BitLocker 驱动器加密是(BitLocker Drive Encryption)Windows最常用的加密解决方案之一。它是Windows 10 专业版(Pro)和企业(Enterprise)版中的一种安全工具,可帮助保护您的数据免遭未经授权的访问。它通过允许您加密系统分区以及您的驱动器上可能拥有的其他分区来实现这一点。在本教程中,我们将指导您完成使用BitLocker加密系统分区的过程:
您需要能够对系统分区进行 BitLocker 加密
对于初学者,您应该知道只有在使用此操作系统的专业版(Pro)或企业(Enterprise)版时才能在Windows 10中使用(Windows 10)BitLocker 驱动器加密。(BitLocker Drive Encryption)此外,您还应该知道,要加密系统驱动器,您应该在计算机或设备上安装TPM芯片。(TPM)
如果您没有TPM芯片,BitLocker仍然可用,但要使用它,您还必须更改Windows 10中的一些设置。本指南为您提供更多信息:如何在没有 TPM 芯片的情况下在 Windows 中启用 BitLocker 加密(How to enable BitLocker encryption without a TPM chip in Windows)。
本教程的下一部分将向您展示如何加密Windows 10系统分区。但是,请注意,您可以采取相同的步骤为您可能拥有的任何其他分区启用BitLocker,而不仅仅是系统驱动器。
步骤 1. 打开BitLocker 驱动器加密(BitLocker Drive Encryption)面板
在Windows 10中,BitLocker的设置仅在控制面板(Control Panel)中可用。虽然有几种方法可以进入 BitLocker 驱动器加密(get to the BitLocker Drive Encryption)窗口,但最快的方法是搜索(search)bitlocker。为此,请按Windows键并开始键入 bitlocker。填充搜索结果列表后,单击或点击管理 BitLocker(Manage BitLocker)。
在下一个屏幕截图中,您可以看到BitLocker 驱动器加密(BitLocker Drive Encryption)面板的外观。对于每个驱动器,您会看到其驱动器号、标签和BitLocker加密状态: On 或Off。
现在让我们看看如何使用BitLocker加密(BitLocker)Windows 10系统分区:
步骤 2.为系统分区启用BitLocker加密(BitLocker)
单击(Click)或点击系统分区旁边的“打开(Turn)BitLocker ”按钮。(BitLocker)通常,那是 C: 驱动器。
然后,将打开BitLocker 驱动器加密(BitLocker Drive Encryption)向导。等待(Wait)一两分钟,直到它完成检查您的 PC 是否满足使用BitLocker的系统要求。
BitLocker加密向导的下一部分会有所不同,具体取决于您的计算机上是否有TPM芯片:
如果你的 Windows 10 电脑没有TPM芯片,系统会要求你选择在启动时解锁系统分区的方式。您可以选择在每次启动时输入密码或插入USB闪存驱动器。(USB)
插入USB闪存驱动器或输入密码,但要明智地选择。如果没有该USB闪存驱动器或密码,您将无法访问加密分区或启动到Windows 10。因此,请确保您妥善保管USB闪存驱动器或记住您设置的密码。完成后,按Next 。(Once)
如果您的 Windows 10 PC 具有TPM芯片,则上一步将由它自动处理。换句话说,BitLocker密码存储在TPM芯片上,因此您不必创建USB驱动器或密码来解锁加密的系统分区。
无论(Regardless)您是否有TPM芯片,在下一步中,系统都会询问您要将恢复密钥备份到哪里。当您在解锁加密驱动器时遇到问题时使用此密钥。选择您喜欢的选项,然后按Next。
系统询问您要加密多少系统分区。如果您有一台全新安装Windows 10的较新计算机,最好选择第一个选项:“仅加密(Encrypt)已用磁盘空间”。如果您的计算机已经使用了一段时间,最好对整个驱动器进行加密。但是,第二个选项会使加密过程花费更长的时间。选择最适合您的选项,然后按Next。
Windows 10 引入了一种新的加密模式:XTS-AES。虽然此模式为您的数据提供额外的完整性支持,但它与旧版本的Windows(Windows)不兼容,例如Windows 8.1或Windows 7。
因为你正在加密你的系统分区,你可能不打算移动它所在的驱动器,所以使用更安全的“新加密模式”。(New)不要忘记按Next。
在下一步中,启用“运行 BitLocker(Run BitLocker)系统检查”选项以确保BitLocker可以“[...] 正确读取恢复和加密密钥 [...]”。然后,按继续(Continue)。
您被告知BitLocker需要重新启动您的 Windows 10 计算机才能完成加密过程。如果您的 PC 上仍有工作要做,请单击(Click)或点击立即重新启动(Restart)或选择稍后重新启动。(Restart)
第 3 步。重新启动您的Windows 10 PC,让BitLocker加密系统分区
重新启动 Windows 10 电脑后,如果它没有TPM芯片,则必须输入之前设置的密码。如果它有TPM芯片,您的 PC 会像往常一样重新启动,不会出现任何中断。
使用 Windows 10用户帐户(user account)登录后,BitLocker会自动开始加密系统分区。您可以在系统托盘中检查它是否这样做,您应该在其中找到一个小的BitLocker图标。
如果您想了解有关如何执行加密过程的更多详细信息,请双击或双击系统托盘中的BitLocker图标。这会打开一个小窗口,您可以在其中查看所取得的进展。
当系统分区在后台被BitLocker加密时,您可以继续使用计算机。当该过程结束时,BitLocker会通知您“C: 的加密(Encryption)已完成”。
就是这样!现在您有了一个只有您可以访问的BitLocker加密系统分区。(BitLocker)
您(Are)是否使用BitLocker加密您的Windows 10系统分区?
