How to recover files encrypted with BitLocker? What is the difference between a recovery password, a recovery key, a PIN, a secure PIN, and a startup key? Enable BitLocker if the service is disabled

The Windows operating system cannot 100% guarantee that if you have a password, unauthorized persons will not gain access to your laptop. The account password can be found out and changed using special tools without having access to the OS itself. Therefore, there is a need to encrypt data on the hard drive. This allows you not to worry about unauthorized access if the owner locks it before leaving the laptop unattended.

This article will look at the VeraCrypt hard drive encryption program for the Windows 10 operating system, and the entire system hard drive with all partitions, including the system partition, will be encrypted. The categorical attitude towards the OS is due to the fact that the articles “Virtual encrypted hard drive using VeraCrypt” and “Encrypt a computer using TrueCrypt” had already been published earlier, and questions about encrypting a hard drive on Windows 10 began to arise frequently among site visitors.

Installing VeraCrypt

Run the installation file. The first window displays the license agreement, click the button " I accept the license terms", which means agreement with its terms. Click " Next".

In the next window you need to select the installation mode - installation or unpacking. The unpacking mode can be useful for working with encrypted virtual hard drives. Since you want to encrypt the entire disk and not create virtual hard disks, you must select " Install" and press the button " Next".

Next, you need to select installation options. Leave the options as default, click " Install".

The installation process has begun, we are just waiting for the message about successful installation to appear.

A message appears indicating that the installation was completed successfully.

Now you can see a request from developers to donate money. Click " Finish".

After clicking Finish, a message appears asking you to look at the reference material, click " No".

Installation of the hard drive encryption program has been completed successfully.

Setting up the program and encrypting the hard drive

Launch the shortcut from the desktop " VeraCrypt".

By default, the interface is in English, but there is a translation into Russian, the interface just needs to be switched to Russian. Go to the tab " Settings", then point " Language...".

In the next window you need to select " Russian"language and press button" OK".

The interface immediately becomes in Russian. This is nice, since in TrueCrypt it was necessary to restart the program to apply the interface language, but in VeraCrypt the language changes immediately without a restart.

Now let's begin the process of encrypting the hard drive, taking into account the fact that we are using the Windows 10 operating system. Go to the " tab System" and select the item " Encrypt system partition/disk".

Now you need to select the type of encryption - regular or hidden. To use the hidden type, you must have two hard drives; two partitions of one drive will not work. Choose the normal type.

Next, you need to specify the area for encryption. Encrypting the system partition is recommended by the developers, since when encrypting the entire disk there may be problems with the VeraCrypt boot sector due to insufficient space. It is worth noting that if you have several partitions on one disk and select the " encrypt system partition"Only the partition on which Windows is installed will be encrypted. On laptops, people often create two partitions, one for the system and the other for user data. In this case, user data will not be protected, so it is recommended to select " Whole disk encryption". Select the entire disk.

A notification appears with a recommendation to use encryption only for the system partition. Click " No", since the entire disk needs to be encrypted.

Now you need to specify whether you want to detect and encrypt the hidden partition. Encryption of the entire disk has already been selected, so select " No".

Next you need to indicate the number of installed operating systems. If there is no choice of operating system when you boot your computer, then only one OS is installed. This instruction is aimed at a laptop with one OS, if several OS are used, then select the "" option at your own peril and risk. Select the item "".

Now we select the encryption algorithm. The default algorithm is AES with a key length of 256. The optimal choice. You can choose AES(Twofish(Serpent)), but then the encryption may take longer than four hours. Leave it as default or choose a more robust option.

If " AES(Twofish(Serpent))"Next a notification about using a cascade of ciphers will appear. You should read it carefully and do not lose the recovery disk that will be created later. Click " Yes".

Next, another notification about the use of a cascade of ciphers will appear. Click " OK".

