I don’t think I’ve ever done a “how to” tech post, but seeing as how my recent search for creating secured folders in Windows 10 came back with a bunch of bunk ranging from simply turning on the Hidden flag for a folder (hides it, but you can easily turn on the “show hidden folders” option in your file explorer) up to installing additional software (always a pain, how do you know the software designer isn’t stealing your info via a backdoor). With this in mind I figure I’d make a little how to on creating a secure, password protected and semi-hidden space on your Windows computer for keeping whatever you want: Photos, ID scans, important documents, etc. The choice is yours.
Now, take note that you can only use this method if you are running Windows 10 Pro or have access to a computer running Win10 Pro, as Win10 Home does not come with the necessary feature required for this to work.
STEP 1: CREATING A VIRTUAL HARD DRIVE (VHD)
- Press WIN+X to bring up the system menu and select ‘Disk Management’.
- On the top portion of the screen select one of your lettered hard drives (ie C: or D:).
- Select ACTION from the menu bar and then ‘Create VHD’.
- Hit the BROWSE button, go to the location you want to store the VHD, then type in the name of the VHD in the FILE NAME section and hit SAVE.
- In the VIRTUAL HARD DISK SIZE enter a value and size type for the hard drive (ie: 10 and GB for 10 gigabytes, 10 and MB for 10 megabytes, etc.); Select the VIRTUAL HARD DISK FORMAT. The choice is up to you, but the standard VHD format is sufficient and can be used for drives sized up to 2048 GB; Select the VIRTUAL HARD DISK TYPE. If you want to store documents like important financial information, deeds, ID scans, etc. then choose the FIXED type. This type will create a file equal to the size you chose in the previous step. So if you choose to create a 10GB VHD a 10GB file will be created. I recommend DYAMICALLY EXPANDING if you are going to be storing a lot of really big files such as images or video. This type will create a smaller initial file size that will grow over time until it hits its max limit. So if you create a 10GB VHD but you only have 1GB of data stored the file size will be 1GB. As you add more files the base VHD will grow until it his 10GB, at which point you will be told the drive is full.
- After all the choices have been made and set press OK to create the VHD file. This should also attach the VHD and it should show up in the lower part of the window as a Disk number, Unknown. You should also see the disk size along with UNALLOCATED.
- Click on the Disk (it should have a red arrow or x on it) to select it, then right click and select INITIALIZE DISK.
- In the next window make sure you have GPT selected then press OK. This action will return you to the Disk Management window.
- Right click on the area representing the disk space (it will have a bunch of angled likes through it) and select NEW SIMPLE VOLUME.
- Press NEXT; assign the full amount of space to the volume and press NEXT; keep ASSIGN THE FOLLOWING DRIVE LETTER and select a drive letter if you want a specific one then press NEXT; keep FORMAT THIS VOLUME WITH THE FOLLOWING SETTINGS (File system: NTFS, Allocation size unit: Default, Perform a quick format), if you want to give the drive a special name then enter that name into the VOLUME LABEL, then press NEXT; press FINISH.
- You should now see the drive attached to your computer as the drive letter you selected in the Disk Management window. If you open your file explorer you should also see the disk attached and it acts just like a portable USB drive!
STEP 2: ENCRYPT WITH BITLOCKER
This next section is where Windows 10 pro is required!!
- In file explorer right click on the drive you just created (while it is attached) and select TURN ON BITLOCKER.
- On the next screen select USE A PASSWORD TO UNLOCK THIS DRIVE, then enter and re-enter the password you want to use, hit NEXT; The next screen is HOW DO YOU WANT TO BACK UP YOUR RECOVERY KEY. The recovery key can be used to unlock the encrypted drive in the event that you do not remember your password. I typically chose SAVE TO A FILE, since most people have no clue what the recovery key even does or what one looks like if they were looking for it, but you can use whatever method you want. After you pick your method and go through the appropriate steps select NEXT; I recommend the ENCRYPT USED DISK SPACE ONLY method. You can choose to encrypt the entire disk, but depending on the size drive you created you could be sitting there for a long time while all the empty space gets encrypted; on the next step select COMPATIBLE MODE, which is the mode best used for removeable drives; select START ENCRYPTING.
- If the drive is empty it should finish up in a cool minute and you will notice a small lock icon next to the drive in your file explorer!
To use the drive properly copy the files you want into your new encrypted VHD and, when you are all done with it, right click on the drive and select EJECT. The drive will ‘eject’ and disappear.
To get the drive back simply find the VHD file you created, right click on it and select MOUNT. You may get an error saying there was a problem mounting the drive, but ignore it, then click on the drive in your file explorer to see the password entry dialog. Enter your password and the drive will unlock and be accessible just like any other drive!
If you wanted to you could set the hidden flag on the VHD file by right clicking on it, going to PROPERTIES and selecting HIDDEN. This will hide it from prying eyes, and it can be revealed by selecting VIEW in your file explorer tool bar, then select HIDDEN ITEMS in the show/hide section.
Because this file is encrypted if anyone were to copy it, say, to a USB stick or portable hard drive they would be presented with the password entry dialog when they tried to mount it as a disk. No password, no entry. Even if they could mount it without the password or encryption key all files will appear as simply garbage. They may know something important is in there, but they will be unable to reach it.
If, for some reason, you forget the password, after mounting the drive and trying to unlock it, along with the password entry box the password entry dialog contains a section marked MORE OPTIONS. Select it, then select ENTER RECOVERY KEY. Remember that file you saved? Open it up (its just a text file) and copy then paste the recovery key text into the recovery key box in the dialog, then click UNLOCK to unlock the drive. You can then right click on the drive and select CHANGE BITLOCKER PASSWORD, then RESET A FORGOTTEN PASSWORD to enter a new password that you will hopefully remember. Otherwise you can use this same dialog to simply change the password, though you will need to enter the old password along with the new one.
If you do not have Windows 10 Pro but have access to a machine that does you can still follow all of these steps to create a VHD file then copy it to a Windows 10 Home computer. Win10 Home cannot create bitlocker encrypted drives but it can still unlock them when one is mounted. Just make sure you copy the VHD to a portable drive ALONG WITH THE RECOVERY KEY, then put the recovery key into a safe place.
The only real downside is that if someone deletes the VHD file then you will lose everything inside. Sure, if they move it to the recycle bin you can probably recover it, and even if they “permanently delete” it you might be able to recover it with some strong undelete software, but if they put the file, the ONE file, through a file shredder then everything in it is lost. That being said it’s still not a bad idea to have some offsite backup like Carbonite or even an occasional copy to your cloud storage to keep the file safe. Ideally no one should even know the file is there and people who are not computer savvy will have no clue what a VHD even is.
Hope this was helpful to someone out there. It might take quite a few steps, but it is a free, fairly simple and very effective method for keeping files you want secure secured.