BitLocker To Go provides a solution to this problem, allowing you to keep your removable drives as safe as your PC hard drive.
Where Can I Use BitLocker To Go?
You can use BitLocker To Go on most types of removable storage media. This includes USB flash drives, SD and MicroSD cards, and most external hard disks. Any external storage media that uses the NTFS, FAT16, FAT32, or exFAT file system should work.
If you have partitioned an external drive, the partition you want to protect must meet certain requirements. These include being the active partition, not being encrypted by other means, and must be at least 250MB in size.
Internal hard disks and fixed data drives will need to use BitLocker, rather than BitLocker To Go. Our guide to protecting internal drives with BitLocker explains more.
How to Enable BitLocker for a Removable Drive
BitLocker To Go needs to be set up on each drive individually. Make sure the drive meets the requirements above, and connect it to your computer. Ensure it mounts correctly and is recognized by Windows. With that done, you can start setting up BitLocker To Go on the drive.
Open File Explorer > My PC to view the available connected drives. Select the removable drive you want to encrypt. You can either right-click on the drive and select Turn BitLocker on from the menu or click the Manage tab and then click BitLocker > Turn BitLocker on. Next, you need to choose how the drive can be unlocked. Select Use a password to unlock the device. If you have a smart card, you can insert it and choose that option instead. Enter and confirm your password, and then click Next. The next step is to choose how to back up your recovery key, used to gain access to the drive if you forget your password. You can save it to multiple locations. Choose how much of the drive to encrypt, and then choose the encryption mode. Compatible mode is best for removable drives. Finally, click the Start encryption button and wait for the process to finish. It won’t take long.
Drives encrypted with BitLocker will be displayed with a padlock icon when viewed in My PC. When you next insert and try to access the drive, you will be prompted to enter the BitLocker password.
How to Disable BitLocker for a Removable Drive
If you decide you no longer need the removable drive protected with BitLocker To Go, you can easily remove it again.
Insert the drive into your computer and unlock it with your BitLocker password. Right-click on the drive in File Explorer > My PC, and select Manage BitLocker from the menu. In the BitLocker manager, find the drive in the list and click Turn BitLocker off. Confirm the action when prompted.
The drive will then be decrypted and is no longer protected by BitLocker. Unless it is a very large capacity drive, the decryption process will only take a few seconds. You can also suspend or disable BitLocker on your main drive if you like.
How to Back Up Your BitLocker Recovery Key
The BitLocker recovery key is used to gain access to the drive if the password is forgotten. Keeping your recovery key safe is obviously essential. During BitLocker setup, you will be given three options for backing up your recovery key.
1. Save to Your Microsoft Account
You will need to be using Windows with a Microsoft account for this option to be available. If using a local account on your PC, you can’t save the key to a Microsoft account. Recovery keys are all stored together in a list, with the drive or device name displayed with the key for identification.
2. Save to a File
This saves the recovery key to a simple .TXT file. This is obviously not very secure unless the drive the file is stored on is protected. One way to keep the file safe is to store it on a spare USB drive. Keep this in a secure place, not plugged into your computer.
3. Print the Recovery Key
You can also print the recovery key if you have a printer connected. This is potentially the most secure recovery key backup method for most people. With the key stored on paper, there is no realistic chance of someone outside your household seeing it. Just be sure to keep it in a safe place, so you don’t lose the printout
To learn more, take a look at our guide on finding your BitLocker recovery key.
Disable BitLocker To Go With Command Prompt or PowerShell
You can use Command Prompt or PowerShell to disable BitLocker To Go on a removable drive. This can be useful if the encrypted drive is not showing up on the BitLocker management screen for some reason.
Insert the drive into your computer and unlock it with the BitLocker password. Type cmd into Windows Search and open Command Prompt as an administrator. You can’t disable BitLocker if you don’t have elevated privileges. In Command Prompt, type: manage-bde -off H:. Replace the H with the drive letter assigned to your drive. Press Return and you should see a message confirming that BitLocker has been disabled for the drive.
If you prefer, you can use PowerShell instead of Command Prompt.
In Windows Search, type powershell and then select run as an administrator from the launch options. In the PowerShell console, type: Disable-BitLocker -MountPoint “H:”. Replace the H with the letter assigned to your drive. Press Return and you should see a message telling you BitLocker has been disabled for the drive.
Protect Your Removable Drives With BitLocker To Go
BitLocker is built into Windows 10 and 11 and offers you a simple way to increase the security of your hard drives. When you also use BitLocker To Go on your removable storage, such as USB flash drives, your files are more secure even when being moved.