Now you need to specify the password that will be used to boot the operating system. It is strongly recommended to use passwords of at least 20 characters. If such a password is not suitable, since you definitely won’t be able to remember it, then you can enter a short one, but at least 8 characters using signs and symbols. It should not contain words or abbreviations from the surname and initials. If you use a short password, a warning will appear. It is recommended to leave other options as default. You can check the box " Use PIM" and in the next window you will need to indicate purely iterations, which must be remembered, otherwise you will not be able to log in to the system. Therefore, we recommend not checking the box " Use PIM". Enter the password.

Next comes the collection of random data. Just move your mouse around the window until the indicator turns green, and then click " Further".

Keys and random data have been successfully created, click " Further".

Now you need to create a recovery image and burn it to disk. By default, the image is created in the user's documents, but you can change the location by clicking the " Review", the main thing when changing the location is to specify a name with the same extension " VeraCrypt Rescue Disk.iso". Click " Further".

Insert a blank or rewritable disc (CD or DVD) and burn the disc image. Click " Write down".

After the disc has been successfully burned, press the " Close"Do not remove the disc from the drive, as it will need to be checked later.

We return to the VeraCrypt wizard window. Next, the recovery disk will be checked. Click " Further".

The next window says that the disk scan was successful. Click " Further".

Now you need to select the cleaning mode. It is well described in this window, but it should be noted that cleaning will additionally add time to the encryption process. If in your case there is a danger that they will try to extract the data in the near future, then you should choose a cleaning mode with a number of passes of at least three. Select the cleaning mode and press " Further".

Now you need to check that everything is working properly. Press the button " Test".

Next, a notification will appear stating that the VeraCrypt loader has not been translated into Russian, that is, until the Operating System is loaded, everything will be in English. Click " Yes".

Next, the Volume Creation Wizard will ask you to restart your computer. Click " Yes".

When you boot your computer before loading the operating system, the VeraCrypt bootloader will appear. Enter the password specified earlier, but do not enter anything in the PIM field (unless you checked the " Use PIM"), just press Enter. If you checked the " Use PIM", then you must enter the number of iterations in the appropriate field. Next, the password verification process will begin, which may take some time, so there is no need to panic if it lasts from 2 to 5 minutes. If you enter an incorrect password or an incorrect PIM (if used), it will be written incorrect password.

If your computer won't boot, you should use a recovery disk. When the computer boots successfully, we see a message about successful testing. Now everything is ready for encryption. Click " Encryption".

Next, a message will appear with instructions for using the recovery disk, which you need to print. Click " OK".

The encryption process begins. The encryption time depends on the computer - how powerful it is and what type of storage media is used. In the case of an SSD, the encryption time for cascade ciphers without clearing can be about 80 minutes. In the case of conventional hard drives under similar conditions, the encryption time can be about four hours.

When encryption is complete, a message will appear indicating that the hard drive has been successfully encrypted.

Encryption is complete, click " Ready".

Disk decryption

This decryption method is only suitable if the encryption process was completed without errors and the Operating System boots successfully.
Launch VeraCrypt, the system drive will be in the list, right-click on it and select “Decrypt permanently”.
The program will ask for decryption confirmation. Click "Yes". Then another confirmation will appear, click “Yes”.
The decryption process begins, which will take the same amount of time as the decryption process minus clearing took. Once completed, a notification indicating successful decryption will appear and you will be prompted to restart your computer.

Good day, friends.

Have you set a password for certain information on your computer and now want to remove it? Don't know how to do this? This article provides simple instructions on how to disable Bitlocker - the very program that protects your data from hacking.

Bitlocker is a built-in utility in Windows systems designed to keep sensitive information safe from unauthorized access. Having installed it, the computer owner puts a password on all or individual files. The application allows you to save it on external media or print it in order to leave the PIN only in memory, because it can fail.

Encrypting information means that the program converts it into a special format that can only be read after entering a password.

If you try to open a file without it, you will be presented with unrelated numbers and letters.

