Print this Post

Using BitLocker to Encrypt Computers without TPM Hardware

It is very common for laptops to be lost or stolen. When this happens any data on the laptop could fall into the wrong hands. That is unless you have encrypted your device using BitLocker or another drive encryption technology.

If you’re not already familiar with it, BitLocker is the drive encryption technology introduced with Windows Vista and Windows Server 2008.  The latest version has increased functionality and security.  BitLocker is now available with Windows 7 Enterprise, Windows 7 Ultimate, and some editions of Windows Server 2008 R2.

By default BitLocker requires that your computer have a TPM chip built-in. This is a secure component which can securely keep your encryption key information. But what if you don’t have a TPM chip built-in to your computer?

There is a way to get around this, but it will require that you store the encryption key on a USB thumb drive and connect this drive EVERY time you boot Windows. Here’s how you can enable this work around:

  1. From the Start menu’s search or run field, type: gpedit.msc
  2. Within Computer Configuration browse to Administrative Templates >> Windows Components >> BitLocker Drive Encryption >> Operating System Drives
  3. Double click on the setting named “Require additional authentication at startup” to edit the setting.
  4. Change the state from Not Configured to Enabled, and click on the OK button
  5. After rebooting your system you will be able to enable BitLocker from the Windows Control Panel


About the author

Robert Borges

About Robert...

I have been in the IT industry since 1993 focusing mainly in networking. Though I got an early start as an amateur computer enthusiast, and wrote my first database app at age 12, I started my professional career working in the MIS department of one of the largest liquor distributors in the northeast. I started out there as a systems operator on the company’s two mainframe systems. From there I moved into PC support, and help design and implement the company’s first client-server network… This was back in the days of Win NT 3.51. I also worked on my first migration to NT 4.0 back then.

From there I went on to work with Novell 3.x and 4.x along with Windows domains and active directory environments. Working my way up from technician, to specialist, to administrator, and eventually all the way up to Sr. Engineer. I spent many years working for consulting firms, 9 of which I owned and operated my own firm.
Over the years, I have worked with (at an expert level) various versions of: Windows client and server operating systems (including Windows 10 and Windows Server 2016); various virtualization technologies (Hyper-V, VMware, etc.); MS-SQL server 6.5- 2014 R2; Exchange 4-2016, and much more.

I am now vCIO at Spade Technology, Inc. focusing on Information Technology strategy including: cloud computing, IT Infrastructure & Architecture, IT Security, and Cloud Computing platforms & technologies (SaaS, PaaS, and IaaS).

Outside of my day job, I serve as president of the board of Boston User Groups, Inc., as well as IT-Pro User Group. In 2017/2018 Microsoft awarded me the Microsoft MVP (Most Valuable Professional) Award, with a focus of Microsoft Azure cloud, for my efforts in the IT community.

I am in a constant state of learning about new products, and new versions of products. Many of which we end up implementing in lab environments and sometimes for our clients. I have a very broad range of expertise and experience. It is my goal to share some of this experience on this blog to help enrich the IT community.

Permanent link to this article: https://www.robertborges.us/2012/05/windows/using-bitlocker-to-encrypt-computers-without-tpm-hardware/

Leave a Reply