With the release of the Windows 7 operating system, many users were faced with the fact that a somewhat incomprehensible BitLocker service appeared in it. What BitLocker is, many can only guess. Let's try to clarify the situation with specific examples. Along the way, we will consider questions regarding how appropriate it is to activate this component or disable it completely.
BitLocker: what is BitLocker, why is this service needed
If you look at it, BitLocker is a universal and fully automated tool for storing data stored on a hard drive. What is BitLocker on a hard drive? Yes, just a service that protects files and folders without user intervention by encrypting them and creating a special text key that provides access to documents.
When a user works in the system under his own account, he may not even realize that the data is encrypted, because the information is displayed in readable form, and access to files and folders is not blocked. In other words, such a protection tool is designed only for those situations when a computer terminal is accessed, for example, when attempting to interfere from the outside (Internet attack).
Passwords and cryptography issues
However, if we talk about what BitLocker is in Windows 7 or systems of a higher rank, it is worth noting the unpleasant fact that if they lose their login password, many users not only cannot log into the system, but also perform some browsing actions documents previously available for copying, moving, etc.
But that's not all. If you look at the question of what BitLocker Windows 8 or 10 is, then there are no significant differences, except that they have more advanced cryptography technology. The problem here is clearly different. The fact is that the service itself is capable of operating in two modes, storing decryption keys either on a hard drive or on a removable USB drive.
This suggests the simplest conclusion: if the key is saved on the hard drive, the user gets access to all the information stored on it without problems. But when the key is saved on a flash drive, the problem is much more serious. In principle, you can see an encrypted disk or partition, but you can’t read the information.
In addition, if we talk about what BitLocker is in Windows 10 or earlier systems, we cannot help but note the fact that the service is integrated into any type of right-click context menu, which is simply annoying for many users. But let’s not get ahead of ourselves, but consider all the main aspects related to the operation of this component and the advisability of its use or deactivation.
Method of encrypting disks and removable media
The strangest thing is that on different systems and their modifications, the BitLocker service can be in both active and passive mode by default. In the "seven" it is enabled by default; in the eighth and tenth versions, manual activation is sometimes required.
As for encryption, nothing particularly new has been invented here. As a rule, the same public key-based AES technology is used, which is most often used in corporate networks. Therefore, if your computer terminal with the appropriate operating system on board is connected to the local network, you can be sure that the applicable security and data protection policy implies the activation of this service. Without administrator rights (even if you start changing settings as an administrator), you will not be able to change anything.
Enable BitLocker if the service is disabled
Before addressing the issue related to BitLocker (how to disable the service, how to remove its commands from the context menu), let’s look at enabling and configuring, especially since the deactivation steps will need to be done in reverse order.
Enabling encryption in the simplest way is done from the “Control Panel” by selecting the section. This method is applicable only if the key should not be saved to removable media.
If the locked device is a non-removable drive, you will have to find the answer to another question about the BitLocker service: how to disable this component on a flash drive? This is done quite simply.
Provided that the key is located on removable media, to decrypt disks and disk partitions, you first need to insert it into the appropriate port (connector), and then go to the security system section of the Control Panel. After that, we find the BitLocker encryption item, and then look at the drives and media on which the protection is installed. At the very bottom you will see a hyperlink to disable encryption, which you need to click on. If the key is recognized, the decryption process is activated. All that remains is to wait for its completion.
Problems configuring ransomware components
As for the setup, you can’t do without a headache. Firstly, the system offers to reserve at least 1.5 GB for your needs. Secondly, you need to adjust the permissions of the NTFS file system, reduce the volume size, etc. To avoid doing such things, it is better to immediately disable this component, because most users simply do not need it. Even all those who have this service enabled in their default settings also do not always know what to do with it, or whether it is needed at all. But in vain. You can use it to protect data on your local computer even if you don’t have anti-virus software.
BitLocker: how to disable. First stage
Again, use the previously specified item in the “Control Panel”. Depending on the system modification, the names of the service disabling fields may change. The selected drive may have a line to suspend protection or a direct indication to disable BitLocker.