Initially, you can configure the utility so that the lock is removed when a flash drive with a key is inserted. It is better to have several media with a password.

Important! If you forget and lose all the keys, along with them you will lose access to all data on the disk (or flash drive) forever.

The application first started working in the extended version of Windows Vista. Now it is available for other generations of this system.

Ways to disable Bitlocker

To unblock a block, you don’t need to be a hacker or a professional IT specialist. Everything is done simply; of course, if you set the password yourself and are not going to hack other people's data. This is true? Then let's start the analysis.

There are several ways to unlock files. The simplest one looks like this:

Right-click on the desired drive and in the window that appears, click “Manage BitLocker”;

A new menu will open where you should select “Turn off”.

When you reinstall Windows 10 or another version of the OS, you will need to pause encryption. To do this, follow the instructions below:

Open Start - Control Panel - System and Security - BitLocker Drive Encryption;
Select “Pause protection”, or “Manage BitLocker” - then “Disable BitLocker” (In Win7).
Click "Yes" to confirm that you are deliberately disabling it.

Through the same menu, you can completely turn off the blocking by pressing the corresponding button.

Keep in mind that Windows Vista and other versions of the system may have different names for the sections described above. But in any case, you will find the necessary settings through the control panel. For example, in Windows 8 you can open it like this:

To be honest, I don’t know how to disable this encryptor if the password is lost... I can only recommend formatting the device - as a result of which the disk will be available for work. But in this situation, naturally all the data on it will be lost.

Well, that's all, I hope it was useful.

See you soon friends!

The disk encryption function or BitLocker appeared in Windows 7. With its help, you can encrypt SSDs, HDDs or removable media. However, this process is accompanied by a number of difficulties, the main one of which is the lack of a TPM module, which can be removable or integrated into the motherboard. As a result, the user may encounter a message that “...the device cannot use the TPM. The administrator must set the parameter. Allow BitLocker to be used without a compatible TPM."

How to fix this error and enable BitLocker in Windows 10?

Read also: Putting a password on a flash drive in Windows 8

Enable BitLocker on Windows 10 without a compatible TPM

To enable disk encryption without a compatible TPM, you need to make changes in the Windows 10 Local Group Policy Editor. To do this, follow these steps:

Press “Win+R” and enter “msc”.

Go to the branch “Computer Configuration”, “Administrative Templates”, “Windows Components”, “This policy setting allows you to select BitLocker drive encryption”, “Operating system drives”. We find the option “This policy setting allows you to configure the requirement for additional authentication at startup.”

Double click to open the parameter settings. We set the following values.

After the system restarts, you can go to the “Control Panel” and select “BitLocker Drive Encryption”.

It is worth noting that before creating an encrypted device, it is worth making a backup copy of the data.

SoftikBox.com

How to enable BitLocker on Windows 10

2. In the “Parameters” window, go to “System”

3. Next, go to the “About System” tab, go to the very bottom and click “BitLocker Settings”

4. Here we select the removable media that we want to protect and click “Enable BitLocker”

5. Wait for the action to complete.

6. Next we will need to select one of the blocking options:

7. I chose password protection! Check the box “Use a password to unlock the disk,” then enter the password we created twice and click “Next.”

8. In the next window, select a recovery option in case you forget your password, for example “Save to file”

9. Select the location to save the file and click “Save”

10. Click “Next”

11. Set the following parameters to suit your needs, for example, I chose “Encrypt the entire disk”, select the option and click “Next”

12. In the next window “Start encryption”

13. We are waiting for the end of encryption of the removable storage device you have chosen!

ns1club.ru

How to encrypt your Windows 10 computer using BitLocker

If you store confidential information on your computer, then encrypting your system hard drive will be an excellent option to ensure the safety of your data. In this article we will tell you how to encrypt your computer's system drive using the most popular encryption tool from Microsoft, the BitLocker utility, which comes with all professional versions of Windows. Since the release of Windows Vista, Microsoft has offered a new data protection feature called BitLocker Drive Encryption. Windows 7 introduced BitLocker To Go, encryption for portable storage devices such as flash drives and SD cards.

