manage-bde.exe
4. Inspect the Parameter List for the one you need. To encrypt a volume and turn on Bitlocker protection for it, the parameter is -on. You can obtain further information regarding the -on a parameter by executing the command manage-bde.exe -on -h.
To turn on Bitlocker for a particular drive and store the recovery key in another drive, execute manage-bde.wsf -on X: -rk Y: (Replace X with the letter of the drive you wish to encrypt and Y with the drive letter where you want the recovery key to be stored).
Recommended:
Now that you have enabled Bitlocker on Windows 10 and have it configured to your preference, every time you boot on your computer, you will be prompted to enter the passkey in order to access the encrypted files.