It is highly recommended to encrypt your disks and protect your data from unauthorized access. The known tool used in Windows is called BitLocker. You can use it to encrypt system and non-system partition or disk, but also any removable disks. There are two options available, the first one is to encrypt the whole disk (recommended) or only data stored on the disk.
In order to use Bitlocker, it is mandatory you are running Windows Pro, Enterprise, or Education edition. When it comes to system encryption, your machine should support the TPM 1.2 or later. Some machines don’t support TPM and we’ll need to tweak group policy related to Bitlocker.
- Hold Windows logo and press R
- Type tpm.msc and press Enter to open TPM Management. In my case, the machine doesn’t support TPM.

It’s a time to re-configure group policy by using Local Group Policy Editor.
- Hold Windows logo and press R
- Type gpedit.msc and press Enter to open Local Group Policy Editor
- Navigate to the following location: Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/Operating System Drive

- Double click on Require additional authentication at startup

- Click Apply and then OK
- Open File Explorer and then This PC
- Right click on system partition and choose Turn on BitLocker

- Wait until BitLocker finishes checking the PC’s configuration.

- Choose how to unlock your drive at startup. There are two options available, the first is unlocking the system partition by using a USB flash drive, and the second is by using a password. In our example, we will choose a password.

- Create a password to unlock this drive and click Next. Please use the best practice for defining password complexity.

- Choose where you want to save a recovery key and click Next. A recovery key is used in case you forget your password or you can’t unlock your encrypted disk. There are four options available as shown in the screenshot below. I’ll save it to a file and store it at a safe location

- Choose how much of your drive to encrypt and click Next. You can choose between encrypting used disk space only or the entire drive. For the testing purpose, I’ll go with the first option.

- Choose which encryption mode to use and click Next. There are two options available, the first one is the method used for fixed devices and the second one is used to encrypt drives that can be moved from the device.

- Run BitLocker system check by clicking on Continue.

- Restart your Windows. Once it is done, you will need to type your password to unlock your system disk and enjoy Windows.

Thank you for reading this article. In case of any questions, feel free to comment or contact me.