There is no need to download and install Biltocker, it is already built into the operating system and is only available in Window 10 Pro and Enterprise. You can see which edition of Windows is installed on your computer in the Control Panel on the System tab. If you have Window 10 Home installed, which does not support BitLocker, we recommend that you pay attention to a program such as Vera Crypt.

Why Microsoft doesn't make this feature publicly available is an open question, given that data encryption is one of the most effective ways to keep it secure. Encryption is a way to enhance the security of your data by ensuring that its contents can only be read by the owner of the appropriate encryption key. Windows 10 includes various encryption technologies. For example, EFS file system encryption and BitLocker Drive Encryption, which we will talk about in this article.

Encrypting your hard drive may take a long time. Before you begin, we recommend that you back up your data, as an unexpected power outage during the encryption process may damage it.
The Windows 10 November update includes a more secure encryption standard. Please note that the new encryption standard will only be compatible with Windows 10 November Update systems.
If your computer does not have a Trusted Platform Module (TPM), a chip that gives the computer additional security features, such as the ability to encrypt BitLocker drives. When you try to enable encryption, you may receive a TPM error message: "This device cannot use the Trusted Platform Module (TPM)"

To resolve this issue, use the EnableNoTPM.reg.zip file. Download, unzip and run this file, this will make the necessary changes to the registry to allow encryption without TPM. Enable BitLocker Drive Encryption in Windows 10. Click Start -> Explorer -> This PC. Then right-click on the Windows system drive (usually drive C), and select “Enable BitLocker” from the drop-down menu.

Create a strong password to unlock your hard drive. Every time you turn on your computer, Windows will ask you for this password to decrypt your data.

Choose how you want to back up the recovery key. You can save it to your Microsoft account, copy it to a USB drive, or print it.

Saved?! Now you need to specify which part of the disk you want to encrypt.

You will have two options:

If you are encrypting a new drive or a new PC, you only need to encrypt the part of the drive that is currently in use. BitLocker will then automatically encrypt data as it is added.
If you enable BitLocker on a PC or drive you're already using, we recommend encrypting the entire drive. This will ensure that all data is protected.

For us, the second option is more preferable. Please note that encryption will take some time, especially if you have a large drive. Make sure your computer is connected to an uninterruptible power supply in case of power outages.

If you have the November Windows 10 updates installed, then the more secure XTS-AES encryption mode is available to you. Choose this option whenever possible.

When you are ready to start encrypting, click the “Continue” button

Restart your computer when prompted.

Remember the password you created earlier? Now is the time to introduce it.

After logging into Windows, you will notice that nothing global has changed.

To check the encryption status, click Start > File Explorer > This PC. Now you will see a drawn lock on the system disk. Right-click on the drive and then select Manage BitLocker.

You will see the current state of the C:\ drive - BitLocker encryption (enabled). You can continue to use your computer as encryption occurs in the background. You will be notified when it is completed.

If you want to pause encryption, you can do so in the BitLocker Drive Encryption panel Click on the "Pause Protection" link. After this point, newly created files and folders will not be encrypted. Here you can completely disable BitLocker and decrypt all your data.

P.S

We hope our article turned out to be useful, and you have securely encrypted your data, but do not forget to take care of the security of communication - try our anonymous VPN, today on special conditions with a BitLocker promo code.

Scenario 1: Enable BitLocker Drive Encryption on the operating system drive (Windows 7)

Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption.

Click Turn on BitLocker for your operating system drive. BitLocker will check your computer to ensure it meets system requirements. If the computer meets the requirements, BitLocker will provide information about the next steps required to enable BitLocker (drive preparation, TPM enablement, and drive encryption).

