Enabling Bitlocker on the Windows 11 Home Edition

First of all - thank you to everyone who is behind and who contributes to this community effort. I have started the journey. Couldn’t have begun it without you.

My problem. . . .

I have the Windows 11 Home Edition and I am trying to enable Bitlocker per the instructions provided:

Screenshot 2023-07-24 131250753×766 59.6 KB

I have checked that my device meets the requirements at 1. and 2.

I have completed 3-5, but at 6. I appear to run into some trouble.

After this command:

manage-bde c: -protectors -add -rp -tpm

I got the following result:

Key Protectors Added’ two passwords, and the following error:

ERROR: An error occurred (code 0x80310031):
This key protector cannot be added. Only one key protector of this type is allowed for this drive.

I went ahead and entered the next command anyway:

manage-bde -protectors -enable c:

and received the following:

Key protectors are enabled for volume C:.

After the final command:

manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt

Nothing appeared to happen.

Can anyone tell me what’s going on? I am sure there must be something I am not doing right.

Try:

manage-bde -protectors -delete c:

Then go ahead and try again. You may need to set some kind of pin on the tpm as well.

Disclaimer: i am no expert on windows.

I would recommend you to

1. Upgrade to windows 11 enterprise with generic key Generic Product Keys to Install or Upgrade Windows 11 Editions Tutorial | Windows 11 Forum

2. (Optional) activate using massgrave activation script (it’s on github, just search for it)

3. Use bitlocker normally

We’ll have to retest this again. At the time it was written there was no GUI way to do it, and encryption was unavailable for Home editions.

There is still no GUI way to enable encryption on Home edition without sending your recovery key to Microsoft. Windows 11 enabling encryption by default probably does mess up this guide though.

@enspIcIl you likely have to disable encryption in Settings, then follow the guide on the website (@ph00lt0’s suggestion might work as well, I’m not sure):

image750×543 63.4 KB

Thanks for your response. I am liking this option because it keeps me in the GUI where I am comfortable. But I do have two questions.

1. Does upgrading with the generic key require me to upgrade with an actual subscription at any point or mess with my current subscription in any way?

2. What’s the motivation for using massgrave?

I think you are right that I will need to disable device encryption. I did think that the error suggested this when I read ‘Only one key protector of this type is allowed for this drive’ - the implication seemed to be that device encryption was standing in the way of drive encryption. And I do have device encryption enabled.

1. You can leave it unactivated it just fine

2. It emulates HWID activation, which permanently activates windows

Hello
Point 1:
“Access [Advanced Startup Options. You need to reboot while pressing the F8 key before Windows starts and” This doesn’t work on all Laptops (for example on my HP Envy it didn’t).
I would suggest replacing it with:
Windows 11 : Settings → System → Recovery → Click on the “Restart Now” next to “Advanced Startup”
Windows 10: Settings → Recovery → Click on the “Restart Now” under the section of “Advanced Startup”

Point 2:
The guide then suggests: “manage-bde -on c: -used”
This didn’t work on my machine, until I deleted the Shadow copies of Drive C. I used a command, which I can’t recall perfectly but it was something like “manage-bde -on c: -DeleteVolumeShadowCopies”
This should be added to the guide.

Point 3:
Doesn’t this guide only apply to Drive C? Shouldn’t we add a notice to encrypt all other available drives by replacing (C) with the name of the Drive?

Point 4:
It’s not clear if the user can safely delete (BitLocker-Recovery-Key.txt) from the Desktop after copying it to an external storage.

Point 5:
Shouldn’t we add a command to check if Bitlocker is really enabled? Otherwise we can just copy my checking method using the GUI in the comment below

Point 6:
I really think we should add a command to disable Bitlocker if needed (as this method doesn’t exist anywhere online so there isn’t any guide to deactivate Bitlocker using the command line)

P.S: Thanks so much for this guide, which I couldn’t find anywhere on the internet besides Privacyguides. You guys rock

Regarding the GUI and modifying this Guide to a GUI-Based one:
I’m not sure that all Windows 11 Home editions have the GUI for Bitlocker or even normal device encryption ((I’m on the latest Windows 11 2H22). My device fulfills all requirements mentioned in the guide, I encrypted my C Drive using it but I still can’t see the option from the GUI.

Here are the requierments:

Here are the non-existent GUI options:

Here’s the proof that Bitlocker is activated (using your guide) on C Drive but not D Drive on my machine:
(System → Storage → Advanced Storage Settings → Disk & Volumes)

P.S.: Clicking on (Turn on Bitlocker) under the section of D Drive only opens this, where I can backup my encryption key for the C Drive:

I don’t wanna sound mean, but shouldn’t fixing the Bitlocker guide be a priority, as Windows is the most used Desktop OS? I mentioned many points that could be looked at and easily fixed (if the person reading knows how to correct them)

The problem is, out of the box this just works for new users. With older laptops it is all quite different system to system. So many of the fixes depend on your hardware and previous configurations.

what do you mean for new users? I have an HP Envy with Intel 8th gen. (which is not really new, but qualifies for Windows 11).
The problems I mentioned aren’t really that difficult for the guy who wrote that guide (as he’s obviously familiar with the used commands) and can quickly take a look at what’s happeneing. I could also happily help debugging, as I still need to do the same steps but for drive D (seperate HDD in my laptop)

It’s probably better to upgrade to enterprise and activate it with massgrave rather than do what is effectively a workaround that may or may not work

It’s probably not better to promote piracy instead of a regular guide just to use a function that’s not supported on a GUI.
From their website: “MAS project doesn’t accept donations and it’s free.
It’s because it’s a community project and involves many contributors, splitting donations is not practical and also because profiting from piracy is not good.”

You don’t even need to activate it, just get used to the watermark and use MAS if you don’t like it

I never said anything about profiting from piracy. and PG doesn’t financially profit from the guides either

I get your point, but if one can do something with some power-shell commands, I don’t think he needs to deal with watermarks or piracy. The guide already exists and the research is already done, it just needs to be checked again (which also takes time, but less than doing the guide for the first time).

Regarding the quote, I didn’t want to emphasize the profiting, just that even the maintainer acknowledges this as piracy (and thus we shouldn’t be promoting it). Sorry for the misunderstanding.

3 posts were split to a new topic: Best drive encryption tool for OS vs “Data” drives

Does windows 11 home now provide pre-boot authentication too in addition to usage of tpm through the command line interface. Earlier in windows 10 home bitlocker was present with limited support. Pre-boot auth would be better instead of just relying on TPM.

I understand your point, but I think the lack of ease of use when you could just search for a generic key online is just not worth it. For example, changing your encryption password is probably going to be a pain in the ass.

I’m not saying that CLI is itself hard, I really love the CLI workflow. But it can’t be denied that windows isn’t really designed for it