Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

How to Enable or Disable BitLocker with TPM in Windows

Summary: Windows BitLocker has become a solution for Users to secure their data. The following is how to enable and disable BitLocker using the standard methods. This article does not discussSee more

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content


Symptoms

Table of Contents:

  1. Enabling the TPM
  2. Enabling BitLocker in the operating system
  3. Checking BitLocker status (Manage BitLocker Console)
  4. Checking BitLocker Status (Command Line)
  5. Suspending BitLocker
  6. Disabling BitLocker
  7. BitLocker Encryption Videos

Enabling and Disabling BitLocker in Windows 7, Windows 8, Windows 10 and Windows 11

Windows BitLocker has become a solution for Users to secure their data. The following is how to enable and disable BitLocker using the standard methods.

This article does not discuss the utilization of a USB as a TPM replacement and does not discuss Group Policy changes for advanced features. Domain level Group Policy changes and network-managed BitLocker setups are Best Effort and are out of the scope of support. Supported configurations are limited to single computers and locally managed BitLocker setups.

NOTE: Systems with Skylake chipsets need a specific setup in order for BitLocker to work correctly. If a Skylake computer is prompting for the recovery key even with the following settings, ENSURE that the BIOS is up to date as this was fixed after release.
 
  • All Operating Systems that are configured in Legacy Boot Mode must use TPM 1.2. It is recommended the BIOS also be updated to the latest revision.
  • All Operating Systems that are configured in UEFI Boot Mode can use either TPM 1.2, or TPM 2.0. It is recommended the BIOS also be updated to the latest revision.
  • If a Windows 7 computer is configured for UEFI Boot Mode, this patch must be applied in order to use TPM 2.0: Microsoft TPM 2.0 Patch  SLN302845_en_US__1iC_External_Link_BD_v1
  • Exceptions to this are the Latitude 5175 and Latitude 7275, both of which only have TPM 2.0 and cannot downgrade to 1.2.
 
NOTE: For full, up-to-date requirements, see Microsoft's BitLocker requirements here: https://technet.microsoft.com/en-us/library/dd835565(WS.10).aspx  SLN302845_en_US__1iC_External_Link_BD_v1
 

 


1. Enabling the TPM

NOTE: Ensure that the TPM is Activated or Enabled after switching it on, if the option is present. Switching the TPM on will not automatically enable it to communicate with the operating system. Enabling the TPM is necessary for the operating system to take ownership of the TPM chip to store encryption keys.
  1. Turn the computer on.
  2. As the computer performs POST, press the hotkey (usually F2 or Delete) to enter the BIOS.
  3. Once in the BIOS, locate the section that configures Security.
  4. In the Security section, locate the TPM option.
  5. Select the TPM 2.0/1.2 section on the left.

    SLN302845_en_US__3Enable Bitlocker TPM 1  

  6. Check the TPM box on the right to turn on the TPM.
  7. After switching the TPM on, select the option to Activate or Enable the TPM

    SLN302845_en_US__4Enable Bitlocker TPM 2  

  8. After the TPM has been activated and enabled, click Save changes and Exit the BIOS.


Back to Top


2. Enabling BitLocker in the operating system

  1. Turn the computer on.
  2. Sign into the operating system as normal.
  3. Get to the BitLocker management section in one of the following ways:

     

    Windows 7

    1. Start Menu path.
      1. Click the Windows Start Menu button.
      2. In the search box, type "Manage BitLocker."
      3. Press Enter or click the Manage BitLocker icon in the list. 
    2. Control Panel path
      1. Click the Windows Start Menu button.
      2. Click Control Panel.
      3. Click System and Security.
      4. Click any option under BitLocker Drive Encryption. 
    3. Hard drive path
      1. Open Computer or My Computer
        • Alternatively, click the File Explorer icon and select your computer.
      2. Select the Encryption:\ (or Windows computer) drive.
      3. Right-click the drive that you highlighted.
      4. Click Turn on BitLocker
        Note: This will skip the initial BitLocker screen.


    Windows 8

    1. App Screen path
      1. Click the Windows Start Menu button.
      2. Open the search box, type "Manage BitLocker."
      3. Press Enter or click the Manage BitLocker icon in the list.
    2. Control Panel path
      1. Click the Windows Start Menu button.
      2. Open the search box, type Control Panel.
      3. Click System and Security or search BitLocker in the Control Panel window.
      4. Click any option under BitLocker Drive Encryption.
    3. Hard drive path
      1. Open Computer or My Computer
        • Alternatively, click the File Explorer icon and select your computer.
      2. Select the C:\ (or Windows computer) drive.
      3. Right-click the drive that you highlighted.
      4. Click Turn on BitLocker
        Note: This will skip the initial BitLocker screen.


    Windows 10 and Windows 11

    1. Start Menu path.
      1. Click the Windows Start Menu button.
      2. In the search box, type "Manage BitLocker."
      3. Press Enter or click the Manage BitLocker icon in the list.
    2. Control Panel path
      1. Right-Click on the Windows Start Menu button.
      2. Click Control Panel.
      3. Click System and Security.
      4. Click any option under BitLocker Drive Encryption.
    3. Settings path
      1. Click the Windows Start Menu button.
      2. Click the Settings icon.
      3. In the search box, type "Manage BitLocker."
      4. Press Enter or click the Manage BitLocker icon in the list.
    4. Hard drive path
      1. Open Computer or My Computer
      2. Select the C:\ (or Windows computer) drive.
      3. Right-click the drive that you highlighted.
      4. Click Turn on BitLocker
        Note: This will skip the initial BitLocker screen.