If the operating system drive has a single partition, BitLocker prepares the drive by compressing it and creating a new operating system partition that is used for system files that are required to start or recover the operating system and are not encrypted. This drive will not have a letter to prevent files from being accidentally saved to it. After preparing the disk, you must restart the computer.

If the TPM is not initialized, the BitLocker Setup Wizard will prompt you to remove all CD, DVD, and USB drives from the computer and restart the computer to begin enabling the TPM. You will be prompted to enable the TPM before the system boots, but in some cases you will need to go into the BIOS settings and manually enable the TPM. This depends on the computer's BIOS module. Once you confirm that the TPM needs to be enabled, the operating system starts and the Security Hardware Initializing indicator for the TPM appears.

If the computer does not have a TPM, BitLocker can be used, but it will use the Startup Key Only authentication method. All necessary encryption key information is stored on a USB flash memory device, which must be connected to the computer by the user during the system boot process. The key, stored on a USB flash drive, is used to unlock the computer. Using the TPM is highly recommended because it helps protect against attacks on the critical boot process of your computer. Using the Start Key Only method provides only disk encryption; it does not provide early boot component verification or hardware spoofing protection. To use this method, the computer must support reading USB devices before loading the operating system, and you must also enable this authentication method by selecting the Allow BitLocker without a compatible TPM policy check box in the Require additional authentication at startup Group Policy setting, located in the following pane of the Local Editor group policies: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Protection\Operating System Drives.

After the TPM is initialized, the BitLocker Setup Wizard will prompt you to select a recovery key storage method. The following options are possible:

Save the recovery key to a USB flash drive. Saves the recovery key to a USB flash drive.
Save the recovery key to a file. Saves the recovery key on a network drive or other location.
Print the recovery key. Prints the recovery key.

Use one or more options for saving the recovery key. For each item, you must follow the wizard to specify the location to save or print the recovery key. When the recovery key is saved, click Next.

Important

The recovery key is required when moving an encrypted disk to another computer or when making changes to the system boot information. The recovery key is a very important component, so it is recommended that you make additional copies of it and store them in a safe place so that you can refer to them if you need to restore access to the disk. The recovery key is required to unlock encrypted data when BitLocker enters a locked state. The recovery key is unique for each disk. The key is not suitable for recovering encrypted data from another BitLocker-protected drive. For added security, you should store your recovery keys separately from your computer.

The BitLocker Setup Wizard asks you if you are ready to encrypt the drive. Make sure the Run BitLocker system scan check box is selected, and then click Continue.

Confirm to restart your computer by clicking the Restart now button. After this, your computer will restart and BitLocker will check that it is compatible with BitLocker and is ready for encryption. If your computer is not ready, you will receive an error message after you log in.

When the computer is ready for encryption, the Encryption status bar displays with the encryption progress. To check the status of drive encryption, hover your mouse over the BitLocker Drive Encryption icon in the notification area at the right edge of the taskbar. Encrypting the disk will take some time. You can use your computer while encryption is running, but performance will be lower than usual. Once encryption is complete, a success message will be displayed.

technet.microsoft.com

How to encrypt a disk in Windows 10 so that no one steals your files?

Windows 10 and earlier versions of Windows provide file encryption using BitLocker technology. You only need to configure it once, and you can be sure that no one will gain access to your files or be able to run your programs, even if they gain physical access to the drive of your laptop or computer. How do I enable BitLocker encryption? First of all, you need to activate security policies: 1. Press Win+R and run the command gpedit.msc. 2. Go to Administrative Templates > Windows Components BitLocker Drive Encryption > Operating System Drives.

3. Double-click on “This policy setting allows you to configure the requirement for additional authentication at startup” and select the “Enabled” option. Now you can proceed directly to encryption: 1. Open “Explorer” > “My Computer” and select the drive that you want to encrypt. 2. Right-click the drive icon and select Enable BitLocker.