That's not the point. Here it is worth paying attention to the fact that you will need to completely disable the boot files of the computer system. Otherwise, the decryption process may take quite a long time.
Context menu
This is just one side of the BitLocker coin. What BitLocker is is probably already clear. But the flip side is to isolate additional menus from the presence of links to this service in them.
To do this, let's look again at BitLocker. How to remove all links to a service? Elementary! In Explorer, when you select the desired file or folder, use the service section and edit the corresponding context menu, go to the settings, then use the command settings and organize them.
After this, in the registry editor, enter the HKCR branch, where we find the ROOTDirectoryShell section, expand it and delete the desired element by pressing the Del key or the delete command from the right-click menu. Actually, that's the last thing about the BitLocker component. How to disable it, I think, is already clear. But don't delude yourself. All the same, this service will work (just in case), whether you want it or not.
Instead of an afterword
It remains to add that this is not all that can be said about the BitLocker encryption system component. What is BitLocker, figured out how to disable it and delete menu commands too. The question is: should you disable BitLocker? Here we can give only one piece of advice: in a corporate local network, you should not deactivate this component at all. But if it's a home computer terminal, why not?
Many users with the release of the Windows 7 operating system were faced with the fact that an incomprehensible BitLocker service appeared in it. Many people can only guess what BitLocker is. Let's clarify the situation with specific examples. We will also consider questions that relate to whether it is advisable to activate this component or disable it completely.
BitLocker Service: What is it for?
If you look carefully, you can conclude that BitLocker is a fully automated, universal means of encrypting data stored on your hard drive. What is BitLocker on a hard drive? This is a regular service that, without user intervention, allows you to protect folders and files by encrypting them and creating a special text key that provides access to documents. At the moment when the user works under his account, he does not even realize that the data is encrypted. All information is displayed in a readable form and access to folders and files is not blocked for the user. In other words, such a security measure is designed only for those situations in which unauthorized access to the computer terminal is achieved due to an attempt to intervene from the outside.
Cryptography and password issues
If we talk about what BitLocker is like in Windows 7 or in higher-ranking systems, it is necessary to note this unpleasant fact: if they lose their login password, many users will not only be able to log into the system, but also perform some actions to view documents that were previously available for moving, copying, and so on. But the problems don't end there. If you properly understand the question of what BitLocker Windows 8 and 10 is, then there are no significant differences. The only thing that can be noted is more advanced cryptography technology. The problem here is different. The thing is that the service itself is capable of operating in two modes, storing decryption keys either on the hard drive or on a removable USB drive. This suggests a completely logical conclusion: the user, if he has a saved key on the hard drive, without any problems gets access to all the information that is stored on it. When the key is stored on a flash drive, the problem is much more serious. In principle, you can see an encrypted disk or partition, but you won’t be able to read the information. In addition, if we talk about what BitLocker is in Windows 10 and systems of earlier versions, it is necessary to note the fact that the service is integrated into context menus of any type, which are called by right-clicking the mouse. This is simply annoying for many users. Let’s not get ahead of ourselves and consider all the main aspects that are related to the operation of this component, as well as the advisability of its deactivation and use.
Method of encrypting removable media and disks
The strangest thing is that on various systems and their modifications, by default the Windows 10 BitLocker service can be in either active or passive mode. In Windows 7 it is enabled by default, in Windows 8 and Windows 10 it sometimes requires manual activation. As for encryption, nothing new has been invented here. Typically, the same public key-based AES technology is used, which is most often used in corporate networks. Therefore, if your computer terminal with the appropriate operating system is connected to the local network, you can be completely sure that the security and information protection policy used involves the activation of this service. Even if you have administrator rights, you will not be able to change anything.