     

  4. In the BitLocker Management screen, click Turn on BitLocker.

    SLN302845_en_US__5Enable Bitlocker TPM 3

  5. BitLocker will go through a short initialization process.

    SLN302845_en_US__6Enable Bitlocker TPM 4

  6. Choose one of three options for saving the recovery key.

    SLN302845_en_US__7Enable Bitlocker TPM 5

    Caution: This key must be saved in a safe location. If access to the drive is ever needed, this is the recovery key that will be used to access the drive. If the key is lost, there is no option for recovering data from a locked drive and the operating system must be reinstalled. This key is unique for each computer and will only work on the computer that it was created for.

    SLN302845_en_US__8Enable Bitlocker TPM 6

  7. After saving the password/key file, click Next.
  8. Select one of the volume encryption options.
    1. Encrypt entire hard drive.
      • This will encrypt all space on the hard drive regardless of whether it is used. This takes longer to process the encryption.
    2. Encrypt on used space.
      • This will only encrypt space on the hard drive as it is filled with data, and leave free space unencrypted. This is preferred for basic encryption as it is faster.
         

        SLN302845_en_US__9Enable Bitlocker TPM 7

  9. After selecting encryption option, click Next.
  10. Choose the type of encryption to use if you get the encryption type selection.
     
    • New mode is the preferred method of encryption for new computers.
       

      SLN302845_en_US__10Enable Bitlocker TPM 8

  11. Click Next
  12. Check that the box labeled "Run BitLocker system check."

    SLN302845_en_US__11Enable Bitlocker TPM 9

  13. Click Continue
  14. Restart the computer after verifying settings to begin the encryption.
     
    NOTE: Encryption can take anywhere from 20 minutes to a couple hours depending on the amount of data that has been encrypted, the speed of the computer, and whether the process is interrupted by the computer being powered off or going to sleep. The BitLocker encryption will not start until the computer is restarted. If work must be completed, it is safe to complete work and save it before restarting.

    SLN302845_en_US__12Enable Bitlocker TPM 10

 


Back to Top


3. Checking BitLocker status (Manage BitLocker Console)

  1. Open the Manage BitLocker console with one of the methods previously described.
  2. View the status that is reported in the console.
     
    • If encrypting, the status will show that BitLocker is encrypting.
    • If encrypted, the status will show that BitLocker is on and show a lock icon.

      SLN302845_en_US__13Enable Bitlocker TPM 10b

 

Back to Top


4. Checking BitLocker Status (Command Line)

  1. Open a command prompt window.
  2. Click the Windows Start button, type "cmd" and press Enter.
  3. Press and hold the Windows button on the keyboard and R, type "cmd" and press Enter.
  4. Right-click Command Prompt and select "Run as Administrator."
  5. In command prompt, type "manage-bde -status" and press Enter.
  6. View the status of BitLocker on the drives in the computer.

    SLN302845_en_US__14Enable Bitlocker TPM 11

 

Back to Top


5. Suspending BitLocker

Note: Suspending BitLocker temporarily may be required for certain computer maintenance and updates. When updating the BIOS, ALWAYS suspend BitLocker prior to running the update. If BitLocker is active during the update, all stored keys on the TPM will be LOST.

 

  1. Start the computer.
  2. Boot into the Windows operating system.
  3. Open the Manage BitLocker windows with one of the above methods.
  4. Click Suspend Protection for the wanted drive.

    SLN302845_en_US__15Enable Bitlocker TPM 12

  5. Review the warning prompt and click Yes to suspend BitLocker.

    SLN302845_en_US__16Enable Bitlocker TPM 13

  6. Return to the Manage BitLocker window to Resume Protection.

    SLN302845_en_US__17Enable Bitlocker TPM 14

 

Back to Top


6. Disabling BitLocker

NOTE: Decryption can take anywhere from 20 minutes to a couple of hours depending on the amount of data that has been encrypted, the speed of the computer, and whether the process is interrupted by the computer being powered off or going to sleep. Progress can be checked at any time using one of the previous methods for checking BitLocker status.
  1. Start the computer.
  2. Boot into the Windows operating system
  3. Open the Manage BitLocker windows with one of the above methods.
  4. Click Turn off BitLocker.

    SLN302845_en_US__18Enable Bitlocker TPM 15

  5. Confirm the decision to turn off BitLocker.

    SLN302845_en_US__19Enable Bitlocker TPM 16

  6. Allow the computer to decrypt.
     
  Back to Top

7. BitLocker Encryption Videos

Encrypt Your Drive With BitLocker

 

Resolve BitLocker Recovery Key Prompts

 

  Back to Top

Cause

  No cause associated.

Resolution

SLN302845_en_US__20Windows
More information and support for your Windows operating systems can be found on our Windows Support webpage.

Out of Warranty support Out of warranty? No problem. Browse to the Dell.com/support website and enter your Dell Service Tag and view our offers.

NOTE: Offers are only available for US, Canada, UK, France, Germany, China, and Japan personal computer customers. Server and Storage not applicable.

Article Properties


Affected Product

Dell Encryption

Last Published Date

05 Oct 2021

Version

8

Article Type

Solution