Enabling Bitlocker on the Windows 11 Home Edition

First of all - thank you to everyone who is behind and who contributes to this community effort. I have started the journey. Couldn’t have begun it without you.

My problem. . . .

I have the Windows 11 Home Edition and I am trying to enable Bitlocker per the instructions provided:

I have checked that my device meets the requirements at 1. and 2.

I have completed 3-5, but at 6. I appear to run into some trouble.

After this command:

manage-bde c: -protectors -add -rp -tpm

I got the following result:

Key Protectors Added’ two passwords, and the following error:

ERROR: An error occurred (code 0x80310031):
This key protector cannot be added. Only one key protector of this type is allowed for this drive.

I went ahead and entered the next command anyway:

manage-bde -protectors -enable c:

and received the following:

Key protectors are enabled for volume C:.

After the final command:

manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt

Nothing appeared to happen.

Can anyone tell me what’s going on? I am sure there must be something I am not doing right.

Try:

manage-bde -protectors -delete c:

Then go ahead and try again. You may need to set some kind of pin on the tpm as well.

Disclaimer: i am no expert on windows.

1 Like

I would recommend you to

  1. Upgrade to windows 11 enterprise with generic key Generic Product Keys to Install or Upgrade Windows 11 Editions Tutorial | Windows 11 Forum

  2. (Optional) activate using massgrave activation script (it’s on github, just search for it)

  3. Use bitlocker normally

1 Like

We’ll have to retest this again. At the time it was written there was no GUI way to do it, and encryption was unavailable for Home editions.

There is still no GUI way to enable encryption on Home edition without sending your recovery key to Microsoft. Windows 11 enabling encryption by default probably does mess up this guide though.

@enspIcIl you likely have to disable encryption in Settings, then follow the guide on the website (@ph00lt0’s suggestion might work as well, I’m not sure):

Thanks for your response. I am liking this option because it keeps me in the GUI where I am comfortable. But I do have two questions.

  1. Does upgrading with the generic key require me to upgrade with an actual subscription at any point or mess with my current subscription in any way?

  2. What’s the motivation for using massgrave?

I think you are right that I will need to disable device encryption. I did think that the error suggested this when I read ‘Only one key protector of this type is allowed for this drive’ - the implication seemed to be that device encryption was standing in the way of drive encryption. And I do have device encryption enabled.

  1. You can leave it unactivated it just fine

  2. It emulates HWID activation, which permanently activates windows

1 Like

Hello
Point 1:
“Access [Advanced Startup Options. You need to reboot while pressing the F8 key before Windows starts and” This doesn’t work on all Laptops (for example on my HP Envy it didn’t).
I would suggest replacing it with:
Windows 11 : Settings → System → Recovery → Click on the “Restart Now” next to “Advanced Startup”
Windows 10: Settings → Recovery → Click on the “Restart Now” under the section of “Advanced Startup”

Point 2:
The guide then suggests: “manage-bde -on c: -used”
This didn’t work on my machine, until I deleted the Shadow copies of Drive C. I used a command, which I can’t recall perfectly but it was something like “manage-bde -on c: -DeleteVolumeShadowCopies”
This should be added to the guide.

Point 3:
Doesn’t this guide only apply to Drive C? Shouldn’t we add a notice to encrypt all other available drives by replacing (C) with the name of the Drive?

Point 4:
It’s not clear if the user can safely delete (BitLocker-Recovery-Key.txt) from the Desktop after copying it to an external storage.

Point 5:
Shouldn’t we add a command to check if Bitlocker is really enabled? Otherwise we can just copy my checking method using the GUI in the comment below

Point 6:
I really think we should add a command to disable Bitlocker if needed (as this method doesn’t exist anywhere online so there isn’t any guide to deactivate Bitlocker using the command line)

P.S: Thanks so much for this guide, which I couldn’t find anywhere on the internet besides Privacyguides. You guys rock :slight_smile:

Regarding the GUI and modifying this Guide to a GUI-Based one:
I’m not sure that all Windows 11 Home editions have the GUI for Bitlocker or even normal device encryption ((I’m on the latest Windows 11 2H22). My device fulfills all requirements mentioned in the guide, I encrypted my C Drive using it but I still can’t see the option from the GUI.

Here are the requierments:

Here are the non-existent GUI options:

Here’s the proof that Bitlocker is activated (using your guide) on C Drive but not D Drive on my machine:
(System → Storage → Advanced Storage Settings → Disk & Volumes)

P.S.: Clicking on (Turn on Bitlocker) under the section of D Drive only opens this, where I can backup my encryption key for the C Drive: