How to implement bitlocker on top of windows 11 pro
The reason why I am doing this is, I don’t trust official laptop. I love to do my work in a more secure environment. So I thought why not setting up a windows vm and encrypt it with bitlocker.
Procedures:
- Setting up windows 11 pro vm.
- Enable UEFI/Secure boot.
- Configure group policy.
- Setting up bitlocker there.
Setting up windows 11 pro vm is very easy, lots of YouTube videos are available. Please see and ready your platform.
Enable secure boot and TPM.
Group Policy (GPO) Configure:
Windows + R > gpedit.msc > Enter >
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
Look at right side “Require Additional Authentication at Startup”, double click there:
- Enabled it.
- Uncheck the option “Allow BitLocker without a compatible TPM”
- Once done open command prompt and type gpupdate /force
Now open bitlocker feature and click on Turn on BitLocker.
It will now ask you to set a PIN. Set a PIN. Remember without setting up gpo, PIN setup will not ask.
We have three options. I choose the 3rd one. You cannot save the file in a file that you are encrypting.
I saved it on the Downloads folder. Later I will move it to another secure place.
Now click on Next.
I choose the first one.
It will take time based on how much your drive is used….
Now reboot your system.
It will ask you the PIN that you had setup some while ago at the time of setting up bitlocker.
We all know windows password (including vm) can be cracked when physically available to your opponent. Applying bitlocker is a more secure way to use your system. Now your opponent will face difficulty when try to access your system.
Thanks. I hope you like this write up. Please subscribe below and share with your network.
LinkedIn:
https://www.linkedin.com/in/md-mahimbin-firoj-7b8a5a113/
YouTube:
