Before I start with the steps, I was pleasantly surprised that I was easily able to get BitLocker going in a VM without doing anything goofy. Once upon a time, to get BitLocker going, we needed to use a virtual floppy to store the startup key. There is now an option to use a password instead. I haven't looked at this in a while and this is probably not a new option. I'm going to guess that Windows 8.1 at least probably had the same.
There are three nice things about a startup password for BitLocker:
- You don't need a TPM in your computer to make it work. Many computers don't have a TPM so that requirement is a deal breaker for many people.
- You don't need a USB key to startup. Before, the alternative to a TPM was a USB key with the startup key. The idea that I needed to keep a USB key with my laptop seemed inherently fragile.
- The behavior mimics what other drive encryption products do. Many other full drive encryption products require a password to startup the system. Users that are used to this process like to continue using it.
Enabling BitLocker in Windows 10
|Turn on Bitlocker|
|Select an unlock method|
|Enter the password to unlock the drive|
|Save the key to a location that is not the drive being encrypted.|
|In my VM, I printed using the built in PDF printer since the VM only had the C: drive.|
|I'm not planning to access this drive from anything but Windows 10 build 1511 or later. So, new encryption mode was good.|
|Click Continue to make it so.|
|After a reboot, enter the password to startup|
|Check encryption status with manage-bde.exe|
Testing BitLocker Recovery with a Recovery Key
|On the BitLocker startup screen press Esc to access BitLocker recovery|
|Enter the recovery key from the PDF (you printed that before you got to this point right?)|
|Once you're in you can change the password or turn off BitLocker|