How to Enable BitLocker Without a Trusted Platform Module (TPM) in Windows
BitLocker commonly needs a security chip called Trusted Platform Module, popularly known as TPM on your PC’s motherboard. This chip generates and stores the encryption key that you use for decrypting the file. It can automatically unlock your PC’s drive when it boots so you can sign in just by typing your Windows login password. Try to enable BitLocker on a PC without a TPM, and you’ll be told your administrator must set a system policy option.
However, you can easily bypass this restriction of the chip and continue with the encryption process through Group Policy Editor.
BitLocker is available only on Professional, Enterprise, and Education editions of Windows. It’s also included with Windows 7 Ultimate, but isn’t available on any Home editions of Windows.
But before you head towards the steps ensure that your PC is not joined to a domain. This process works perfectly when you do it for your own computer.
If you’re just doing this on your own PC and it isn’t joined to a domain, you can use the Local Group Policy Editor to change the setting for your own PC.
To open the Local Group Policy Editor, press Windows + R keys on your keyboard, type gpedit.msc into the Run dialog box, and press Enter key.
Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives in the left pane.
Double-click the “Require additional authentication at startup” option in the right pane.
Select “Enabled” at the top of the window, and ensure the “Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)” checkbox is enabled here.
Click “OK” button to save your changes. You can now close the Group Policy Editor window. Your change takes effect immediately—you don’t even need to reboot.
Setup BitLocker Without TPM
You can now enable, configure, and use BitLocker normally.
To do so, navigate Control Panel > BitLocker Drive Encryption > Turn on BitLocker for the drive you want.
You’ll first be asked how you want to unlock your drive when your PC boots up. If your PC had a TPM, you could have the computer automatically unlock the drive or use a short PIN that requires the TPM present.
Because you don’t have a TPM, you must choose to either enter a password each time your PC boots, or provide a USB flash drive. If you provide a USB flash drive here, you’ll need that flash drive connected to your PC each time you boot up your PC to access the files.
Continue through the BitLocker setup process to enable BitLocker drive encryption, save a recovery key, and encrypt your drive. The rest of the process is the same as the normal BitLocker setup process.
When your PC boots, you’ll have to either enter the password or insert the USB flash drive you provided. If you can’t provide the password or USB drive, BitLocker won’t be able to decrypt your drive and you won’t be able to boot into your Windows system and access your files.
How to Know If Your PC Has a TPM
1. Type tpm.msc into Run dialog box or Start Menu and press Enter to launch TPM Management snap-in console. If your PC does not have TPM, then console shows that Compatible cannot be found message.
2. If the device has a TPM, you can see its manufacturer’s name, version, status and so on.
Hopefully, after following the above series of steps you can pretty much easily Allow BitLocker Without a Compatible TPM in Windows.
Did you find this tutorial helpful? Don’t forget to share your views with us.