Using BitLocker to Encrypt Computers without TPM Hardware
It is very common for laptops to be lost or stolen. When this happens any data on the laptop could fall into the wrong hands. That is unless you have encrypted your device using BitLocker or another drive encryption technology.
If you’re not already familiar with it, BitLocker is the drive encryption technology introduced with Windows Vista and Windows Server 2008. The latest version has increased functionality and security. BitLocker is now available with Windows 7 Enterprise, Windows 7 Ultimate, and some editions of Windows Server 2008 R2.
By default BitLocker requires that your computer have a TPM chip built-in. This is a secure component which can securely keep your encryption key information. But what if you don’t have a TPM chip built-in to your computer?
There is a way to get around this, but it will require that you store the encryption key on a USB thumb drive and connect this drive EVERY time you boot Windows. Here’s how you can enable this work around:
- From the Start menu’s search or run field, type: gpedit.msc
- Within Computer Configuration browse to Administrative Templates >> Windows Components >> BitLocker Drive Encryption >> Operating System Drives
- Double click on the setting named “Require additional authentication at startup” to edit the setting.
- Change the state from Not Configured to Enabled, and click on the OK button
- After rebooting your system you will be able to enable BitLocker from the Windows Control Panel
Related
Robert Borges
About Robert...
I have been in the IT industry since 1993 focusing mainly on networking. Though I got an early start as an amateur computer enthusiast and wrote my first database app at age 12, I started my professional career working in the MIS department of one of the largest liquor distributors in the northeast. I started out there as a systems operator on the company’s two mainframe systems. From there I moved into PC support, and help design and implement the company’s first client-server network… This was back in the days of Win NT 3.51 when I worked on my first migration to Windows NT 4.0 server.
From there I went on to work with Novell 3.x and 4.x along with Windows domains and Microsft's brand new Active Directory. Working my way up from technician to specialist, to an administrator, and eventually all the way up to Sr. Engineer. I spent many years working for MSPs/consulting firms, 9 of which I owned and operated my own firm.
Over the years, I have worked with (at an expert level) various versions of Windows client and server operating systems (including Windows 11 and Windows Server 2019); various virtualization technologies (Hyper-V, VMware, etc.); MS-SQL server 6.5- 2014 R2; Exchange 4-2019, and much more. Over the years I have built a lot of experience around the Microsoft Azure and Microsoft 365 cloud environments.
I am now CTO at Infused Innovations where our team is focusing on helping clients build a Secure Intelligent Workplace through InfoSec (Zero Trusts Framework), Modern Workplace, and Business Intelligence.
I have been heavily involved in the IT user group community, including serving as president of the board of Boston User Groups, Inc., and president of IT-Pro User Group. In 2017/2018 Microsoft awarded me the Microsoft MVP (Most Valuable Professional) Award, with a focus of Microsoft Azure cloud, for my efforts in the IT community.
I am in a constant state of learning about new products, and new versions of products. Many of which we end up implementing in lab environments and sometimes for our clients. I have a very broad range of expertise and experience. It is my goal to share some of this experience on this blog to help enrich the IT community.
Permanent link to this article: https://www.robertborges.us/2012/05/windows/using-bitlocker-to-encrypt-computers-without-tpm-hardware/