3. A dialog box will open with options for accessing encrypted data. Follow its instructions and restart your computer. The disk will be encrypted. The encryption process can be lengthy, its duration depending on the volume of data being encrypted. During the encryption setup process, you will need to create a key or password to decrypt the data. The password must use mixed-case letters and numbers. When the drive is installed in your computer, data is encrypted and decrypted automatically, but if you remove the encrypted drive from it and connect it to another device, you will need a key to access the files.

The key recovery data can be stored on a flash drive, in a Microsoft account, in a text file, or on a printed sheet of paper. Keep in mind that this is not the key itself, but only information that will help you recover it. The key can only be obtained after entering the login and password for your Microsoft account, which makes it more difficult to break the encryption.

If you encrypted the system logical drive, you will have to enter the password during a cold start of the device or after it reboots.

Encryption is enabled by default, sometimes not - in general, everything is complicated. In this article, we will tell you how to check whether the data on the disk is encrypted, and if not, then how to enable encryption. Let us note that this is not only necessary for protection from surveillance by the world’s intelligence services. Encryption helps protect sensitive data if your computer is stolen.

Unlike other modern operating systems - Mac OS X, Chrome OS, iOS and Android - there are still no universal encryption tools in Windows 10 for all users. You need to buy or use third-party encryption software.

Device encryption

Many new Windows 10 computers have "device encryption" enabled by default. This feature appeared in Windows 8.1 and is only used on devices with a certain hardware configuration.

Additionally, encryption only works if you're signed into Windows with a Microsoft account. In this case, the data recovery key is uploaded to Microsoft servers, which gives a chance to restore access to files if you cannot log in for some reason. (Which is probably why the FBI isn't too worried about this kind of encryption. But anyway, what we're talking about here is encryption to protect against laptop theft. If you're worried about NSA surveillance, you're better off looking for more robust security options.)

To check if device encryption is enabled, open the Settings interface, go to System > About, and see if there is a Device Encryption option at the very bottom of the window. If not, then this feature is not supported on this computer.

BitLocker

If device encryption is not enabled or you require a more comprehensive solution for encrypting data, including on removable USB drives, . The BitLocker utility has been included in Windows for several versions in a row and enjoys a good reputation. However, it is only available in the Windows 10 Professional edition.

If you have this edition, search the Start menu for the keyword “BitLocker” and use the BitLocker Control Panel to enable encryption. If you upgraded to Windows 10 for free from Windows 7 Professional or Windows 8.1 Professional, then you should have the Windows 10 Professional edition.

If you have, you can upgrade to Windows 10 Professional for $99. To do this, simply open the Settings interface, go to Update & security > Activation and click the Go to Store button. Once you upgrade to Windows 10 Professional, you'll gain access to BitLocker and other advanced features.

TrueCrypt and derivatives

Paying $99 just to encrypt your hard drive isn't an easy decision when you consider that Windows computers themselves often cost just a few hundred dollars these days. But you don't have to spend money because BitLocker isn't the only solution. Yes, BitLocker has the most comprehensive integration and good support, but there are other encryption tools available.

– an open source full-disk encryption utility – works on Windows 10 and is a completely viable option. There are other utilities created based on TrueCrypt. All of them are free and all of them can be installed on Windows 10 Home and previous versions of Windows to encrypt your hard drive if you don't have access to BitLocker. Unfortunately, on modern computers you will have to tinker with setting up TrueCrypt. But if the system was purchased back in the days of Windows 7 and has now been updated for Windows 10, everything will go without problems.

Yes, the creators of TrueCrypt solemnly stopped development some time ago, declaring their brainchild vulnerable and unsafe, but numerous security experts still have not agreed on whether this is true. And most importantly, the discussion is mainly about protection from the NSA and other intelligence agencies. If you are interested in encryption to protect personal files from thieves in the event of a stolen laptop, such details should not interest you. For these purposes, TrueCrypt encryption will be quite sufficient.