System Drive
# Enable on C: drive (edit to taste)
Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -TPMProtector
# Add a recovery password
Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector
Get-BitLockerVolume C:
# View the recovery key
# Copy the output to a safe place (encrypted storage or a password safe)
(Get-BitLockerVolume C:).KeyProtector
After enabling BitLocker Encryption on C: you will probably need to reboot to kick off the encryption of the C: Drive

How long will it take?
I have 431GB of data on a 1TB SSD and encryption has been going for an hour and it currently is 68.5% complete. So 1 or 2 hours should see it complete encryption and turn to "Protection Status On". 7:24AM to 9:14AM = 1 hour, 50 minutes to encrypt 431GB of data

There are BitLocker icons in your icon tray that will allow you to see the progress as above

Data Drive
Note: If you enable BitLocker on your Data Drives before encryption is Protection Status is "On" on the System Drive you will have to unlock the volume with the Recovery Key or Password to use it. It might be best to fully encrypt the system drive (c:) and then enable the Data Drive BitLocker
Enable-BitLocker -MountPoint "D:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -RecoveryPasswordProtector
WARNING: ACTIONS REQUIRED:
1. Save this numerical recovery password in a secure location away from your computer:
XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX
To prevent data loss, save this password immediately. This password helps ensure that you can unlock the encrypted
volume.
# If you want a password also
Add-BitLockerKeyProtector -MountPoint "D:" -PasswordProtector
# password cannot be viewed so save it somewhere safe
# View the recovery key
(Get-BitLockerVolume D:).KeyProtector
# This will not work until the System Drive is encrypted i.e. C: Drive "Protection Status On"
Enable-BitLockerAutoUnlock D:

0 Comments