How To Use BitLocker on Drives without TPM
BitLocker is an encryption feature available in Ultimate and Enterprise versions of Windows 7 and Vista, but requires a Trusted Platform Module (TPM) on the system. Not all systems include TPM and today we take a look at how to bypass it so you can use BitLocker.
Enable BitLocker
You can use BitLocker to encrypt an entire fixed drive, such as the local drive Windows is installed on or an internal data drive. For removable flash or external USB drives you can use its younger brother, BitLocker To Go. First let’s take a look at how to enable BitLocker on a local hard drive.
To encrypt an entire drive, simply right-click on the drive and select Turn on BitLocker from the context menu.
Next you’ll need to choose a secure password that will be used to access the drive.
You’re prompted to store the recovery key which is used in the event you lose your password or smartcard. If you store it as a file make sure that it’s not on the same drive that you’re encrypting.
Confirm you want the drive to be encrypted then wait until the process is complete. The amount of time it takes will vary based on the size and amount of data on the drive.
To access the encrypted drive you’ll need to enter in the password to unlock it.
The drive icon will change to show it’s encrypted with BitLocker, where the gold lock indicates it’s locked up and the gray lock is displayed after you have unlocked it.
![sshot-2009-11-03-[23-02-47]](http://www.howtogeek.com/wp-content/uploads/2009/11/sshot20091103230247.png "sshot-2009-11-03-[23-02-47]")
![sshot-2009-11-04-[00-22-51]](http://www.howtogeek.com/wp-content/uploads/2009/11/sshot20091104002251.png "sshot-2009-11-04-[00-22-51]")
Use BitLocker on a Drive Without TPM
What happens if you get this goofy error…and what is a TPM anyway? TPM stands for Trusted Platform Module which is a microchip in a computer that supports advanced security features. It’s where BitLocker stores the encryption key. If you have a drive that doesn’t have a compatible TMP then you’ll need to use the following steps and have a flash drive.
Enter in gpedit.msc in the search box of the Start menu and hit Enter.
Under Local Computer Policy navigate to Computer Configuration \ Administrative Templates \ Windows Components \ Bit Locker Drive Encryption \ Operating System Drives and double click on Require additional authentication at startup.
Enable the feature and check the box next to Allow BitLocker without a compatible TPM, click Apply and Ok, and close out of Local Group Policy Editor.
Go back to the hard drive you want to encrypt and turn on BitLocker. A restart will be required to prepare the disk, and at this point make sure the flash drive is plugged in.
![sshot-2009-11-04-[18-55-32]](http://www.howtogeek.com/wp-content/uploads/2009/11/sshot20091104185532.png "sshot-2009-11-04-[18-55-32]")
After the restart you’re prompted to use the startup key on the flash drive every time you start the computer.
![sshot-2009-11-04-[18-58-56]](http://www.howtogeek.com/wp-content/uploads/2009/11/sshot20091104185856.png "sshot-2009-11-04-[18-58-56]")
Select the drive you want to use to store the key.
![sshot-2009-11-04-[18-59-26]](http://www.howtogeek.com/wp-content/uploads/2009/11/sshot20091104185926.png "sshot-2009-11-04-[18-59-26]")
After that the process is as we showed above. This method may not be as convenient but at least you don’t have to go out and buy a new system that includes a TPM. If you don’t want to deal with this process, read about how to encrypt your driving using TrueCrypt.
Also, you might want to check out our article on using BitLocker To Go for encrypting flash drives.
Daily Email Updates
You can get our how-to articles in your inbox each day for free. Just enter your name and email below:
Awesome article Mystikgeek.
You are really just the best with all these tweaks. I was looking for this one last week. Heck you’re the only one that was able to find / provided it me. I was wondering how come I was able to bitlock my d: drive, but not my root c: due to this TPM issue. It baffled me…
Before I go ahead and encrypt my HD, have you notice a huge hit in FPS for a gaming PC?
Myself, I’m using win7 ult 64bit, Asus P5k, Q6600, 4Gigs of ram.
Thanks again for this find & sharing it.
Cheers
is there anyway to turn on and off bitlocker to go without restarting the computer? or without logging in and off?
Great article on a very useful feature. I’d be curious to see how drive performance is affected by being encrypted.
I think that TPMs are only on laptops and servers? I’ve seen workstation class motherboards come with a slot for one but never seen the actual TPM included.