Windows BitLocker has the ability to auto-unlock data drives if the system drive is also encrypted using BitLocker. Here, "Data Drives" refer to drives that are not the Boot/System Drive. So, these will be your Gaming HD, Media HD, and RAID Setup.
Below is a step-by-step guide on how to set this up if you decide to use BitLocker, with the assumption that you do not have a TPM (Trusted Platform Module). You may need a spare USB Stick, I'm not sure if Windows 7 allows systems without TPM to use BitLocker without a USB Key.
- Open Group Policy Editor (WIN+R and enter
gpedit.msc
).
- Navigate to
Computer Configuration \ Administrative Templates \ Windows Components \ Bit Locker Drive Encryption \ Operating System Drives
and double click Require additional authentication at startup
.
- Set to
Enable
and make sure "Allow BitLocker ..." in the options is checked.
- Now, open BitLocker Manager (
Control Panel\All Control Panel Items\BitLocker Drive Encryption
).
- Go through the Wizard to configure your Data Drives.
- Go through the Wizard for your System Drive (USB Key and/or Password).
- Going back to the main BitLocker Manager, you can now set each Data Drive to auto-unlock.
Note that in step 6, if using Windows 10 (and iirc 8.1), you will get the option to either specify a password, or to create a USB Key, or (later) both.
I think on Windows 7, your only option is to create a USB Key.
Note that in step 7, if Windows 7 BitLocker Manager does not provide you the option of auto-unlock, open cmd
or powershell
as administrator and type in the following command.
manage-bde -autounlock -enable $driveLetter
where $driveLetter
is the drive letter of your Data Drive (including the colon, for example D:
).
Now, on each boot, you will be required to put in the USB Key or the password. Then, the Data Drives will automatically unlock. If you ever need to access the data of the Data Drives on another computer when your current computer dies, you can use the password you set (or a USB Key, if you configured one) to unlock them. This applies to the System Drive as well, but you must mount your System Drive as a Data Drive on the other system (which also has to be running Windows).
If you use RAID, don't you have one virtual device that combine your physical devices ? Encryption should be done at this level so you do it only one. – Uriel – 2015-08-30T12:41:51.600
@Uriel in my case i have three individual drives and a separate raid. The reason i don't raid 0 the three drives is that they are all different types of drives (ssd, 2.5" hdd, 3.5" hdd). In my case i would like to keep these drives separate as im not so confident in the life span of some of those drives. As for the raid i understand i can encrypt the entire raid setup. But my question pertains to what is the best way to encrypt individual drives on a desktop. – user26409 – 2015-08-30T15:50:22.597
If you want to keep disks separate at some point, I am not sure you could have a single encrypted filesystem on top of this. You could play with encfs (see EncFSMP on Windows) and use mountpoints to your disks underneath, but that seems more a dirty hack than anything else... – Uriel – 2015-09-01T07:38:34.180
Veracrypt supports automatically opening "favorite containers". This can be a D:-SystemContainer that's automatically opened when the C:-Systwmcontainer is opened – BlueWizard – 2016-06-21T20:42:44.953