Setting up Full Disk Encryption on Windows using TrueCrypt

This section explains the steps involved in encrypting the system partition or entire drive using TrueCrypt. It is assumed that TrueCrypt is installed. The process is relatively simple and there are options for recovery if the process fails. However, you should still make sure that all important data on the drive is backed up elsewhere before starting. The process may take several hours, depending on the system specs, with user intervention required for about the first 20 minutes.

  1. Run TrueCrypt, and click System , then Encrypt System Partition/Drive.
FullDisk1

2. On the next screen you choose whether to encrypt just the Windows system partition or the whole drive. Most laptops have only one partition on the drive anyway, but if you have more than one partition and wish to encrypt all of them, choose the second option.

FullDisk2

3. On the next screen, select single-boot or multi-boot as appropriate.

FullDisk3

4. On the next screen you can choose which encryption algorithm and hash algorithm. All of these options offer strong encryption. Click Next to accept the default settings.

FullDisk4

5. Choose a password for the TrueCrypt volume.

FullDisk5

6. On the next screen, move your mouse around the window randomly before clicking Format . This provides random information to help generate the encryption keys.

FullDisk6

7. Click Next.

FullDisk7

8. TrueCrypt requires that a Rescue Disk (CD or DVD) is created. You will not be able to continue without doing this. TrueCrypt creates a disk image in the path chosen in the next screen.

FullDisk8

9. A link is provided to download software that will burn the image file to disk if you do not already have appropriate software on your computer.

FullDisk9

10. When the disk is burned and verified you should see the screen below.

FullDisk10

11. The next screen prompts you to choose a "wipe mode". If you do no already have sensitive data on the drive, choose None . If you do have sensitive data on the drive, and wish to ensure all traces are removed, choose another option. 3-pass is normally sufficient.

FullDisk11

12. Click Test on the next screen to continue. The pretest involves a reboot of your computer. Immediately after rebooting you will be presented with a black screen and prompted to enter your password.

FullDisk12

13. Assuming the pretest completes, you will be able to encrypt the drive. This may take several hours, during which no user intervention is required.

FullDisk13

14. If necessary you can interrupt the process by clicking Defer , and operate the computer normally with the drive partially encrypted, before resuming at a later time.

FullDisk14

15. The following dialog box should appear at the end of the process. Your partition or drive should now be fully encrypted, and you will be required to enter your password every time the computer boots, before Windows starts to load.

FullDisk15

Page last modified on 05 jul 13 14:29