You can use BitLocker Drive Encryption to help protect all files stored on the drive Windows is installed on (operating system drive) and on fixed data drives (such as internal hard drives). Your can use BitLocker To Go to help protect all files stored on removable data drives (such as external hard drives or USB flash drives).

Unlike Encrypting File System (EFS), which enables you to encrypt individual files, BitLocker encrypts the entire drive. You can log on and work with your files normally, but BitLocker can help block hackers from accessing the system files they rely on to discover your password, or from accessing your drive by removing it from your computer and installing it in a different computer.

When you add new files to a drive that is encrypted with BitLocker, BitLocker encrypts them automatically. Files remain encrypted only while they are stored in the encrypted drive. Files copied to another drive or computer are decrypted. If you share files with other users, such as through a network, these files are encrypted while stored on the encrypted drive, but they can be accessed normally by authorized users.

If you encrypt the operating system drive, BitLocker checks the computer during startup for any conditions that could represent a security risk (for example, a change to the BIOS or changes to any startup files). If a potential security risk is detected, BitLocker will lock the operating system drive and require a special BitLocker recovery key to unlock it. Make sure that you create this recovery key when you turn on BitLocker for the first time; otherwise, you could permanently lose access to your files. If your computer has the Trusted Platform Module (TPM) chip, BitLocker uses it to seal the keys that are used to unlock the encrypted operating system drive. When you start your computer, BitLocker asks the TPM for the keys to the drive and unlocks it.

If you encrypt data drives (fixed or removable), you can unlock an encrypted drive with a password or a smart card, or set the drive to automatically unlock when you log on to the computer.

You can turn off BitLocker at any time, either temporarily by suspending it, or permanently by decrypting the drive.

Note

  • The ability to encrypt drives using BitLocker Drive Encryption is only available in Windows 7 Ultimate and Enterprise editions.

    If you use a screen reader app, you won’t be able to hear BitLocker screens that appear before the Welcome screen, such as the BitLocker PIN entry screen or the BitLocker recovery screen.

Show all

To turn on BitLocker

Watch this video to learn how to turn on BitLocker (1:15)
  1. Open Bitlocker Drive Encryption by clicking the Start button Picture of the Start button, clicking Control Panel, clicking Security, and then clicking Bitlocker Drive Encryption.

  2. Click Turn On BitLocker. This opens the BitLocker setup wizard. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

  3. Follow the instructions in the wizard.

To turn off or temporarily suspend BitLocker

Watch this video to learn how to turn off BitLocker (0:55)
  1. Open Bitlocker Drive Encryption by clicking the Start button Picture of the Start button, clicking Control Panel, clicking Security, and then clicking Bitlocker Drive Encryption.

  2. Do one of the following:

    • To temporarily suspend BitLocker, click Suspend Protection, and then click Yes.

    • To turn off BitLocker and decrypt the drive, click Turn Off BitLocker, and then click Decrypt Drive.