BitLocker normally encrypts entire drives and partitions, but you can also create encrypted container files with tools built into Windows. Such encrypted VHD files can easily be moved between systems, backed up, and hidden when not in-use.
This trick allows you to create TrueCrypt-style encrypted volumes as files on your computer. Like other BitLocker features, it requires a Professional or Enterprise edition of Windows, or Ultimate for Windows 7.
Create a Virtual Hard Drive File
First, we’ll need to create a VHD (virtual hard drive) file — this may also be called a disk image. This file is stored on a physical drive, and it can be used as a virtual drive. For example, a 2 GB VHD file takes up 2 GB of space on a physical drive and appears as a separate 2 GB drive in Windows.
The Disk Management tool in Windows provides everything you need to create VHD files and work with them. To access it, press Windows Key + R to open the Run dialog, type diskmgmt.msc into it, and press Enter. On Windows 8 or 8.1, you can also right-click in the bottom-left corner of your screen or press Windows Key + X and click Disk Management.
Click Action > Create VHD in the Disk Management window to start creating a VHD file.
Enter a desired size and location for the VHD file. The file will be stored in the location you choose, and it will be as large as the size you enter here.
You should probably use the default Fixed size option, as this will save time when writing files to the encrypted VHD file and reduce possible fragmentation. If you want to enlarge the VHD file later, you can use the expand vdisk command in diskpart and then enlarge the partition on it. This will take a few minutes, but it is possible.
Your container file must be at least 64 MB in size. You can create a VHD file as small as 3 MB, but BitLocker won’t work unless it’s 64 MB or larger.
The disk image will appear as another disk in the Disk Management window — right-click it and select Initialize Disk.
Select the GPT (GUID Partition Table) option if you’re using Windows 8 or 8.1. This is a newer type of partition scheme, but it’s more resilient to corruption because it stores multiple copies of the partition table on the disk.
If you’re using Windows 7 or would like to be able to mount and access the VHD file on Windows 7 systems, select MBR (Master Boot Record) instead.
Next, create a partition on the VHD file. Right-click the Unallocated space on the drive in the Disk Management window and select New Simple Volume.
Go through the wizard to create the partition with the NTFS file system and the maximum size — you can leave the default options selected. The one option you might want to change is the Volume label option. Give your drive a meaningful name, like Encrypted VHD.
Encrypt the Disk Image With BitLocker
The VHD file you created will now appear as a new drive in File Explorer or Windows Explorer. You can right-click the new drive and select Turn on BitLocker to enable BitLocker for the drive.
Go through the usual BitLocker setup process, setting a strong password to unlock the drive and creating a backup of your recovery key in case you’ll ever need it.
Avoid selecting an unlock method that requires a TPM — such as “Automatically unlock this drive on this computer” — or you won’t be able to access the encrypted VHD file on another computer unless you provide your recovery key.
BitLocker will immediately encrypt the drive without any reboot necessary. This should be almost instantaneous if you started with an empty drive. Files you store on the drive will be encrypted and stored inside the VHD file.
Lock and Detach the Disk Image
When you’re done using the encrypted drive, you can right-click it in File Explorer or Windows Explorer and select Eject to lock the partition and eject the VHD file from your computer. This removes the virtual drive from the list of drives in My Computer and the Disk Management window, hiding it. The drive will also be locked — but not ejected — if you shut down your computer.
To access the encrypted VHD file in the future, you can open the Disk Management window and select Action > Attach VHD. Browse to the VHD file on your system, and attach it to your system.
You’ll have to unlock the encrypted drive with your password after re-attaching it or restarting your computer.
The VHD file can be stored or backed up wherever you want it. Be sure to eject the volume before copying the VHD file or backing it up. You might end up with a corrupted VHD file if you created a copy of while it’s in-use and being written. Just attach the VHD file to another Windows Professional or Enterprise system and unlock it with your BitLocker password to access your files.