Bitlocker is an encrypting file system that was designed in part to protect the boot process in Windows. Bitlocker also protects personal files. If a machine is reset, personal files are not recoverable but the machine can be put to use as a new machine.
Bitlocker shipped with Windows Vista Business and ultimate. More recent versions of Windows have made some changes to deal with security issues discovered since Vista was released. or example, Windows 10 changed the encryption which is not backwards compatible to support new FIPS requirements.
Generally Bitlocker is used on the main Windows disk. It can be used n additional internal disks if present.
Bitlocker can also be used with removable devices like USB sticks. Key management is needed with encrypted USB sticks which is at its best with Windows 10 and above using a Microsoft account..
TRUSTED PLATFORM MODULE
Bitlocker works best if the machine has a Trusted Platform Module (TPM) built-in. Bitlocker requires TPM 1.2 or above. Bitlocker can also use your Microsoft account with Windows 10 and above..
Windows 10 also introduces the use a PIN to logon to Windows using your Microsoft account credentials. This PIN can integrate with Bitlocker and the TPM to make it easier to secure a system. TPM+PIN makes the boot process very secure.
Our old Lenovo T500 has a TPM 1.2 hardware and our HP Stream 7 has a TPM 2.0 hardware. Some gaming motherboards have headers that can have a TPM added however some modern motherboards now have them built-in..
TO USE BITLOCKER
Before using Bitlocker, be sure to clear the TPM in the BIOS before enabling it. This way ownership etc can be enabled. With Windows 10 and above your Microsoft account handles the recovery key safely.
To enable Bitlocker, simply open My Computer, right click on the hard disk and select Turn on Bitlocker. Windows will reboot to begin the process.
To disable Bitlocker,imply open My Computer, right click on the hard disk and select Turn off Bitlocker. Windows will decrypt the disk..