2

Here is what we usually do when getting a freshly installed windows 10:

  1. Log in with a Microsoft account (as administrator)
  2. Set a password.

If we are using Pro version, we can then use BitLocker to encrypt data.

But what if we are using home edition? A password can prevent entry into the OS, but if one could still connect the hard drive to another computer so that the files in it could be read without knowing the password, then the data were not really securely protected.

This link, however, seems to suggest that encryption will take place in any edition of windows 10, once you log in with a Microsoft account. I am referring to this part:

Sign in using a Microsoft account that has administrator rights on the device. That action removes the clear key, uploads a recovery key to the user's OneDrive account, and encrypts the data on the system drive. Note that this process happens automatically and works on any Windows 10 edition.

So, does the password set on windows 10 protect files? Could someone circumvent the password by connecting the hard drive to a different computer or installing another copy of windows? Is the situation different for windows 7? Is the situation different for C:/(system) and D:/?

Improve this question
4
  • Bitlocker is not available in Home edition. But on modern systems the "Device Encryption" may be available (that is an encryption very similar to Bitlocker) support.microsoft.com/en-us/help/4502379/…
    – Robert
    Commented Mar 30, 2020 at 15:30
  • looks like you're referring to this part: Sign in using a Microsoft account that has administrator rights on the device. That action removes the clear key, uploads a recovery key to the user's OneDrive account, and encrypts the data on the system drive. Note that this process happens automatically and works on any Windows 10 edition.
    – phuclv
    Commented Mar 30, 2020 at 16:48
  • @phuclv Yes. Could you explain that?
    – Holding Arthur
    Commented Mar 30, 2020 at 22:34
  • @HoldingArthur - If you don’t see the option then your hardware doesn’t support Device Encryption. Microsoft requires OEMs to e able Device Encryption on all supported devices in order for them to be sold with Windows 10 Home. If your unable to recover your recovery key then Device Encryption isn’t supported (or you specifically disabled it)
    – Ramhound
    Commented Mar 30, 2020 at 23:13

4 Answers 4

Reset to default
2

Can I encrypt Windows 10 Home edition?

You can use device encryption. There are some requirements:

  • Trusted Platform Module (TPM) version 2 with support for Modern Standby.
  • TPM must be enabled.
  • Unified Extensible Firmware Interface (UEFI) firmware style.

You can also run System Information and check "Device Encryption Support"

Further Reading

Improve this answer
1

But what if we are using home edition? A password can prevent entry into the OS, but if one could still connect the hard drive to another computer so that the files in it could be read without knowing the password, then the data were not really securely protected.

You can use something like Veracrypt or Device Encryption if you want to use native Windows functionality. Device Encryption has specific hardware requirements in order to use it. If you are unable to enable it then your device does NOT meet the requirements. Device Encryption is required by Microsoft to come enabled on ALL OEM hardware.

At the bottom of the System Information window, find Device Encryption Support. If the value says Meets prerequisites, then device encryption is available on your device. If it isn't available, you may be able to use standard BitLocker encryption instead.

Windows 10 Home doesn’t support EFS (Encrypted File System) which could be used to encrypt your user profile without using FDE (Full Disk Encryption).

So, does the password set on windows 10 protect files?

Anyone with physical access to your machine and Administrator access on their own machine can access your files unless a FDE (Full Disk Encryption) is used.

Could someone circumvent the password by connecting the hard drive to a different computer or installing another copy of windows?

Yes

Is the situation different for windows 7?

Yes; Windows 7 does not support BitLocker unless you are running Windows 7 Ultimate. Windows 7 doesn’t support Device Encryption.

Is the situation different for C:/(system) and D:/?

Anyone with physical access to an unencrypted partition can access that partition.

Improve this answer
0

The easiest way I've found to encrypt Windows is by encrypting the Windows partition using VeraCrypt. Install and open Veracrypt, go to System > Encrypt System Partition / Drive > encrypt partition.

What about setting a hard drive password in the BIOS?

I don't understand why Windows has hardware encryption requirements when Linux Mint can encrypt your home folder natively if you were to install that instead. All Windows versions should have a native on-the-fly software based encryption method like Linux distributions or VeraCrypt.

Improve this answer
-1

Windows 10 Home edition does not include BitLocker, but if you have access to a copy of Windows 10 Professional, you can encrypt a drive with it and then move the drive to the Windows 10 Home machine. Pain in the rear, but maybe worth the effort depending on your data.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .