How to Encrypt a Windows System Drive With VeraCrypt

Held in high regard by many, VeraCrypt is a free and open-source file encryption program. Users can take advantage of VeraCrypt’s advanced security features to protect important files.

People normally use VeraCrypt to create encrypted file containers within a drive. But you can also encrypt entire partitions and drives using it. Windows users in particular can encrypt their system drives and partitions. Here’s how you can secure your Windows system by using VeraCrypt.

Encrypting a Windows Storage Drive or Partition With VeraCrypt

VeraCrypt users commonly protect their files inside an encrypted file container. But VeraCrypt can also be used to create other types of encrypted volumes.

Windows users can use VeraCrypt to encrypt their entire system drive. They can also partition their hard drive, then encrypt a partition with VeraCrypt. With system encryption, users will need to enter the correct password before opening Windows.

This option is only available for Windows users as an alternative to BitLocker, Windows’ file encryption program. This is especially important if you use a Home version of Windows, since BitLocker is only available for Windows Pro and Enterprise users. Linux users can instead encrypt their drives using LUKS. And macOS users can use the FileVault to encrypt their system drives.

To do this, start by clicking Create Volume in VeraCrypt’s main window. This will take you to the VeraCrypt Volume Creation Wizard. Click the Encrypt the system partition or entire system drive option, then click Next.

VeraCrypt Volume Creation Wizard window prompting to select type of system drive encryption

The wizard will prompt you to select a type of encryption for your system drive. Users have the between creating a normal or hidden drive or partition.

Choose your preferred encryption type and click Next.

VeraCrypt Volume Creation Wizard window prompting to select an area to encrypt on a system drive

The next step is choosing an area to encrypt. You can choose between encrypting the Windows system partition or the entire drive. Encrypting the whole drive has the advantage of protecting all its partitions.

Choose your preferred area to encrypt and click Next.

VeraCrypt Volume Creation Wizard with a caution prompt

If you choose to encrypt the whole drive, VeraCrypt may warn you that a non-standard partition exists on your internal hard drive. Only click Yes if you are sure that your drive does not have any recovery partitions. Recovery partitions could be rendered incapable if encrypted.

VeraCrypt Volume Creation Wizard prompting to select number of operating systems present on the computer

VeraCrypt will also account for drives running two or more operating systems. If you’re dual-booting Linux or another OS, then select the Multi-boot option. If not, then stay on the Single-boot option and click Next.

VeraCrypt Volume Creation Wizard prompting to select encryption options

On the Encryption Options screen, you can choose an Encryption Algorithm and Hash Algorithm. These algorithms determine how VeraCrypt will encrypt your volume. When you’re done choosing or are fine with the default options, click Next.

VeraCrypt Volume Creation Wizard prompting to create file container password

Choose a strong password for your drive or partition and enter it in the Password box, and again in the Confirm box.

VeraCrypt Volume Creation Wizard prompting to input PIM number

You can also set a Personal Iterations Multiplier (PIM) number for your Windows drive. A PIM controls the number of times your password is hashed before VeraCrypt can use it to decrypt the system drive. This step is optional. You can leave the Volume PIM value blank or set it to 0 to use the default PIM value. Once you’ve set a PIM number, click Next.

VeraCrypt Volume Creation Wizard in the process of collecting random data for encryption strength

The wizard will begin collecting random data. This random data increases the cryptographic strength of your drive’s encryption keys. Move your mouse around the window randomly until VeraCrypt has collected enough randomness. Once this is done, click Next.

Windows User Account Control prompt for VeraCrypt

A User Account Control pop-up may ask you to allow VeraCrypt to make changes to your device. Click Yes.

VeraCrypt Volume Creation Wizard with a prompt to create a rescue disk

Once VeraCrypt has generated the encryption keys, you will need to create a rescue disk. Having a rescue disk for an encrypted system drive is essential. You can use it if the VeraCrypt Boot Loader, Windows, or any other critical data gets damaged.

VeraCrypt will create a rescue disk as an ISO file. Select the location for your rescue disk file, then click Next.

VeraCrypt Volume Creation Wizard prompting to use a CD, DVD, or USB to store a rescue disk

VeraCrypt will prompt you if you do not have a CD/DVD burner on your system. Once your rescue disk is created, you need to burn it to a CD/DVD drive. Since CDs and DVDs are hard to come by these days, you can also flash the ISO file to a USB drive. You also have the option to store it externally for later flashing or burning.

In any case, make sure that the rescue disk is outside your system once it’s created. Also, note that every VeraCrypt rescue disk is unique to its encrypted drive. Select the appropriate option for your use case to continue.

VeraCrypt Volume Creation Wizard prompting to select a wipe mode for unencrypted data

The wizard will prompt you to select a mode of wiping any unencrypted data left on the system. You should at least select 1 pass (random data) if you have any deleted or overwritten files. Once you have selected the appropriate wipe mode, click Next.

VeraCrypt Volume Creation Wizard prompting to pretest an encrypted drive

VeraCrypt will run a pretest before encrypting your drive. Restart your computer to begin the pretest.

VeraCrypt Boot Loader screen

Upon restart, your computer will go through the VeraCrypt Boot Loader. You will have to type your password on the boot loader to decrypt your system and open Windows. You will also need to input your encrypted drive’s PIM number if you set one earlier.

VeraCrypt Volume Creation Wizard window notifying that a pretest is completed

Once you’ve opened your Windows desktop, VeraCrypt will notify you that the pretest is finished. Click Encrypt to begin encrypting your Windows drive or partition.

VeraCrypt Volume Creation Wizard system drive encryption

Depending on your drive or partition size, the encryption process can take some time. If you need to use your Windows PC in the meantime, you can pause or defer the encryption process by clicking Defer.

VeraCrypt Volume Creation Wizard pop-up notifying that the system drive encryption was successful

Once VeraCrypt completes the process, your Windows system drive or partition will be encrypted. You will have to go through the VeraCrypt Boot Loader every time your start up your computer. You can rest easier knowing that strong encryption is protecting your desktop.

How to Remove VeraCrypt Encryption From a Windows Drive or Partition

VeraCrypt main window with Permanently Decrypt option highlighted

If you need to remove VeraCrypt’s encryption from your Windows drive or partition, click Volumes on VeraCrypt’s main window. Next, click Permanently Decrypt.

VeraCrypt permanent decryption caution pop-up

VeraCrypt will prompt you twice to make sure that you really want to decrypt your drive/partition. Click Yes on both pop-ups to begin the permanent decryption process.

VeraCrypt-Volume-Creation-Wizard system drive decryption

Like system encryption, permanent Windows system decryption will take some time. You can click Defer if you need to use your PC during decryption.

VeraCrypt Volume Creation Wizard pop-up notifying that the system drive decryption was successful

Once VeraCrypt finishes decrypting your drive, restart your computer. This will finally remove encryption from your system drive or partition.

Why Should You Encrypt Their Drives With VeraCrypt Instead of BitLocker?

VeraCrypt serves as a strong alternative to Windows’ BitLocker program. Bitlocker is proprietary software owned by Microsoft. It’s only available on Pro and Enterprise versions of Windows. While BitLocker is effective and convenient, it only supports the AES algorithm for encryption.

Meanwhile, VeraCrypt is free and open-source. It supports many encryption ciphers besides AES. VeraCrypt is also available to all versions of Windows, macOS, and Linux. The program also has many advanced features to ensure that your files secure.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *