BitLocker is an encryption feature available in Ultimate and Enterprise versions of Windows 7 and Vista, but requires a Trusted Platform Module (TPM) on the system. Not all systems include TPM and today we take a look at how to bypass it so you can use BitLocker.
You can use BitLocker to encrypt an entire fixed drive, such as the local drive Windows is installed on or an internal data drive. For removable flash or external USB drives you can use its younger brother, BitLocker To Go. First let’s take a look at how to enable BitLocker on a local hard drive.
To encrypt an entire drive, simply right-click on the drive and select Turn on BitLocker from the context menu.
Next you’ll need to choose a secure password that will be used to access the drive.
You’re prompted to store the recovery key which is used in the event you lose your password or smartcard. If you store it as a file make sure that it’s not on the same drive that you’re encrypting.
Confirm you want the drive to be encrypted then wait until the process is complete. The amount of time it takes will vary based on the size and amount of data on the drive.
To access the encrypted drive you’ll need to enter in the password to unlock it.
The drive icon will change to show it’s encrypted with BitLocker, where the gold lock indicates it’s locked up and the gray lock is displayed after you have unlocked it.
Use BitLocker on a Drive Without TPM
What happens if you get this goofy error…and what is a TPM anyway? TPM stands for Trusted Platform Module which is a microchip in a computer that supports advanced security features. It’s where BitLocker stores the encryption key. If you have a drive that doesn’t have a compatible TMP then you’ll need to use the following steps and have a flash drive.
Enter in gpedit.msc in the search box of the Start menu and hit Enter.
Under Local Computer Policy navigate to Computer Configuration \ Administrative Templates \ Windows Components \ Bit Locker Drive Encryption \ Operating System Drives and double click on Require additional authentication at startup.
Enable the feature and check the box next to Allow BitLocker without a compatible TPM, click Apply and Ok, and close out of Local Group Policy Editor.
Go back to the hard drive you want to encrypt and turn on BitLocker. A restart will be required to prepare the disk, and at this point make sure the flash drive is plugged in.
After the restart you’re prompted to use the startup key on the flash drive every time you start the computer.
Select the drive you want to use to store the key.
After that the process is as we showed above. This method may not be as convenient but at least you don’t have to go out and buy a new system that includes a TPM. If you don’t want to deal with this process, read about how to encrypt your driving using TrueCrypt.
Also, you might want to check out our article on using BitLocker To Go for encrypting flash drives.
- Published 11/9/09