Encrypt the Windows drive with DiskCryptor

Network administration - Encrypting documents helps keep your information secure if your computer is lost or stolen. However, it should not stop at just encrypting sensitive documents because thieves can completely recover passwords and other sensitive information saved by Windows. Even if you password-protect your Windows account, your system files can still be accessed easily, such as using a Linux LiveCD.

To see how easy it is to recover passwords from Windows, you can experiment with free utilities from NirSoft. Here you will find many utilities to recover passwords for email clients (Outlook, Thunderbird, etc.), dial-up connections (VPN and Internet connections), network shares, network keys. wireless. NirSoft also provides tools for viewing passwords saved by AutoComplete in a web browser as well as revealing passwords stored under asterisks.

When encrypting your entire Windows drive, users must enter the password at boot before the drive is opened and Windows is loaded. Thus the privacy of the entire system drive will be secured if the computer is lost or stolen. No one can access personal documents, passwords or system files unless they have your encrypted password.

However, there is a problem with encrypting the entire system drive, since most encryption utilities require you to format the drive and start from scratch. This is a very difficult issue if you want to encrypt a computer that is already in use and is even more troublesome when setting up a new system. However, DiskCryptor is a tool that allows you to encrypt your entire Windows drive, allowing you to easily protect your entire system drive, keeping Windows and all files.

In this tutorial, we will show you how to prepare and encrypt a Windows Vista or Windows 7 computer using DiskCryptor. Encrypting most systems is simple, but you may encounter problems with multi-boot systems loaded with GRUB or rEFIt. When you have a problem you will not be able to boot into Windows afterwards, so we want to provide you with both recovery steps.

Create a boot disk for Windows Vista or Windows 7 with DiskCryptor

Before encrypting your Windows drive, you should create a Windows boot disk that comes loaded with DiskCryptor software. In this way, Windows will not boot after encrypting the drive or if future booting may fail, you will not lose everything. You can boot with your boot disk and access DiskCryptor's utilities, mount or decrypt the drive through the command line utility.

In this article, I will show you how to integrate DiskCryptor into a Windows Vista or Windows 7 installation DVD. If you are working on a Windows XP-based computer or an earlier version, you can refer to the instructions. available on DiskCryptor's website here. When you have completed this integration process, you can insert your regular installation disc into the CD drive, restart your computer, and access DiskCryptor from the command prompt.

What is needed here is an original Windows Vista or Windows 7 installation disc, a blank DVD, a computer with Windows Vista or Windows 7 installed and a DVD burner. In addition, you also need to download and install the Windows Automated Installation Kit (WAIK) for Windows 7, which also works with Windows Vista SP1 or later versions. Also download and install DiskCryptor before continuing.

After you have installed WAIK and DiskCryptor, follow the steps below in Windows Vista or Windows 7 to create your own installation or recovery disc:

1. Create a new folder:: C: WinSetupDVD . Then copy all the files of the Windows Vista or Windows 7 installation disc to this folder.
2. Create another new folder: C: WinSetupDVD-Servicing .
3. Open Command Prompt: click Start , type cmd , and press Enter .
4. Attach the boot image to Windows using the following command:

"C: Program FilesWindows AIKToolsx86ServicingDism.exe" / Mount-Wim /WimFile:C:WinSetupDVDsourcesboot.wim / index: 2 / MountDir: C: WinSetupDVD-Servicing

5. Move to the DiskCryptor folder with the command:

cd C: Program Filesdcrypt

6. Copy some DiskCryptor files into the mounted image with two commands:

dcapi.dll, dccon.exe, dcrypt.exe → C: WinSetupDVD-ServicingProgram Filesdcrypt
dc_fsf.sys, dcrypt.sys → C: WinSetupDVD-ServicingWindowsSystem32drivers

7. To open the Command Prompt window.

Next, we need to change the registry of the Windows Vista or Windows 7 installation DVD:

1. Open Registry Editor: click Start , type regedit and press Enter .
2. Click HKEY_LOCAL_MACHINE.
3. Click File > Load Hive , then open the file below: C: WinSetupDVD-ServicingWindowsSystem32configSYSTEM .
4. When prompted to enter a name, enter WinSetupDVD .
5. To open the Registry Editor.