Enabling the Windows 10 BitLocker service if it has been deactivated
Before you begin to resolve the issue related to BitLocker Windows 10, you need to consider the process of enabling and configuring it. The deactivation steps will need to be carried out in reverse order. Enabling encryption in the simplest way is done from the “Control Panel” by selecting the disk encryption section. This method can only be used if the key should not be saved to removable media. If the non-removable media is locked, then you will have to look for another question about the Windows 10 BitLocker service: how to disable this component? This is done quite simply. Provided that the key is on removable media, to decrypt disks and disk partitions you need to insert it into the appropriate port, and then go to the security system section of the Control Panel. After this, we find the BitLocker encryption item, and then consider the media and drives on which the protection is installed. Below there will be a hyperlink designed to disable encryption. You need to click on it. If the key is recognized, the decryption process will be activated. All you have to do is wait for it to complete.
Configuring ransomware components: problems
As for the setup issue, it won’t be without a headache. First of all, it is worth noting that the system offers to reserve at least 1.5 GB for your needs. Secondly, you need to adjust the permissions of the NTFS file system, for example, reduce the volume size. In order to do such things, you should immediately disable this component, since most users do not need it. Even those who have this service enabled by default in their settings do not always know what to do with it, or whether it is needed at all. And in vain... On a local computer, you can protect data with its help even in the complete absence of anti-virus software.
How to disable BitLocker: getting started
First of all, you need to use the previously specified item in the “Control Panel”. The names of the service disabling fields may change depending on the system modification. The selected drive can be set to pause protection or indicate to disable the BitLocker service. But that's not the point. Particular attention should be paid to the fact that it is necessary to completely disable updating the BIOS and system boot files. Otherwise, the decryption process may take quite a long time.
Context menu
This is one side of the BitLocker coin. What this service is should already be clear. The flip side is to isolate additional menus from containing links to a given service. To do this, you need to take another look at BitLocker. How to remove all links to a service from the context menu? Yes, it’s very simple... When you select the desired file in Explorer, use the service and editing section of the context menu, go to the settings, and after that use the command settings and organize them. Next, you need to specify the value of “Control Panel” and find the one you need in the list of corresponding panel elements and commands and delete it. Then in the registry editor you need to go to the HKCR branch and find the ROOT Directory Shell section, expand it and delete the desired element by pressing the Del key or using the delete command from the right-click menu. That's the last thing about BitLocker. How to disable it should already be clear to you. But don’t delude yourself ahead of time. This service will still be running in the background whether you want it to or not.
Conclusion
It should be added that this is not all that can be said about the BitLocker encryption system component. We have already figured out what BitLocker is. You also learned how to disable and remove menu commands. The question is: is it worth disabling BitLocker? Here we can give one piece of advice: in a corporate network you should not deactivate this component at all. But if we are talking about a home computer terminal, then why not.
Bitlocker is an encryption program that first appeared in Windows 7. It can be used to encrypt hard drive volumes (even the system partition), USB and MicroSD flash drives. But it often happens that the user simply forgets the password to access encrypted Bitlocker data. Read how to unlock information on encrypted media within the framework of this article.
How to enable Bitlocker
The program itself suggests ways to decrypt data at the stage of creating the lock:
- Prepare the drive that you want to encrypt. Right-click on it and select “Enable Bitlocker”.
- Select an encryption method.
Typically, a password is set to unlock. If you have a USB smart card reader with a regular ISO 7816 chip, you can use it to unlock. 
For encryption, options are available separately, or both at once. - In the next step, the Disk Encryption Wizard offers options for archiving the recovery key. There are three in total:
- When you have chosen the option to save the recovery key, select the part of the drive that you want to decrypt.
- Before data encryption begins, a window will appear notifying you about the process. Click "Start Encryption".
- Wait some time until the procedure is completed.
- The drive is now encrypted and will ask for a password (or smart card) upon initial connection.
Important! You can choose the encryption method. Bitlocker supports 128 and 256 bit XTS AES and AES-CBC encryption.
Changing the drive encryption method
In the Local Group Policy Editor (not supported on Windows 10 Home), you can select the encryption method for data drives. The default is XTS AES 128 bit for non-removable drives and AES-CBC 128 bit for removable hard drives and flash drives.
To change the encryption method:
After changes to the policy, Bitlocker will be able to password protect the new media with the selected parameters.