如果您的计算机上有TPM芯片,则可以轻松加密Windows 10 PC 上的任何驱动器,包括系统分区。如果您不这样做,那么该过程会稍微复杂一些,并且需要您使用USB驱动器或密码来访问您的加密分区。幸运的是,在Windows 10中,每个人都可以轻松使用此安全功能。您是否使用BitLocker来保护您的数据?在下面发表评论(Comment),让我们讨论。
How to encrypt a system partition with BitLocker in Windows 10
BitLocker Drive Encryption is one of the most used encryption solutions for Windows. It's a security tool found in Wіndows 10 Prо and Enterprise editions that helрs protect your dаta from unauthorized access. It does that by allowing you to encrypt system partіtions, as well as other partitionѕ you may have on your drіves. In thiѕ tutorial, we're going to guide you through the proceѕs of encrypting system partitions with BitLocker:
What you need to be able to BitLocker-encrypt a system partition
For starters, you should know that you can use BitLocker Drive Encryption in Windows 10 only if you use a Pro or Enterprise edition of this operating system. Additionally, you should also be aware of the fact that, to encrypt your system drive, you should have a TPM chip installed on your computer or device.
If you don't have a TPM chip, BitLocker is still available, but to use it, you also have to change a few settings in Windows 10. This guide provides you with more information: How to enable BitLocker encryption without a TPM chip in Windows.
The next sections of this tutorial show you how to encrypt a Windows 10 system partition. However, note that you can take the same steps to enable BitLocker for any other partition you may have, not just for your system drive.
Step 1. Open the BitLocker Drive Encryption panel
In Windows 10, BitLocker's settings are available only in the Control Panel. Although there are several ways to get to the BitLocker Drive Encryption window, the fastest one is to search for bitlocker. To do that, press the Windows key and start typing bitlocker. Once the list of search results is populated, click or tap on Manage BitLocker.
In the next screenshot, you can see what the BitLocker Drive Encryption panel looks like. For each drive, you're shown its drive letter, label, and the BitLocker encryption status: On or Off.
Now let's see how to encrypt the Windows 10 system partition using BitLocker:
Step 2. Enable BitLocker encryption for the system partition
Click or tap on the "Turn on BitLocker" button next to your system partition. Usually, that's the C: drive.
Then, the BitLocker Drive Encryption wizard opens. Wait for a moment or two until it finishes checking whether your PC meets the system requirements for using BitLocker.
The next part of the BitLocker encryption wizard differs depending on whether you have a TPM chip on your computer or not:
If your Windows 10 PC does not have a TPM chip, you're asked to choose how you want to unlock your system partition at startup. You can opt to enter a password or insert a USB flash drive each time you boot.
Plug a USB flash drive or enter a password, but choose wisely. Without that USB flash drive or password, you won't be able to access the encrypted partition or boot to Windows 10. Therefore, make sure you keep the USB flash drive safe or remember the password you set. Once done, press Next.
If your Windows 10 PC has a TPM chip, the previous step is handled automatically by it. In other words, the BitLocker password is stored on the TPM chip, so you don't have to create a USB drive or a password to unlock the encrypted system partition.
Regardless of whether you have a TPM chip or not, on the next step, you are asked where you want to back up the recovery key. This key is used when you have problems unlocking the encrypted drive. Choose the option you prefer and then press Next.
You are asked how much of your system partition you want to encrypt. If you have a newer computer with a fresh installation of Windows 10, it might be better to choose the first option: "Encrypt used disk space only." If your computer has been used for a while, it is best to encrypt the whole drive. The second option makes the encryption process take longer, though. Pick the option that works best for you and press Next.
Windows 10 introduces a new encryption mode: XTS-AES. While this mode provides additional integrity support for your data, it is not compatible with older versions of Windows, like Windows 8.1 or Windows 7.
Because you're encrypting your system partition, you probably don't intend to move the drive on which it's found, so use the "New encryption mode" that is more secure. Don't forget to press Next.
On the next step, enable the "Run BitLocker system check" option to make sure that BitLocker can "[...] read the recovery and encryption keys correctly [...]". Then, press Continue.
You are informed that BitLocker needs to restart your Windows 10 computer to be able to finish the encryption process. Click or tap on Restart now or choose Restart later if you still have work to do on your PC.
Step 3. Restart your Windows 10 PC to let BitLocker encrypt the system partition
After you reboot your Windows 10 PC, if it doesn't have a TPM chip, you must enter the password you have set earlier. If it has a TPM chip, your PC restarts as usual, without any interruptions.
After you sign in with your Windows 10 user account, BitLocker automatically starts encrypting the system partition. You can check that it does so in the system tray, where you should find a small BitLocker icon.
If you want more details on how the encryption process is carried out, double-click or double-tap on the BitLocker icon from the system tray. That opens up a small window where you get to see the progress made.
You can continue to use the computer while the system partition is encrypted by BitLocker in the background. When the process is over, you are informed by BitLocker that the "Encryption of C: is complete."
That's it! Now you have a BitLocker encrypted system partition that only you can access.
Are you using BitLocker to encrypt your Windows 10 system partitions?
If you have a TPM chip on your computer, it is easy to encrypt any drives on your Windows 10 PC, including the system partition. If you don't, then the process is slightly more complex and requires you to use a USB drive or a password to access your encrypted partitions. Fortunately, in Windows 10, it's easy for everyone to use this safety feature. Do you use BitLocker to protect your data? Comment below and let's discuss.