Now you have to create a registry file to make changes. Open Notepad: click Start > All Programs > Accessories > Notepad . Copy and paste the following code into Notepad, then save with the file name WinSetupDVD.reg :

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINEWinSetupDVDControlSet001Servicesdcrypt]
"Type" = dword: 00000001
"Start" = dword: 00000000
"ErrorControl" = dword: 00000003
"ImagePath" = hex (2): 73.00,79.00,73.00,74.00,65,00,6d, 00,33.00,32,00,5c, 00,64.00,
72.00,69,00,76,00,65,00,72,00,73,00,5c, 00,64,00,63,00,72,00,79.00,70,00,74,
00,2e, 00,73,00,79,00,73,00,00,00
"Group" = "Filter"
[HKEY_LOCAL_MACHINEWinSetupDVDControlSet001Servicesdcryptconfig]
"Flags" = dword: 00000082
"Hotkeys" = hex: 00.00.00.00.00.00.00.00.00.00.00,00.00,00,00,00
"sysBuild" = dword: 00000000
[HKEY_LOCAL_MACHINEWinSetupDVDControlSet001Servicesdc_fsf]
"Type" = dword: 00000002
"Start" = dword: 00000000
"ErrorControl" = dword: 00000003
"ImagePath" = hex (2): 73.00,79.00,73.00,74.00,65,00,6d, 00,33.00,32,00,5c, 00,64.00,
72.00,69,00,76,00,65,00,72,00,73,00,5c, 00,64,00,63,00,5f, 00,66,00,73,00,66,
00,2e, 00,73,00,79,00,73,00,00,00
"Group" = "Filter"
[HKEY_LOCAL_MACHINEWinSetupDVDControlSet001ControlClass {4D36E965-E325-11CE-BFC1-08002BE10318}]
"UpperFilters" = hex (7): 64.00,63.00,72,00,79.00,70,00,74,00,00,00,00,00
[HKEY_LOCAL_MACHINEWinSetupDVDControlSet001ControlClass {71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"LowerFilters" = hex (7): 64.00,63.00,72,00,79.00,70,00,74,00,00,66,00,76,00,65,
00,76,00,6f, 00,6c, 00,00,00,00,00

Double click on the WinSetupDVD.reg file file . On the command prompt, click Yes to continue.

Go back to Registry Editor, click WinSetupDVD , click File> Unload Hive . , then close the Registry Editor.

Go back to the Command Prompt window and commit the changes as well as unmount the image:

C: Program Files Windows AIKToolsx86ServicingDism.exe "/ Unmount-Wim / MountDir: C: WinSetupDVD-Servicing / commit

You can now create an installation image file for Windows Vista or Windows 7:

"C: Program FilesWindows AIKToolsx86oscdimg.exe" -n -m -bC: WinSetupDVDbootetfsboot.com "C: WinSetupDVD" "C: WinSetupDVD-custom.iso"

Finally, write the WinSetupDVD-custom.iso image file to a blank DVD and keep it in a safe place when you have a problem after disk encryption.

Encrypt system drive

After you have the recovery disk in hand, you can encrypt the system drive. Open the DiskCryptor application, select the system drive (usually C :) and click Encrypt .

Follow the prompts to configure the settings. You should keep the boot and encryption settings in the default state. When creating a password, create a complex password as much as possible. In general, the password must be long, there are many capital letters, lowercase and lowercase letters, etc. Depending on the size of the drive, the encryption may be fast or slow.

When the encryption process is complete, the status of the drive in DiskCryptor will be mounted .

When restarting the computer, you will see a prompt asking for the password to enter and then Windows will boot as usual.

Encrypt and decode system drives

If Windows cannot boot after encryption, use the newly created Windows disk and follow these steps:

1. Insert the disc and restart the computer from DVD.
2. On the first Windows installation screen, select the language, time, keyboard settings, and then click Next .
3. At the bottom of the window, click the Repair your computer link .
4. When the system searches and finds a Windows installation, you will see the recovery menu. Click to open the Command Prompt .
5. Switch to the DiskCryptor folder.

cd x: Program Filesdcrypt

6. Mount the system drive:

dccon -mount C: -p yourencryptionpassword

7. Decrypt the system drive:

dccon -decrypt C: -p yourencryptionpassword

8. Waiting for the drive decoding process to end.
9. Remove boot kit:

dccon –boot –delmbr C:

1. Reinstall MBR for Windows:

bootsect.exe / nt60 ALL / mbr

Now the system will boot into Windows normally like an unencrypted drive.