Today’s tip…

Previously, BitLocker encryption has been an ‘all or nothing’.  Either a volume was completely encrypted or it was not.  Windows 8 brings us a new option, ‘Encrypt Used Disk Space Only’.  Just like it sounds, this option allows us to encrypt only the parts of the volume that are currently in use.  As files are added to the volume, they are encrypted as well.

To the end-user this means a much shorter time for BitLocker to complete the initial encryption process for new volumes.  For volumes that already have data on them, it is recommended that the ‘Encrypt entire drive’ option be used.

There is a GPO, which you can use to enable Used Space Encryption for Windows 8.

Computer Configuration\Administrative Templates\BitLocker Drive Encryption\Operating System Drive\Enforce Drive Encryption type on Operating System Drive:

  • Allow User to Choose
  • Full Encryption
  • Used Space Encryption

This GPO is also available for Fixed Data Drives and Removable Drives.

Manage-bde Command:

  • Manage-bde –protectors –on C: -rp –used