Using BitLocker to Encrypt Computers without TPM Hardware

It is very common for laptops to be lost or stolen. When this happens any data on the laptop could fall into the wrong hands. That is unless you have encrypted your device using BitLocker or another drive encryption technology.

If you’re not already familiar with it, BitLocker is the drive encryption technology introduced with Windows Vista and Windows Server 2008.  The latest version has increased functionality and security.  BitLocker is now available with Windows 7 Enterprise, Windows 7 Ultimate, and some editions of Windows Server 2008 R2.

By default BitLocker requires that your computer have a TPM chip built-in. This is a secure component which can securely keep your encryption key information. But what if you don’t have a TPM chip built-in to your computer?

There is a way to get around this, but it will require that you store the encryption key on a USB thumb drive and connect this drive EVERY time you boot Windows. Here’s how you can enable this work around:

  1. From the Start menu’s search or run field, type: gpedit.msc
  2. Within Computer Configuration browse to Administrative Templates >> Windows Components >> BitLocker Drive Encryption >> Operating System Drives
  3. Double click on the setting named “Require additional authentication at startup” to edit the setting.
  4. Change the state from Not Configured to Enabled, and click on the OK button
  5. After rebooting your system you will be able to enable BitLocker from the Windows Control Panel


Permanent link to this article:

Leave a Reply

Your email address will not be published.