How to disable Bitlocker
The locking process provides two ways to further gain access to the contents of the drive: password and binding to a smart card. If you forgot your password or lost access to your smart card (or rather, did not use it at all), all you have to do is use the recovery key. When password-protecting a flash drive, it must be created, so you can find it:
- Printed on a sheet of paper. Perhaps you placed it with important documents.
- In a text document (or on a USB flash drive if the system partition was encrypted). Insert the USB flash drive into your computer and follow the instructions. If the key is saved to a text file, read it on an unencrypted device.
- In your Microsoft account. Log in to your profile on the website in the “Bitlocker Recovery Keys” section.
Once you have found the recovery key:
- Right-click on the locked drive and select "Unlock Drive".
- A Bitlocker password entry window will appear in the upper right corner of the screen. Click on "Advanced options".
- Select Enter Recovery Key.
- Copy or rewrite the 48-digit key and click "Unlock".
- After this, the data on the media will become available for reading.
Encrypt the hard drive, allow access to it only with a password or a USB drive with a startup key, and block access in the event of any attempt at external influence. All this, and in the case of encrypting external media, you need to contact. We've sorted it out. But what to do if you forgot your password? What to do if you have lost the USB drive with the startup key? What should you do if you need to change the boot environment of your computer, which will make it impossible (for security reasons) to read from the hard drive? Or, to boil it all down, how do you restore BitLocker?
BitLocker Recovery Mode
In cases where:
- The boot environment has been changed, in particular one of the Windows boot files has been changed.
- Disabled or deleted.
- Booted without providing a TPM, PIN, or USB key containing the startup key.
- A volume with the Windows operating system is connected to another computer.
Then the computer goes into BitLocker recovery mode. In such cases, you will need to remember the moment when you encrypted the hard drive. While setting up encryption, there was a window that provided the option to save the BitLocker recovery key in different ways: to a file, print it, and so on. The recovery key is written simply in a .txt file, from where you can easily read and enter this key into the BitLocker recovery window. If you enter the correct recovery key, the computer will boot in normal mode.
The listed actions apply to the case of losing the access key to the hard drive. If you need to change the boot environment, change anything in the BIOS, you can from the window BitLocker Drive Encryption In Windows, temporarily disable BitLocker. And after upgrading the boot environment, enable it again. It's quite simple.
In the case of encrypted removable media, you will be asked to enter the recovery key directly in the Explorer window, immediately after you indicate that you forgot or lost the access key. Therefore, I would like to say: store your recovery keys carefully!
manage-bde.exe utility
We took a look at BitLocker technology, discussed its capabilities, and looked at how to manage it. This method is quite simple - using the Explorer interface. Today in the studio there is another way to manage BitLocker - the manage-bde.exe utility, with which we will finish our acquaintance with BitLocker technology.
I hope you guessed that the new method will not be similar to the previous one. And I gave a hint that the difference is in the interface. So I think you guessed what manage-bde.exe is a command line utility.
Manage-BDE.exe Commands
Using the various parameters that I will give below, you can configure BitLocker to work the way you want. The functionality of this utility is identical to the functionality of Explorer for working with BitLocker. Let's get to know him.
manage-bde.exe -status
Displays BitLocker status.
manage-bde.exe -on
Encrypts the volume and enables BitLocker.
manage-bde.exe -off
Decrypts the volume and disables BitLocker.
manage-bde.exe -pause/-resume
Pauses or resumes encryption or decryption.
manage-bde.exe -lock
Denies access to data encrypted with BitLocker.
manage-bde.exe -unlock
Allows access to data encrypted with BitLocker.
manage-bde.exe -setidentifier
Configures the volume ID.
manage-bde.exe -changepin
Changes the PIN code.
manage-bde.exe -changepassword
Changes the password.
manage-bde.exe -changekey
Changes the volume startup key.
All these commands must be executed in a command prompt window opened with administrator rights. If you need any additional help on any command, type this command
manage-bde.exe /?
Upon this request you will receive complete help on this command with the specified parameters, as well as several examples of work. That's all, use BitLocker technology to your health and don't forget that you may have to restore BitLocker.