I like BitLocker Drive Encryption in Windows since it is relatively easy to set up. However, I ran into a snag the other night when trying to set up BitLocker on one of my customer’s computers. The problem? No TPM chipset is on the motherboard. According to , no TPM is required. Instead, just use a USB flash drive to store the encryption key. But the standard documentation fails to inform you that you need to enable a very specific setting in the local policy editor. For that, you need to look at the advancedMicrosoft’s own documentation

What you need:

  • A Windows 7 Ultimate, Windows 7 Enterprise, or Windows 8 Pro computer.
  • A USB flash drive

Now that you have what you need to get started, here is the process for enabling BitLocker without TPM:

  1. Open the Local Group Policy Editor from the Run box (Press Windows+R) by and execute "gpedit.msc".

image
2. Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Bitlocker Drive Encryption > Operating System Drives. Double-click "Require additional authentication at startup".

image
3. Enable the option and click Apply, but do not close the window. In the Options area, check the box next to "Allow Bitlocker without a compatible TPM".

image

Plug in a USB flash drive to the computer and allow Windows to assign it a drive letter, then open the Control Panel and launch the BitLocker Drive Encryption applet. You will now be able to proceed with the BitLocker setup for the C: drive. Just make sure to save the encryption key to the USB flash drive.

From now on, in order to use the PC, you need to have the USB flash drive plugged into the computer to boot it into Windows. Once Windows has booted up, you can remove the flash drive from the PC and store it in a safe place. That’s it!

Additional Resources:

Windows.com: Hardware Requirements for BitLocker Drive Encryption

  • Joe